Using pcre with check_helo_access

Fri, 30 May 2014 11:27:12 -0700 

Hi,

I'm using postfix-2.10.3 on fedora20 and I don't understand how to use
pcre. I've read the pcre man page, but it doesn't explain how it applies to
using it with check_helo_access and a pcre table.

For a regular postmap hash, I would do the following for a host without a
valid forward DNS entry (and the complementing reverse):

host.example.com                OK
192.168.0.1                          OK

For pcre, I wanted to be sure the following would be acceptable:

/^host\.example\.com$/          OK
/192.168.0.1/                         OK

It's both the left and right side I don't understand. The check_helo_access
section of postconf(5) seems to use "OK" and "REJECT" in the same way as
other tables, but doesn't specifically define their usage.

For compleness, here is my smtpd_recipient_restrictions:

smtpd_recipient_restrictions =
        reject_non_fqdn_recipient,
        check_client_access hash:/etc/postfix/client_checks_special,
        check_sender_access hash:/etc/postfix/sender_checks_special,
        reject_non_fqdn_sender,
        reject_unlisted_recipient,
        permit_mynetworks,
        reject_unauth_destination,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
        reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
        reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
        check_helo_access pcre:/etc/postfix/helo_checks.pcre,
        reject_invalid_helo_hostname,
        check_policy_service inet:127.0.0.1:2501,
        check_client_access hash:/etc/postfix/client_checks,
        check_sender_access hash:/etc/postfix/sender_checks,
        check_recipient_access pcre:/etc/postfix/relay_recips_access,
        check_recipient_access pcre:/etc/postfix/property_recip_map,
        check_recipient_access pcre:/etc/postfix/recipient_checks,
        check_recipient_access pcre:/etc/postfix/relay_recips_ecartis,
        permit

The client_checks_special and sender_checks_special were created because I
didn't know how to order the check_*_access later on and still properly
bypass some of the earlier checks. Adding these unknown hosts to
sender_checks_special has been a way for me to resolve the helo checks
issue.

Maybe all I need to do is move my check_helo_access to before the
reject_*_domain checks?

Thanks for any ideas.
Alex

Reply via email to