On Thu, Apr 06, 2023 at 11:28:07AM +1000, Sean Gallagher <s...@teletech.com.au> wrote:
> On 6/04/2023 10:39 am, raf via Postfix-users wrote: > > On Thu, Apr 06, 2023 at 07:33:28AM +0800, Corey Hickman via Postfix-users > > <postfix-users@postfix.org> wrote: > > > > > Hello > > > > > > for these two statements, > > > > > > reject_invalid_helo_hostname > > > reject_non_fqdn_helo_hostname > > > > > > what are the differences between them? does the second one hold the first > > > one already? > > > > > > Thanks. > > reject_invalid_helo_hostname rejects malformed HELO or > > EHLO hostnames. > > > > reject_non_fqdn_helo_hostname rejects non > > fully-qualified domain (or address) HELO or EHLO > > hostnames. > > > > I would assume that the second one subsumes the first, > > since a malformed hostname can't be a fully-qualified > > domain name. > > > > cheers, > > raf > > From reading the code, these two restrictions seem equivalent except when > SMTPUTF8 extension is used. > when the SMTPUTF8 is in play, reject_non_fqdn_helo_hostname will convert a > hostname containing UTF to an internationalized domain name > before checking. https://en.wikipedia.org/wiki/Internationalized_domain_name > > So reject_invalid_helo_hostname will reject hostnames that contain UTF8 but > are otherwise valid. > It seems likely that reject_non_fqdn_helo_hostname was added to postfix to > replace reject_invalid_helo_hostname when emails containing UTF8 became a > thing. > > Intuitively, you might think that reject_non_fqdn_helo_hostname is MORE > restrictive than reject_invalid_helo_hostname, > but in fact reject_non_fqdn_helo_hostname is LESS restrictive than > reject_invalid_helo_hostname. > > At least, this is my understanding from reading the code. I may be wrong.. > > Sean. Hi Sean, I based my comments only on the documentation, not the code. But looking at the code, they both check that the hostname is valid, but reject_non_fqdn_hostname() also checks that there is a '.' character in the hostname (strchr(test_name, '.')). That's the additional fqdn check. But you are right that reject_invalid_hostname() calls valid_hostname() while reject_non_fqdn_hostname() calls valid_utf8_hostname(). I wonder if that is correct, or if they should both be calling valid_utf8_hostname(). It's probably correct and probably more efficient the way it is. cheers, raf _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
