Hi,
we implemented a smtpd_helo_restrictions check with this configuration:
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
# check_client_access hash:/etc/postfix/
check_helo_access hash:/etc/postfix/check_helo_access
reject_invalid_helo_hostname
# reject_non_fqdn_helo_hostname
# reject_invalid_helo_hostname
reject_unknown_helo_hostname
when implemting this, we had some problems with some sending mailservers
that used HELOs which hat invalid or unknown HELOs - but needed to be
let through - so we populated a whitelist. Since then - once a month a
customer complains about not getting a mail from an external sender - we
look those HELOs up in the log file and put it in the whitelist and
inform the postmaster of the sending server about the configuration failure.
Spam has reduced a lot since this measure.
But: since we only have reject_unknown_helo_hostname - there we send
only temp (450) errors back even for adresses that don't even exist. How
can we cope with this?
Is it okay to change the error code in unknown_hostname_reject_code from
the default (450) to some permanent 5xx code? In the manual it says "Do
not change this unless you have a complete understanding of RFC 2821." -
so I am careful and ask for help.
There are some servers that try and keep sending mail to non existent
adresses - I think it has something today with the temp error code they
are getting.
Advice will be much appreciated.
Thanks,
Thomas.
