OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: HELO and FQDN
From: Mark Tiramani (markjtfredo.co.uk)
Date: Thu Nov 02 2000 - 18:29:04 CST

Perhaps I did not explain clearly in my last email.
I had already reduced it to one change.
The following are now in main.cf:

smtpd_client_restrictions = reject_invalid_hostname, reject_unauth_pipelining

smtpd_helo_restrictions = permit_naked_ip_address, reject_unauth_pipelining

and of course no HELO errors occur .
But with the single change:

smtpd_client_restrictions = reject_non_fqdn_hostname, reject_invalid_hostname,
reject_unauth_pipelining

the following occurs:

% telnet localhost smtp
Trying 127.0.0.1...
Connected to sparta.
Escape character is '^]'.
220 sparta.gov.uk ESMTP Postfix
helo fred
250 sparta.gov.uk
MAIL From:<markjtfredo.co.uk>
250 Ok
RCPT To:<markjtsparta.gov.uk>
504 <fred>: Helo command rejected: need fully-qualified hostname
quit
221 Bye
Connection closed by foreign host.

All I now wanted to check was whether reject_non_fqdn_hostname was illegal in
smtpd_client_restrictions.
As you can see it produces a 504 on the Helo.
(Please note there is no FQDN restriction in smtpd_helo_restrictions)

> Your problem does not reproduce:
>
> % postconf smtpd_client_restrictions
> smtpd_client_restrictions = reject_non_fqdn_hostname, reject_invalid_hostname
>
> Witness the HELO reply to an unqualified hostname:
>
> hades% telnet localhost smtp
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 hades.porcupine.org ESMTP Postfix
> helo foo
> 250 hades.porcupine.org
> quit
> 221 Bye
> Connection closed by foreign host.
>
> Please come back when you can reduce the whole problem to just one
> change to the main.cf file.

Mark

Mark Tiramani
FREDO Internet Services
markjtfredo.co.uk