|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: How to exclude reject_non_fqdn_hostname for some IPs?
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Thu Sep 14 2006 - 09:32:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thursday 14 September 2006 06:04, Gino Pilotino wrote:
> I've enabled reject_non_fqdn_hostname (in
> smtpd_helo_restrictions, of course),
Of course? Why? It works fine in smtpd_recipient_restrictions too.
SMTPD_ACCESS_README explains the different stages, and answers your
question as well.
> and it's very good against a lot of spam.
Yes, I am doing the same thing, albeit in a check_helo_access pcre map:
!/\./ 501 5.5.2 We find that non-qualified EHLO/HELO
greetings are always spam. If not, please ask your postmaster
to correct the server's EHLO/HELO greeting. See
http://<my-URL>/ for help.
The URL I give them includes a contact form, which has never been used
other than for testing. All the non-fqdn HELOs I see are spam.
> There are a few, bad configured, MTA declaring unresolvable HELO
> from which I want to receive email.
You're getting false positives with reject_non_fqdn_hostname (now
reject_non_fqdn_helo_hostname)? What you're describing is not the same
thing. You're talking about reject_unknown_helo_hostname, formerly
reject_unknown_hostname. Perhaps THAT is the restriction you want to
remove or bypass with a check_client_access lookup.
> How to "whitelist" those IP?
Personally, I do not recommend the use of reject_unknown_helo_hostname
at this time, because there are many non-resolvable HELOs, including
some major mail providers. Keep reject_non_fqdn_hostname, remove
reject_unknown_hostname, and do take the time to review the
aforementioned README.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]