On Sep 5, 2014, at 2:36 PM, Edwin Marqe <edwinma...@gmail.com> wrote:
> Hi, > > I've been doing some tests recently regarding to the EHLO command, and > I was wondering whether the below detailed behavior is the expected > one or not. > > I have this in my Postfix config: > > smtpd_helo_restrictions = > permit_mynetworks > reject_non_fqdn_helo_hostname > reject_unknown_helo_hostname > permit > > However, any time I connect via telnet to this server and specify > *any* IP address in the form [X.X.X.X], the smtpd_helo_restrictions > won't trigger. > > # telnet remotepostfix.mydomain.com 25 > Trying Y.Y.Y.Y... > Connected to remotepostfix.mydomain.com. > Escape character is '^]'. > 220 remotepostfix.mydomain.com ESMTP Postfix (Ubuntu) > EHLO [8.8.8.8] > 250-remotepostfix.mydomain.com > 250-PIPELINING > 250-SIZE 30720000 > 250-ETRN > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > MAIL FROM: whate...@address.com > 250 2.1.0 Ok > RCPT TO: destinat...@mydomain.com > 250 2.1.5 Ok > DATA > 354 End data with <CR><LF>.<CR><LF> > Hi! > > . > 250 2.0.0 Ok: queued as 853B21202582 > quit > 221 2.0.0 Bye > Connection closed by foreign host. > > Is this the expected behavior? Shouldn't it match any of > 'reject_non_fqdn_helo_hostname' or 'reject_unknown_helo_hostname'? > > Thanks, > > Edwin This is both legal and reasonable. If you’re a DHCP’d host running inside a NATting firewall, there’s a good chance that you don’t have a valid rDNS mapping (or at least not one that’s publicly visible, since your own address is probably inside on an RFC-1918 unroutable network number like 192.168.0.0/16 or 172.16.0.0/12 and not publicly resolvable), and the address that the remote MTA sees is going to be your firewall’s public address post-NATting, not your internal IP address on the LAN. -Philip
