> On Sep 11, 2019, at 5:25 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > >> On Sep 11, 2019, at 5:05 PM, J Doe <gene...@nativemethods.com> wrote: >> >> Is there a way to achieve this ? Alternatively, should I not be attempting >> to do this because legitimate server’s sometimes EHLO address literals ? > > You could try something like: > > ... > warn_if_reject check_helo_access pcre:${config_directory}/helo-access > ... > > helo-access: > /^\[/ 454 4.7.1 EHLO domain-literals not accepted here > > And see whether that'll work out for you. This only logs warnings > when EHLO domain-literals would be rejected, but the message may > still be rejected by later restrictions. If you see enough warnings > for messages that are not in any case rejected, and no false positives, > you could try removing the 'warn_if_reject', and watch the soft rejects > for a while. If that works out, change the '4XX' to '5XX'. > > -- > Viktor.
Hi Viktor, Thanks for your reply. Ok, I was thinking a regex solution might be possible, but I had not thought of using warn_if_reject to monitor for false positives - thanks! - J