Loading ...
Sorry, an error occurred while loading the content.

269603Re: rejecting clients greeting me with my own name

Expand Messages
  • martin f krafft
    Oct 4, 2010
    • 0 Attachment
      also sprach Jeroen Geilman <jeroen@...> [2010.10.04.1822 +0200]:
      > Where, exactly ?

      The HELO greeting.

      > The real client IP ? That can't be trivially spoofed, and so would
      > actually BE your server.

      I have seen clients who apparently connect to my MX with the IP and
      then send the IP after HELO.

      > Personally, I reject all EHLO it it's not FQDN, not a valid hostname,
      > or corresponds with my own identity.

      % swaks -h '77.109.139.84' -t jeroen@...
      === Trying xs.adaptr.nl:25...
      === Connected to xs.adaptr.nl.
      <- 220-Are you naughty or nice ?
      <- 220 mail.adaptr.nl ESMTP Ready.
      -> EHLO 77.109.139.84
      <- 250-mail.adaptr.nl
      […]

      (same with [77.109.139.84])

      > That pretty much accomplishes what you're talking about, without the
      > need for additional options.

      So you keep a file in /etc/postfix containing your own identity?
      That's redundant, isn't it? I can trivially do this with puppet, but
      I figure it would be something postfix could do too.

      --
      martin | http://madduck.net/ | http://two.sentenc.es/

      to err is human - to moo, bovine

      spamtraps: madduck.bogus@...
    • Show all 21 messages in this topic