Re: Does reject_non_fqdn_helo_hostname violate RFC?

d is a valid principal host domain name for the >> client host. >> >> But then there's this: >> >>However, the receiver MUST NOT refuse to accept a message, even if >>the sender's HELO command fails verification. >> >> My interpretation is that with reject_no

Re: Does reject_non_fqdn_helo_hostname violate RFC?

in name for the > client host. > > But then there's this: > >However, the receiver MUST NOT refuse to accept a message, even if >the sender's HELO command fails verification. > > My interpretation is that with reject_non_fqdn_helo_hostname, postfix > violat

Re: Does reject_non_fqdn_helo_hostname violate RFC?

mmand is a valid principal host domain name for the > client host. > > But then there's this: > >However, the receiver MUST NOT refuse to accept a message, even if >the sender's HELO command fails verification. > > My interpretation is that with reject

Does reject_non_fqdn_helo_hostname violate RFC?

r, the receiver MUST NOT refuse to accept a message, even if the sender's HELO command fails verification. My interpretation is that with reject_non_fqdn_helo_hostname, postfix violates that MUST NOT. Is my interpretation correct? If that is so, perhaps docs should be updated pointing t

PATCH: docs for reject_non_fqdn_helo_hostname

This attempts to clarify the description for reject_non_fqdn_helo_hostname. There seems to be end-user confusion about whether this feature should also reject address literals, which of course it is not intended to. *** proto/postconf.protoWed Jul 10 19:01:20 2013 --- /tmp/tmp

Re: 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' neccessary?!

On 6/9/2013 12:00 PM, Viktor Dukhovni wrote: > On Mon, Jun 10, 2013 at 01:17:19AM +1000, Nikolas Kallis wrote: > >> Is using 'reject_non_fqdn_helo_hostname' and >> 'reject_invalid_helo_hostname' even neccessary when using >> 'reject_unknown_helo_

Thread Kill (reject_non_fqdn_helo_hostname etc.)

Wietse Venema: > This thread is terminated, as is the poster's membership. > > Wietse

Re: 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' neccessary?!

This thread is terminated, as is the poster's membership. Wietse

Re: 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' neccessary?!

Nikolas Kallis: > On 10/06/13 03:11, Viktor Dukhovni wrote: > > On Mon, Jun 10, 2013 at 03:07:59AM +1000, Nikolas Kallis wrote: > > > >>>> Is using 'reject_non_fqdn_helo_hostname' and > >>>> 'reject_invalid_helo_hostname'

Re: 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' neccessary?!

On 10/06/13 03:11, Viktor Dukhovni wrote: On Mon, Jun 10, 2013 at 03:07:59AM +1000, Nikolas Kallis wrote: Is using 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' even neccessary when using 'reject_unknown_helo_hostname'? You seem to have dec

Re: 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' neccessary?!

On Mon, Jun 10, 2013 at 03:07:59AM +1000, Nikolas Kallis wrote: > >>Is using 'reject_non_fqdn_helo_hostname' and > >>'reject_invalid_helo_hostname' even neccessary when using > >>'reject_unknown_helo_hostname'? > > > >You

Re: 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' neccessary?!

On 10/06/13 03:00, Viktor Dukhovni wrote: On Mon, Jun 10, 2013 at 01:17:19AM +1000, Nikolas Kallis wrote: Is using 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' even neccessary when using 'reject_unknown_helo_hostname'? You seem to have dec

Re: 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' neccessary?!

On Mon, Jun 10, 2013 at 01:17:19AM +1000, Nikolas Kallis wrote: > Is using 'reject_non_fqdn_helo_hostname' and > 'reject_invalid_helo_hostname' even neccessary when using > 'reject_unknown_helo_hostname'? You seem to have decided that the client HELO name

'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' neccessary?!

Is using 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' even neccessary when using 'reject_unknown_helo_hostname'? The way I see it is if there is no FQDN and the host name is invalid, then 'reject_unknown_helo_hostname' won'

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 08/06/13 17:49, Stan Hoeppner wrote: Nikolas, please do not reply off-list. Always reply to the list unless there is a good reason not to (such as a shouting argument with another user, a thread drifts wildly off topic, you are asked to, etc). On 6/7/2013 11:20 PM, Nikolas Kallis wrote: On

Re: 'reject_non_fqdn_helo_hostname' not working?!

