Dear list, I found that a lot of spam can be weeded out by rejecting clients who greet me with my own hostname. Initially, I achieved this with the following:
main.cf: smtpd_helo_restrictions = […] check_helo_access pcre:$config_directory/reject_helo_myhostname reject_helo_myhostname: /^myhostname(\.mydomain)?$/ 554 do not impersonate me I then ran into problems when the host connected to itself through the loopback interface. Since I did not want to add permit_mynetworks to smtpd_helo_restrictions (I expect all machines on my network to pass the other helo restrictions), I went on to experiment with restriction classes. I now realise that there are other, more direct ways to achieve what I want, but I would still like to figure out a problem I ran into: main.cf: smtpd_helo_restrictions = […] check_helo_access pcre:$config_directory/reject_helo_myhostname smtpd_restriction_classes = […] target_reject_helo_myhostname target_reject_helo_myhostname = permit_mynetworks sleep 10 reject reject_helo_myhostname: /^myhostname(\.mydomain)?$/ target_reject_helo_myhostname This works, but I wanted to have a more verbose error message, so I replaced the last line with check_helo_access static:554 do not impersonate me Much to my surprise, this caused the message to be accepted. I speculated this might have to do with the spaces and tried to quote the text, which did not work. After discovering that check_helo_access static:REJECT worked fine, I tried check_helo_access static:554 but that got the message accepted too. I now found a better solution, but I am still curious what I did wrong in using the static map. Thanks for your time! -- martin | http://madduck.net/ | http://two.sentenc.es/ the security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin. spamtraps: madduck.bo...@madduck.net
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)