postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: rejecting clients greeting me with my own nam

Re: rejecting clients greeting me with my own name

From: martin f krafft <madduck_at_nospam>
Date: Mon Oct 04 2010 - 17:56:15 GMT
To: Jeroen Geilman <jeroen@adaptr.nl>

also sprach Jeroen Geilman <jeroen@adaptr.nl> [2010.10.04.1822 +0200]:
> Where, exactly ?

The HELO greeting.

> The real client IP ? That can't be trivially spoofed, and so would
> actually BE your server.

I have seen clients who apparently connect to my MX with the IP and
then send the IP after HELO.

> Personally, I reject all EHLO it it's not FQDN, not a valid hostname,
> or corresponds with my own identity.

% swaks -h '77.109.139.84' -t jeroen@adaptr.nl
=== Trying xs.adaptr.nl:25...
=== Connected to xs.adaptr.nl.
<- 220-Are you naughty or nice ?
<- 220 mail.adaptr.nl ESMTP Ready.
 -> EHLO 77.109.139.84
<- 250-mail.adaptr.nl
[…]

(same with [77.109.139.84])

> That pretty much accomplishes what you're talking about, without the
> need for additional options.

So you keep a file in /etc/postfix containing your own identity?
That's redundant, isn't it? I can trivially do this with puppet, but
I figure it would be something postfix could do too.

-- martin | http://madduck.net/ | http://two.sentenc.es/ to err is human - to moo, bovine spamtraps: madduck.bogus@madduck.net