Nikolas, please do not reply off-list. Always reply to the list unless there is a good reason not to (such as a shouting argument with another user, a thread drifts wildly off topic, you are asked to, etc). On 6/7/2013 11:20 PM, Nikolas Kallis wrote: > On 08/06/13 14:09, Stan Hoeppner wrote: >> O

Difference between 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname'

From what I understand, 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' detect malformed 'helo', but 'reject_non_fqdn_helo_hostname' does not detect malformed 'helo' if 'helo' is a malformed addr

Re: Defeating 'reject_non_fqdn_helo_hostname'

On 6/7/2013 11:28 AM, Noel Jones wrote: > Generally only internal systems and spammers use IP literals for the > HELO hostname. I wouldn't recommend it. Absolutely. > I would suggest not using "123-243-137-139.static.tpgi.com.au" as > your HELO, since that's what all the spam bots do. Some fol

Re: 'reject_non_fqdn_helo_hostname' not working?!

m' > is not a FQDN. $ host 46.235.78.1 Host 1.78.235.46.in-addr.arpa. not found: 3(NXDOMAIN) reject_unknown_reverse_client_hostname triggers on NXDOMAIN. This has nothing to do with HELO, but a reverse lookup of the client IP address. > I have 'reject_non_fqdn_helo_hostname

Re: Defeating 'reject_non_fqdn_helo_hostname'

#x27; as the host name of my mail server, would a > Postfix-based e-mail server enforcing > 'reject_non_fqdn_helo_hostname' accept my mail, or would the PTR > record have to resolve to '123.243.137.139' exactly (not > '123-243-137-138.static.tpgi.com.au')? &

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 07/06/13 23:29, Mark Goodge wrote: On 07/06/2013 14:16, Nikolas Kallis wrote: On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not

Re: 'reject_non_fqdn_helo_hostname' not working?!

Am 2013-06-07 15:16, schrieb Nikolas Kallis: I thought for a domain to be fully qualified, it must have a PTR record setup for it? No, fully qualified means that all domain name components up to the top level domain are specified. While you can generally expect that fully qualified domain name

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 07/06/2013 14:16, Nikolas Kallis wrote: On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbm

Re: 'reject_non_fqdn_helo_hostname' not working?!

Not at all. asgljgsglhg.aergohgergearguaoreg.gaegergheagaerhgaerhgopaeg is just as much an FQDN as mail.google.com. Ron Scott-Adams r...@tohuw.net "Soap and education are not as sudden as a massacre, but they are more deadly in the long run." (Mark Twain) On Jun 7, 2013, at 09:16 , Nikol

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a

Re: 'reject_non_fqdn_helo_hostname' not working?!

Le 07/06/2013 15:11, Mark Goodge a écrit : On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com'

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a fully qualified domain name. That is c

'reject_non_fqdn_helo_hostname' not working?!

Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. I have 'reject_non_fqdn_helo_hostname' ena

Re: Defeating 'reject_non_fqdn_helo_hostname'

On Fri, Jun 07, 2013 at 10:46:46PM +1000, Nikolas Kallis wrote: > (...) 'reject_non_fqdn_helo_hostname' (...) reject_non_fqdn_helo_hostname will make your life miserable and block very little spam, assuming this third reject_non_fqdn_helo_hostname related thread of yours is still ab

Defeating 'reject_non_fqdn_helo_hostname'

e-mail server enforcing 'reject_non_fqdn_helo_hostname' accept my mail, or would the PTR record have to resolve to '123.243.137.139' exactly (not '123-243-137-138.static.tpgi.com.au')? There is allot I don't know about DNS. Does anyone know if a PTR record can be set to resolve to an IP address? - Thanks Regards, Nikolas Kallis

Re: Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

Wietse Venema: > Nikolas Kallis: > > Hello, > > > > Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' > > causes Postfix to reject mail from a client who is using an address > > literal as their 'helo' command. >

Re: Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

On 6/7/2013 5:46 AM, Nikolas Kallis wrote: > Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' > causes Postfix to reject mail from a client who is using an address > literal as their 'helo' command. > > This in breach of RFC 2821 under sec

Re: Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' causes Postfix to reject mail from a client who is using an address literal as their 'helo' command. Your claim is valid. Address literals in HELO must be enclosed in []. I am a little confused. Were yo

Re: Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

Nikolas Kallis: > Hello, > > Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' > causes Postfix to reject mail from a client who is using an address > literal as their 'helo' command. Your claim is valid. Address literals in HELO must be enclosed in []. Wietse

Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

Hello, Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' causes Postfix to reject mail from a client who is using an address literal as their 'helo' command. This in breach of RFC 2821 under section 4.1.1.1. Regards, Nikolas Kallis

reject_non_fqdn_helo_hostname (was: The ultimate email server)

at 02:21:50PM +, Mike's unattended mail wrote: > On 2012-10-21, Mark Goodge wrote: > > I may be wrong, but I don't think that > > reject_non_fqdn_helo_hostname will reject an IP address EHLO. At > > least, the implication of the docuementation is that it

