postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: rejecting clients greeting me with my own nam

Re: rejecting clients greeting me with my own name

From: Jeroen Geilman <jeroen_at_nospam>
Date: Mon Oct 04 2010 - 16:22:38 GMT
To: postfix-users@postfix.org

On 10/04/2010 05:49 PM, martin f krafft wrote:
> also sprach Noel Jones<njones@megan.vbhcs.org> [2010.10.04.0507 +0200]:
>
>> Lots easier to just use
>> /^myhostname(\.mydomain)?$/ REJECT don't use my hostname
>>
> Thanks to everyone who responded. I am now going the suggested way.
>
> However, it occurs to me that this is something postfix could be
> trivially doing itself, e.g.
>
> smtpd_helo_restrictions =
> []
> reject_my_hostname
>
> reject_my_ipaddress
>

Where, exactly ?
The real client IP ? That can't be trivially spoofed, and so would
actually BE your server.
As for EHLO, IP literals aren't accepted as a matter of course - not in
this day and age.

Personally, I reject all EHLO it it's not FQDN, not a valid hostname, or
corresponds with my own identity.
That pretty much accomplishes what you're talking about, without the
need for additional options.

-- J.