>Hi list. > >I was recently looking over my postfix config and RFC 5321 in order to >see whether everything seems still to be compliant (not postfix,.. but >my config ;) ). > >Then I stumbled accross the following: >http://tools.ietf.org/html/rfc5321#section-4.1.4 says: >A session that will contain mail transactions MUST first be > initialized by the use of the EHLO command. An SMTP server SHOULD > accept commands for non-mail transactions (e.g., VRFY or EXPN) > without this initialization. > >However having smtpd_helo_required = yes (which is the non-default) >ALWAYS requires the HELO/EHLO, not only for mail transactions. >I wasn't able to find a way to get RFC compliant behavior ... ok the >RFC just says "SHOULD" so stricly speaking, they way Postfix goes is >stilly compliant. > >Is it somehow possible to fulfil this SHOULD, whil still fulfiling the MUST?
don't be overly legalistic or rabbinical about conforming to RFCs, since attackers aren't. reasoning? Run postscreen and see the 100s of 1000s of attackers that connect and start sending data, which postfix calls pre-greet, before postfix sends 2xx SMTP greeting. Requiring HELO is hardly an RFC-abusive setting. I expect almost no legit, nor illegit, SMTP servers send EXPN or VRFY before helo, Len
