On 8/11/2016 9:18 AM, Richard Klingler wrote: > On Thu, 11 Aug 2016 10:15:04 -0400, Bill Cole wrote: >> On 11 Aug 2016, at 6:25, Richard Klingler wrote: >> >>> plain helo_checks won't allow regular expression for hostnames. >> >> Why do you believe this? >> >> I have used regexp and pcre tables for helo_checks successfully in >> all versions of Postfix from 2.6 to 3.1. My particular patterns don't >> catch much since the advent of postscreen, but they definitely do >> work. > > Might be due to the fact I use hash table: > > check_helo_access hash:/usr/local/etc/postfix/helo_checks > > So this never catches it: > > /^.*\.ppp\..*$/ REJECT No email accepted from DSL users > /^.*\.dsl\..*$/ REJECT No email accepted from DSL users >
True, you can't use regexp syntax in a hash table, but you can use a second check_helo_access with a regexp or pcre table. check_helo_access hash:/usr/local/etc/postfix/helo_checks check_helo_access pcre:/usr/local/etc/postfix/helo_checks.pcre > /^.*\.ppp\..*$/ REJECT No email accepted from DSL users > /^.*\.dsl\..*$/ REJECT No email accepted from DSL users useless anchors... /\.dsl\./ REJECT ... /\.ppp\./ REJECT ... Also, you might consider using the file from the fqrdns.pcre project to help with bad helo and client names. https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre -- Noel Jones
