On 12/21/2015 4:54 PM, Wolfe, Robert wrote: > Hi all. This is not a postfix-specific question, but rather a > generic one, but I hope I can get the answer I am searching for here. > > > I run a third part SMTP filtering program in which I have "EHLO/HELO > Must Resolve" turned on. I am amazed at the number of exceptions I > have to put into my configuration to accept email from domains > affected by this. Is this normal practice, or, according to RFCs, > is the FQDN _REQUIRED_ to be present in the EHLO/HELO verbage during > an SMTP session?
I quit using reject_unknown_helo_hostname a couple years ago when it quickly became clear that a significant percentage of the clients rejected were legit. Of course, YMMV. I use reject_non_fqdn_helo_hostname and have some PCRE check_helo_access rules that reject IP literal or all-numeric HELO, "localhost", and variants of my own domain, and I use "smtpd_helo_required = yes". They don't catch a lot of spam, but they rarely hit legit mail either, which is why I leave them in. -- Noel Jones
