On Fri, Apr 08, 2016 at 08:04:12AM -0700, jaso...@mail-central.com wrote:
> I want to add a helo_access block entry for literal matches of
> "User". Because "user" is uesd all over the place, I want to make
> sure I don't screw this up.
>
> Here are three instances that I'd like to match,
>
> Jan 17 19:21:13 mail01 postfix/psint/smtpd[24295]: NOQUEUE:
> reject: EHLO from
> 75-145-96-164-Memphis.hfc.comcastbusiness.net[75.145.96.164]:
> 504 5.5.2 <User>: Helo command rejected: need fully-qualified
> hostname; proto=SMTP helo=<User>
Rejected by your smtpd's reject_non_fqdn_helo_hostname restriction.
> Feb 04 12:07:27 mail01 postfix/postscreen[19582]: PREGREET 11
> after 0.17 from [155.133.82.19]:49382: EHLO User\r\n
Rejected by postscreen as a pre-banner talker.
> Mar 03 03:19:14 mail01 postfix/postscreen[3305]: NOQUEUE:
> reject: RCPT from [123.237.129.33]:49583: 550 5.7.1 Service
> unavailable; client [123.237.129.33] blocked using
> zen.spamhaus.org; from=<hindmach...@votelori.com>,
> to=<exampl...@example.com>, proto=ESMTP, helo=<User-PC>
And that's the postscreen_dnsbl_threshold having been met. Also, a
different non-FQDN EHLO string.
> In
>
> postfix/helo_access
>
> where I have
>
> main.cf
> smtpd_helo_restrictions =
> check_helo_access lmdb:${config_directory}/helo_access
> reject_non_fqdn_helo_hostname
> reject_invalid_helo_hostname
> ...
>
> is a match on
>
> /^.*User.*$/ REJECT
"Some people, when confronted with a problem, think, 'I know, I'll
use regular expressions.'" Now they have two problems."
--atributed to Jamie Zawinski
> incorrect or too-broad to match these, and not others?
EHLO outbound-42.compuserv.com
Yes, compuserv is gone, but it's a nice illustration of how the
string, "user", can appear in a legitimate EHLO.
> I know those^ were already blocked, but some are sneaking
> through -- and I"m not yet entirely sure why or how.
I'm not either. Perhaps you should focus on the problem, and post
examples of it?
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
