294601Re: Three trivial filtering questions
- Aug 5, 2013On 8/4/2013 10:13 PM, Ronald F. Guilmette wrote:
> In message <51FF13EB.8090105@...>,I use a pcre table to reject any HELO that starts with a bracket or
> Noel Jones <njones@...> wrote:
>> On 8/4/2013 8:06 PM, Ronald F. Guilmette wrote:
>>> Does reject_non_fqdn_helo_hostname, when placed in the
>>> smtpd_helo_restrictions, permit clients to HELO/EHLO
>>> with a square-bracket enclosed dotted quad IPv4 address?
> The documentatation should probably be adjusted to make that more clear.
> Right now it reads:
> Reject the request when the HELO or EHLO hostname is not in fully-
> qualified domain form, as required by the RFC.
>>> If so, is the dotted quad checked to see that it properly
>>> represents the actual IP address of the actual current client?
> Is there any restriction verb that would cause a HELO/EHLO which specifies
> a square-bracketed dotted quad IPv4 address to be rejected when & if the
> dotted quad does not match the actual current client IP address?
looks like an IP. Legit hosts that use this form are very rare here
-- maybe one every couple years.
>There is no built-in postfix restriction to compare the HELO to the
> Would reject_unknown_helo_hostname do it? If not maybe a new restriction
> verb would be useful to perform this exact check.
client hostname, and I would question the value of such a feature.
Do you see lots of spam with incorrect IP in the HELO? Do you see
significant numbers of legit hosts using a bracketed IP HELO?
>You'll need too show evidence for further help on this.
>>> Certainly, some spam
>>> that I believe should have been rejected on the basis of one or another
>>> of the above RHS filters I am instead seeing (in my maillog file) being
>>> rejected instead by one or another of the subsequent reject_rbl_client
>>> filters. What could I be doing wrong?
>>RHSBL checks work without postscreen. If you use postscreen, it
>> Doing RBL client checks in postscreen?
> I am not using postscreen at the present time.
> Do I need to use that if I want to perform RHSBL checks?
will reject clients before the smtpd_*_restrictions (and the smtpd
program itself) are ever run.
-- Noel Jones
- << Previous post in topic Next post in topic >>