On Sat, Oct 22, 2016 at 04:15:41PM +0200, Paul van der Vlis wrote: > Op 22-10-16 om 13:41 schreef Wietse Venema: > > Bill Cole: > >>> Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi > >>> [87.92.55.206]) > >>> (Authenticated sender: p...@puk.nl) > >>> by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E0285; > >>> Fri, 21 Oct 2016 18:57:14 +0200 (CEST) > >>> ---- > >>> As would my server sent it to my server... > >> > >> Not exactly. That Received header indicates that the machine at > >> 87.92.55.206 which is actually named 87-92-55-206.bb.dnainternet.fi > >> introduced itself with "EHLO [127.0.0.1]" on an encrypted session and > >> proceeded to authenticate as the user whose name you've replaced with > >> p...@puk.nl. > > > > Thanks, I missed that. > > Is the conclusion now, that Postfix is relaying here? >
Reposting what was allready in this thread | > As a stopgap, you could add a directive like this to | > smtpd_helo_restrictions: | > | > check_helo_access pcre:/etc/postfix/helo_checks | > | > And in that helo_checks file; | > | > /127\.0\.0\.1/ REJECT you are not me | | Thanks, a great idea to have standard in most cases. | | > This will catch and reject formally correct IP literals as in this case | > and the more common bare IP form of claiming to be localhost. There's no | > reason for any mail client ever to say "EHLO [127.0.0.1]" except to | > cause a MTA to generate a confusing Received header. | | Right.
