Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jon (jon_kiotk.net)
Date: Thu Jul 05 2007 - 19:12:25 CDT
Jorey Bump wrote:
> Jon wrote:
>>> In regular expressions, the brackets contain a list (or range) of
>>> characters, or classes. To match actual brackets, they must be escaped:
>>> But you don't want to do that. man egrep for more information.
>> OK, thanks for explaining why it's not a match.
>> But... why wouldn't I want to do that?
>> It would seem to me an IP without a fqdn is an IP without a fqdn
>> whether it's enclosed or not. Once you've made the commitment to throw
>> out "xxx.xxx.xxx.xxx" where is "[xxx.xxx.xxx.xxx]" different?
> Because an address literal (a bracketed IPV4 IP address, in this case)
> is legal in a HELO/EHLO (see RFC 2821, sections 126.96.36.199 and 4.1.3).
> It's not a question of whether or not the HELO/EHLO contains a fqdn,
> it's about creating a expression that matches only (but not all) invalid
> HELO/EHLO strings, which this does:
> This represents just one safe subset of invalid HELO hostnames, allowing
> you to impose some restrictions without the risks associated with
> reject_invalid_helo_hostname or reject_non_fqdn_helo_hostname. Those
> directives work as advertised and will stop a fair amount of spam, but
> enough misconfigured hosts exist to cause problems.
Thanks for the explaining.
I think I might be coming at my root problem from the wrong angle
because I thought the two rejects you are listing would block what I
wanted and I have them in main.cf. I was trying to:
because of a desire to stop things like this:
Jul 5 18:55:06 myserver postfix/smtpd: NOQUEUE: reject: RCPT from
unknown[188.8.131.52]: 450 4.7.1 <webmastermydomain.org>: Recipient
address rejected: Greylisted, see
Jul 5 18:55:07 myserver postfix/smtpd: lost connection after RCPT
Jul 5 18:55:07 myserver postfix/smtpd: disconnect from
If I read this right, the first connection to myserver is 184.108.40.206
and the helo is a forged earthlink.net. The IP remains unresolvable when
I check it from multiple sources outside my network.
But the postfix checks work on the values supplied within < >, correct?
If so, is there a different reject in Postfix that can examine that
first line of connecting address and allow me to reject (or even temp
fail) because there is no DNS record?