On Thursday 10 November 2011 17:45:18 Steve Fatula wrote:
> This check says that the RFC requires a fully qualified hostname
> for HELO. Most internet searches show this to be a "safe" check
> that shouldn't really kill any real mail. Lately, noticed no ebay
> mail was coming through, looked through the logs and see entires
> like:
>
> Nov 9 20:30:58 host2 postfix/smtpd[16167]: NOQUEUE: reject: RCPT
> from mxpool19.ebay.com[66.135.197.25]: 504 5.5.2 <mx88>: Helo
> command rejected: need fully-qualified hostname;
> from=<e...@ebay.com> to=<m...@hiddendomain.com> proto=ESMTP
> helo=<mx88>
>
>
> mx88 is of course not a FQDN. So, it was correctly rejected per the
> setting. Obviously, I can try and whitelist all the ebay servers,
> but, it's a slight pain. Could be a moving target, etc. This would
> allow me to keep the setting, but....
>
> Since this did block mail from a rather well known common mailer, I
> am starting to wonder how safe this check really is. Perhaps it's
> not so safe. Yes, that is a configuration error on ebays part,
> but, I don't think you really want to block ebay mail.
This is news to me, as I often sing the praises of
reject_non_fqdn_helo_hostname as both safe and effective. I have
received ebay mail in the past, so this must be a recent SNAFU on
their part.
> Are you finding this is not as safe a check as it should be, since
> presumably the RFC requires it, still, people make mistakes? Is it
The way they will take notice of their mistake is when most of the
junk they send out bounces! You are NOT alone in rejecting these, I
can assure you.
> really of much use these days anyway for blocking spam?
Several times I have looked and seen that it takes out ~25% of all
connections. Of course nowadays most of those are failing against
postscreen, so the HELO rejections are rare for me now.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
