On 3/26/2016 7:18 AM, Nicolás wrote: > Thanks Wietse and Rob, > > The client indeed uses SASL, but it gets rejected at HELO/EHLO time. > I will observe these days if I can fence in a reduced CIDR range and > use Wietse's approach, if not, I'll set up a Postfix local to the > broken client, which indeed is a cleaner way than my original approach. > > Thanks! > > Nicolás >
If the client uses SASL, all you need to do is put permit_sasl_authenticated before your reject_non_fqdn_helo_hostname. No need for a CIDR table or any other workarounds. smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname ... any other stuff... -- Noel Jones > > -------- Mensaje original -------- > De: wie...@porcupine.org > Fecha:25/03/2016 17:56 (GMT+00:00) > Para: Postfix users > Asunto: Re: Hardware with non-FQDN EHLO > > Nicol?s: >> Hi, >> >> I have some hardware which I've configured to send e-mails through >> my Postfix server. Unfortunately, this hardware's firmware has >> its' EHLO command hardcoded, not being it an FQDN. >> >> In Postfix, I've configured smtpd_helo_restrictions to >> have?reject_non_fqdn_helo_hostname and I'm pretty happy with it >> so I don't want to remove it, however it makes its' attempts to >> get rejected. Another issue is that it's connections are made from >> a dynamic IP address, so whitelisting its IP address is not an >> option. However, it has a dynamic hostname which updates each time >> it changes (a DynDNS-like host). > > Wrap the reject_non_fqdn_helo_hostname inside an access table: > > smtpd_mumble_restrictions = > ...other stuff... > check_client_access cidr:/etc/postfix/reject_non_fqdn_helo.cidr > ...more stuff... > > /etc/postfix/reject_non_fqdn_helo.cidr: > # Unlike hash files, cidr files are matched in the order of rules. > # IPv4 > 1.2.3.4 dunno > 0.0.0.0/0 reject_non_fqdn_helo_hostname > # IPv6 > 1:2::3:4 dunno > ::0/0 reject_non_fqdn_helo_hostname > > It's a bit clumsy with the CIDR patterns, but hash-based access > maps don't have a wild-card pattern. > > Wietse
