| Main Archive Page > Month Archives > postfix-users archives |
Re: reject_non_fqdn_helo_hostname usefulness, safety
From: Simon Brereton <simon.brereton_at_nospam>Date: Fri Nov 11 2011 - 03:26:16 GMT
To: postfix users <postfix-users@postfix.org>
On 10 November 2011 18:45, Steve Fatula <compconsultant@yahoo.com> wrote:
> This check says that the RFC requires a fully qualified hostname for HELO.
> Most internet searches show this to be a "safe" check that shouldn't really
> kill any real mail. Lately, noticed no ebay mail was coming through, looked
> through the logs and see entires like:
> Nov  9 20:30:58 host2 postfix/smtpd[16167]: NOQUEUE: reject: RCPT from
> mxpool19.ebay.com[66.135.197.25]: 504 5.5.2 <mx88>: Helo command rejected:
> need fully-qualified hostname; from=<ebay@ebay.com> to=<me@hiddendomain.com>
> proto=ESMTP helo=<mx88>
>
> mx88 is of course not a FQDN. So, it was correctly rejected per the setting.
> Obviously, I can try and whitelist all the ebay servers, but, it's a slight
> pain. Could be a moving target, etc. This would allow me to keep the
> setting, but....
> Since this did block mail from a rather well known common mailer, I am
> starting to wonder how safe this check really is. Perhaps it's not so safe.
> Yes, that is a configuration error on ebays part, but, I don't think you
> really want to block ebay mail.
> Are you finding this is not as safe a check as it should be, since
> presumably the RFC requires it, still, people make mistakes? Is it really of
> much use these days anyway for blocking spam?
This check alone is responsible for blocking up to 85% of the spam
attempts on our system. Verify that the HELO is not localhost,
mydomain.tld or ip.add.re.ss takes care of another 5% and rejecting
invalid destinations takes care of the rest. Amavis ends up finding
less than 1% of what makes it through that and that in itself is 1% of
the total attempts.
Write them a note with the RFC I say. Standards are no good if you
let yours slip because it's Ebay. or Google. or InsetBrandnamehere.
Simon