Re: reject_non_fqdn_helo_hostname usefulness, safety

Le 11/11/2011 00:45, Steve Fatula a écrit : > This check says that the RFC requires a fully qualified hostname for HELO. > Most internet searches show this to be a "safe" check that shouldn't really > kill any real mail. Lately, noticed no ebay mail was coming through, looked > through the logs

Re: reject_non_fqdn_helo_hostname usefulness, safety

From: Murray S. Kucherawy >To: Steve Fatula ; "simon.brere...@buongiorno.com" >; postfix users >Sent: Tuesday, November 15, 2011 3:19 PM >Subject: RE: reject_non_fqdn_helo_hostname usefulness, safety > > >Just heard back from them: >  >“Murray, FYI, I wa

RE: reject_non_fqdn_helo_hostname usefulness, safety

erawy Sent: Friday, November 11, 2011 11:47 PM To: Steve Fatula; simon.brere...@buongiorno.com; postfix users Subject: RE: reject_non_fqdn_helo_hostname usefulness, safety I've forwarded this to some standards and practices compliance people inside eBay/PayPal. I bet they'll be quite

RE: reject_non_fqdn_helo_hostname usefulness, safety

-MSK From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Steve Fatula Sent: Thursday, November 10, 2011 9:04 PM To: simon.brere...@buongiorno.com; postfix users Subject: Re: reject_non_fqdn_helo_hostname usefulness, safety From: Simon Brereton mailto:s

Re: reject_non_fqdn_helo_hostname usefulness, safety

From: Simon Brereton >To: postfix users >Sent: Thursday, November 10, 2011 9:26 PM >Subject: Re: reject_non_fqdn_helo_hostname usefulness, safety > > > >Write them a note with the RFC I say.  Standards are no good if you >let yours slip because it's Ebay.  or G

Re: reject_non_fqdn_helo_hostname usefulness, safety

On 10 November 2011 18:45, Steve Fatula wrote: > This check says that the RFC requires a fully qualified hostname for HELO. > Most internet searches show this to be a "safe" check that shouldn't really > kill any real mail. Lately, noticed no ebay mail was coming through, looked > through the logs

Re: reject_non_fqdn_helo_hostname usefulness, safety

block mail from a rather well known common mailer, I > am starting to wonder how safe this check really is. Perhaps it's > not so safe. Yes, that is a configuration error on ebays part, > but, I don't think you really want to block ebay mail. This is news to me, as I often sing

Re: reject_non_fqdn_helo_hostname usefulness, safety

From: Jeroen Geilman >To: postfix-users@postfix.org >Sent: Thursday, November 10, 2011 6:13 PM >Subject: Re: reject_non_fqdn_helo_hostname usefulness, safety > > >I have seen it too, on bulk mailer software (as ebay's probably is), but my >logs from the past 6 wee

Re: reject_non_fqdn_helo_hostname usefulness, safety

mains from the check, use a client access check in your smtpd_helo_restrictions - and move the helo checks there, too: smtpd_helo_restrictions = reject_invalid_helo_hostname, check_client_access hash:/etc/postfix/helo_whitelist, reject_non_fqdn_helo_hostname And in /etc/postfix/helo_

reject_non_fqdn_helo_hostname usefulness, safety

This check says that the RFC requires a fully qualified hostname for HELO. Most internet searches show this to be a "safe" check that shouldn't really kill any real mail. Lately, noticed no ebay mail was coming through, looked through the logs and see entires like: Nov  9 20:30:58 host2 postfix

Re: reject_non_fqdn_helo_hostname

correct, then a spam slipped through that I believe should have been rejected by reject_non_fqdn_helo_hostname. What have I configured incorrectly that allowed this spam through? Postfix's reject_non_fqdn_mumble features were intended to stop hosts that announce themselves by their netb

Re: reject_non_fqdn_helo_hostname

slipped through that I believe should have >> been rejected by reject_non_fqdn_helo_hostname. What have I configured >> incorrectly that allowed this spam through? > > Postfix's reject_non_fqdn_mumble features were intended to stop > hosts that announce themselves by

Re: reject_non_fqdn_helo_hostname

Stan Hoeppner: > Does Postfix consider "architettobellucci.com" an FQDN? I've always > understood an FQDN as requiring all 3 of host.domain.tld. If my understanding > of FQDN is correct, then a spam slipped through that I believe should have > been rejected by re

reject_non_fqdn_helo_hostname

Does Postfix consider "architettobellucci.com" an FQDN? I've always understood an FQDN as requiring all 3 of host.domain.tld. If my understanding of FQDN is correct, then a spam slipped through that I believe should have been rejected by reject_non_fqdn_helo_hostname. What ha