On Fri, 12 Dec 2003, David Woodhouse wrote:
> I have the following ACLs for acl_smtp_helo and acl_smtp_mail
> respectively:
>
> check_helo:
> deny condition = ${if match{$sender_helo_name}{^.*_}{1}{0}}
> message = Connection rejected. Underscores in HELO are not permitted by RFC2821.\nFix your broken mail server and try again.
> accept
Well and good, for an RFC-follower; but do you have any conclusive
proof that the kind of software that perpetrates this error (YKWIM)
will ever convey your rejection report to anyone who'd be in a
position to do anything constructive about it?
My suggestion would be to at least defer the rejection until RCPT
time, _after_ mail addressed to postmaster has been accepted; and
include in the rejection report that the sender should contact their
local mail support or, if all else fails, to contact the postmaster
address at the remote (i.e your) site. That way, customers of
RFC-ignorant servers are left with one little loophole for contacting
the remote site.
If, finally, the other end fails to get your message back to the
sender (allegedly, some will react to all 5xx RCPT errors by claiming
that the recipient address does not exist), there's nothing more you
can do - but at least you tried.
[...]
> However, I find that my server now accepts "HELO _\nMAIL FROM:<>".
> Although the HELO ACL fails, $sender_helo_name still remains set.
You would solve that problem as a byproduct, if you would follow the
advice above. "Works for us".