postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: static map returns 554, causing message to be acc

static map returns 554, causing message to be accepted

From: martin f krafft <madduck_at_nospam>
Date: Sun Oct 03 2010 - 12:34:56 GMT
To: postfix users <postfix-users@postfix.org>

Dear list,

I found that a lot of spam can be weeded out by rejecting clients
who greet me with my own hostname. Initially, I achieved this with
the following:

  main.cf:
    smtpd_helo_restrictions =
      […]
      check_helo_access pcre:$config_directory/reject_helo_myhostname

  reject_helo_myhostname:
    /^myhostname(\.mydomain)?$/ 554 do not impersonate me

I then ran into problems when the host connected to itself through
the loopback interface. Since I did not want to add
permit_mynetworks to smtpd_helo_restrictions (I expect all machines
on my network to pass the other helo restrictions), I went on to
experiment with restriction classes. I now realise that there are
other, more direct ways to achieve what I want, but I would still
like to figure out a problem I ran into:

  main.cf:
    smtpd_helo_restrictions =
      […]
      check_helo_access pcre:$config_directory/reject_helo_myhostname

    smtpd_restriction_classes =
      […]
      target_reject_helo_myhostname

    target_reject_helo_myhostname =
      permit_mynetworks
      sleep 10
      reject

  reject_helo_myhostname:
    /^myhostname(\.mydomain)?$/ target_reject_helo_myhostname

This works, but I wanted to have a more verbose error message, so
I replaced the last line with

      check_helo_access static:554 do not impersonate me

Much to my surprise, this caused the message to be accepted.

I speculated this might have to do with the spaces and tried to
quote the text, which did not work.

After discovering that

      check_helo_access static:REJECT

worked fine, I tried

      check_helo_access static:554

but that got the message accepted too.

I now found a better solution, but I am still curious what I did
wrong in using the static map.

Thanks for your time!

-- martin | http://madduck.net/ | http://two.sentenc.es/ the security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin. spamtraps: madduck.bogus@madduck.net