[pfx] Re: invalid and non-fqdn hostname

Sat, 08 Apr 2023 17:50:53 -0700 

HUGE RETRACTION: I've really messed this up...
At the time of the HELO/EHLO command, SMTPD_FLAG_SMTPUTF8 should always be false, that feature may be negotiated after HELO/EHLO. 


As such, the UTF8 handling code of reject_non_fqdn_hostname is ALWAYS 
DISABLED during HELO/EHLO and so



"reject_non_fqdn_hostname" and "reject_invalid_hostname" behave 
identically as far as character set permitted.


Differences between the two are that:


"reject_non_fqdn_hostname" requires at least one "." and requires a 
literal address be in square brackets.



"reject_invalid_hostname" permits unbracketed addresses (somehow missed 
in earlier discussions).



To try and restore some clarity, I've made a little table that goes 
through several forms of name that may be thrown at Postfix.


"G" is "Good", the rule will NOT Reject the name in HELO/EHLO

"B" is "Bad", the rule WILL Reject the name in HELO/EHLO

+----  "reject_invalid_hostname"
| +--  "reject_non_fqdn_hostname"
| |
v v

B B   {UTF8}-hostname.domain ( n.b. SMTPD_FLAG_SMTPUTF8 should always be 
false at time of HELO/EHLO )
G G   xn--hostname-{punycode}.domain ( n.b. SMTPD_FLAG_SMTPUTF8 should 
always be false at time of HELO/EHLO )
G G   xn--hostname-rubbish.domain ( n.b. Postfix does not decode 
punycode in HELO/EHLO )

G G   hostname.domain
G B   hostname
G B   12.34.56.78  {non standard}
G B   0123:4567:89AB:CDEF:0123:4567:89AB:CDEF {non standard}
G B   0123:4567:89AB:CDEF::                   {non standard}
G B   0123:4567:89AB:CDEF::12.34.56.78        {non standard}
B B   #12 {non standard}{ numeric form allowed in RFC821 }
| |   **Both rules deal with square brackets identically**
G G   [12.34.56.78]
G G   [IPv6:0123:4567:89AB:CDEF:0123:4567:89AB:CDEF]

G G   [IPV6:0123:4567:89AB:CDEF::]      {n.b. RFC2821 only specifies 
"IPv6", this in non-standard}

G G   [Ipv6:0123:4567:89AB:CDEF::12.34.56.78]
B B   [0123:4567:89AB:CDEF:0123:4567:89AB:CDEF] {"IPv6:" tag is mandatory}

B B   [Ipv6:0123:4567:89AB:CDEF:0123:4567:89AB:CDEF/128] {CIDR extension 
not allowed}

B B   [12.34.56.78/32]

B B   [ ipv6:0123:4567:89AB:CDEF:0123:4567:89AB:CDEF ] {whitespace is 
not allowed}

B B   [ IPV6:0123:4567:89AB:CDEF:: ]
B B   [ IpV6:0123:4567:89AB:CDEF::12.34.56.78 ]
B B   [ 12.34.56.78 ]
B B   hostname.domain [12.34.56.78] { this form not allowed in HELO/EHLO }

Sorry for all the confusion.. Hope this clears things up a little.



--
This email has been checked for viruses by AVG antivirus software.
www.avg.com
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to