> On Sep 11, 2019, at 5:25 PM, Viktor Dukhovni <postfix-us...@dukhovni.org>
> wrote:
>
>> On Sep 11, 2019, at 5:05 PM, J Doe <gene...@nativemethods.com> wrote:
>>
>> Is there a way to achieve this ? Alternatively, should I not be attempting
>> to do this because legitimate server’s sometimes EHLO address literals ?
>
> You could try something like:
>
> ...
> warn_if_reject check_helo_access pcre:${config_directory}/helo-access
> ...
>
> helo-access:
> /^\[/ 454 4.7.1 EHLO domain-literals not accepted here
>
> And see whether that'll work out for you. This only logs warnings
> when EHLO domain-literals would be rejected, but the message may
> still be rejected by later restrictions. If you see enough warnings
> for messages that are not in any case rejected, and no false positives,
> you could try removing the 'warn_if_reject', and watch the soft rejects
> for a while. If that works out, change the '4XX' to '5XX'.
>
> --
> Viktor.
Hi Viktor,
Thanks for your reply. Ok, I was thinking a regex solution might be possible,
but I had not thought of using warn_if_reject to monitor for false positives -
thanks!
- J
