* Bob Apthorpe <[EMAIL PROTECTED]>: > HELO/EHLO credentials don't have to match an existing host name but > they do have to be formatted properly (i.e. FQDN) I reject on broken > HELO format with Postfix using: > > smtpd_helo_required = yes > > smtpd_helo_restrictions = permit_mynetworks, > hash:$config_directory/moron_bypass, reject_invalid_hostname, > reject_non_fqdn_hostname, reject_unknown_hostname, > hash:$config_directory/ffd_source, permit > > reject_invalid_hostname drops connections with broken hostname syntax
Like "_" and other absurd stuff > reject_non_fqdn_hostname rejects connections with HELO not formed as a > FQDN Yep. > reject_unknown_hostname drops connections from machines without DNS A or > MX record (twitchy) No. This rejects mail from machines that use a non-resolving hostname as argument to the EHLO/HELO. > hash:$config_directory/ffd_source ostensibly does some sanity checks on > mail purporting to come from freemail services (a hack I picked up on > SPAM-L) What's in there? > and hash:$config_directory/moron_bypass allegedly whitelists > connections from borked-but-borked servers. I'm not sure if it works. It should. Note that it only whitelists by the HELO/EHLO argument. E.g. if a host uses wrong_syntax.domain.com as HELO, then whitelisting would be done using wrong_syntax.domain.com OK > I wouldn't recommend some of these options for most installations. I get > FPs, especially because of reject_unknown_hostname, Oh yes. -- Ralf Hildebrandt (Im Auftrag des Referat V a) [EMAIL PROTECTED] Charite Campus Mitte Tel. +49 (0)30-450 570-155 Referat V a - Kommunikationsnetze - Fax. +49 (0)30-450 570-916 AIM: ralfpostfix ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
