also sprach Jeroen Geilman <jer...@adaptr.nl> [2010.10.04.1822 +0200]: > Where, exactly ?
The HELO greeting. > The real client IP ? That can't be trivially spoofed, and so would > actually BE your server. I have seen clients who apparently connect to my MX with the IP and then send the IP after HELO. > Personally, I reject all EHLO it it's not FQDN, not a valid hostname, > or corresponds with my own identity. % swaks -h '77.109.139.84' -t jer...@adaptr.nl === Trying xs.adaptr.nl:25... === Connected to xs.adaptr.nl. <- 220-Are you naughty or nice ? <- 220 mail.adaptr.nl ESMTP Ready. -> EHLO 77.109.139.84 <- 250-mail.adaptr.nl […] (same with [77.109.139.84]) > That pretty much accomplishes what you're talking about, without the > need for additional options. So you keep a file in /etc/postfix containing your own identity? That's redundant, isn't it? I can trivially do this with puppet, but I figure it would be something postfix could do too. -- martin | http://madduck.net/ | http://two.sentenc.es/ to err is human - to moo, bovine spamtraps: madduck.bo...@madduck.net
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
