postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: rejecting clients greeting me with my own nam

Re: rejecting clients greeting me with my own name

From: martin f krafft <madduck_at_nospam>
Date: Mon Oct 04 2010 - 17:56:15 GMT
To: Jeroen Geilman <>

also sprach Jeroen Geilman <> [2010.10.04.1822 +0200]:
> Where, exactly ?

The HELO greeting.

> The real client IP ? That can't be trivially spoofed, and so would
> actually BE your server.

I have seen clients who apparently connect to my MX with the IP and
then send the IP after HELO.

> Personally, I reject all EHLO it it's not FQDN, not a valid hostname,
> or corresponds with my own identity.

% swaks -h '' -t
=== Trying
=== Connected to
<- 220-Are you naughty or nice ?
<- 220 ESMTP Ready.
 -> EHLO

(same with [])

> That pretty much accomplishes what you're talking about, without the
> need for additional options.

So you keep a file in /etc/postfix containing your own identity?
That's redundant, isn't it? I can trivially do this with puppet, but
I figure it would be something postfix could do too.

-- martin | | to err is human - to moo, bovine spamtraps: