Viktor Dukhovni: The actual expectation is that the EHLO name is a valid DNS hostname, and should resolve to the IP address of the client.
On 10.02.21 23:59, Eugene Podshivalov wrote:
Postfix does not seem to be able to check this right now. Wouldn't it be good to have such features in smtpd_helo_restrictions?
It's quite comnon to fill smtpd_helo_restrictions with reject_unknown_helo_hostname, reject_invalid_helo_hostname, and reject_non_fqdn_helo_hostname. you can also disable concrete strings by using check_helo_access ...but set smtpd_helo_required to "yes" or clients can avoid that by not using helo/ehlo at all. there's no setting to reject HELO name that doesn't resolve to IP of a client, mostly because it violates so far all SMTP RFCs. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows."
