On Mon, Feb 06, 2012 at 01:36:09PM +0000, James Day wrote: > reject_unknown_helo_hostname
Not safe for most use. > My understanding is that to be RFC compliant your HELO greeting > must be a valid hostname (ie there is a public A record). Right. > However since implementing this restriction under > smtpd_helo_restrictions I have had nothing but complaints from > people who think their messages are being unfairly blocked. > > I know we don't live in a perfect world and not everybody is going > to have a correctly configured mail server but I don't think it is > unreasonable for me to stick to my guns and reject these messages. Depends on your site's needs. Good luck! > Having said that, some people have more influence than others and > should they voice any concerns I would be forced to make some > changes. With that in mind, what would be the best way to make > exceptions? Precede it with a check_client_access lookup which lists your whitelisted (influential, yet misconfigured) hosts. > My current line of thought is to use a check_helo_access map to > make exceptions on a per server basis, is there a better way? That would be one of the worst choices, because a forged HELO cannot easily be tested. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
