postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: rejecting clients greeting me with my own nam

Re: rejecting clients greeting me with my own name

From: Jeroen Geilman <jeroen_at_nospam>
Date: Mon Oct 04 2010 - 18:04:45 GMT
To: postfix-users@postfix.org

Please don't send these redundant messages. It's a good indication of
your general messaging skills.

On 10/04/2010 07:56 PM, martin f krafft wrote:
> also sprach Jeroen Geilman<jeroen@adaptr.nl> [2010.10.04.1822 +0200]:
>
>> Where, exactly ?
>>
> The HELO greeting.
>
>
>> The real client IP ? That can't be trivially spoofed, and so would
>> actually BE your server.
>>
> I have seen clients who apparently connect to my MX with the IP and
> then send the IP after HELO.
>

With YOUR IP ? That's highly unlikely, to the point of unbelievability.

>> Personally, I reject all EHLO it it's not FQDN, not a valid hostname,
>> or corresponds with my own identity.
>>
> % swaks -h '77.109.139.84' -t jeroen@adaptr.nl
> === Trying xs.adaptr.nl:25...
> === Connected to xs.adaptr.nl.
> <- 220-Are you naughty or nice ?
> <- 220 mail.adaptr.nl ESMTP Ready.
> -> EHLO 77.109.139.84
> <- 250-mail.adaptr.nl
> []
>

I'm quite sure I didn't ask you to post this online.

> (same with [77.109.139.84])
>
>

When I said that *I* use those rules, where did you get the notion it
has anything to do with any particular domain, or mail server ?

>> That pretty much accomplishes what you're talking about, without the
>> need for additional options.
>>
> So you keep a file in /etc/postfix containing your own identity?
> That's redundant, isn't it? I can trivially do this with puppet, but
> I figure it would be something postfix could do too.
>

So you're too dumb to write a simple regex map, eh ?
I guess "puppet" would be the solution for you then.