On 13-Mar-2009, at 09:04, Jorey Bump wrote:
For the people still supporting the antiquated model of accepting
mail
submission via SMTP rather than a proper port 587 daemon, it is
important to make allowances for the fact that MUA's frequently
have no
better choice for their HELO argument than an IP literal, and
sometimes
even that is pretty lousy (i.e. an ephemeral RFC1918 private IP)
MUA HELOs are problematic in many ways. But you're absolutely right,
this is best handled by delaying this sort of check_helo_access until
smtpd_recipient_restrictions, after permit_mynetworks &
permit_sasl_authenticated, if you support submission on SMTP port 25
on
an MX server.
OK, this piqued my interest. I have 587 setup, and I also have a
couple of alternate ports in the 1025+ range to deal with any users
unlucky enough to be behind draconian ISPs, but I do still accept mail
on port 25. In fact, I wasn't even aware that you could force users
to use the submission port.
Where's the read me on configuring master.cf for this, as I think it
might be worth looking at.
--
There is something to be said for grace and respect but humour
alway helps - Toby Morris