On 2011-11-11 00:45, Steve Fatula wrote:
This check says that the RFC requires a fully qualified hostname for
HELO. Most internet searches show this to be a "safe" check that
shouldn't really kill any real mail. Lately, noticed no ebay mail was
coming through, looked through the logs and see entires like:
Nov 9 20:30:58 host2 postfix/smtpd[16167]: NOQUEUE: reject: RCPT from
mxpool19.ebay.com[66.135.197.25]: 504 5.5.2 <mx88>: Helo command
rejected: need fully-qualified hostname; from=<e...@ebay.com>
to=<m...@hiddendomain.com> proto=ESMTP helo=<mx88>
mx88 is of course not a FQDN. So, it was correctly rejected per the
setting. Obviously, I can try and whitelist all the ebay servers, but,
it's a slight pain. Could be a moving target, etc. This would allow me
to keep the setting, but....
Since this did block mail from a rather well known common mailer, I am
starting to wonder how safe this check really is. Perhaps it's not so
safe. Yes, that is a configuration error on ebays part, but, I don't
think you really want to block ebay mail.
Are you finding this is not as safe a check as it should be, since
presumably the RFC requires it, still, people make mistakes? Is it
really of much use these days anyway for blocking spam?
I have seen it too, on bulk mailer software (as ebay's probably is), but
my logs from the past 6 weeks do not contain a single reject from this
rule, so usefulness is debatable (or YMMV).
If you want to use it but exclude a known whitelist of domains from the
check, use a client access check in your smtpd_helo_restrictions - and
move the helo checks there, too:
smtpd_helo_restrictions = reject_invalid_helo_hostname,
check_client_access hash:/etc/postfix/helo_whitelist,
reject_non_fqdn_helo_hostname
And in /etc/postfix/helo_whitelist:
.ebay.com OK
Don't forget to postmap that file.
--
J.
