James,
On Sat, 3 Apr 2004, James P. Roberts wrote:
> Greetings,
>
> Is it possible to enforce the HELO/EHLO syntax check at RCPT time instead of
> HELO time? My logs are starting to fill up with junk from syntactically
> invalid hosts (yes those stupid underscores), that keep retrying many, many
> times.
>
> I do not wish to accept from these hosts. I just want to give them a 5xx at
> RCPT time so they will (hopefully) stop retrying.
>
> I probably just need more coffee. Any suggestions?
If you can't find anything stronger, Nescafe Gold Blend is a reasonable
substitute.
The particular case of underscores has cropped up many times here before.
I have the following in my config, derived from those contributions:-
# Many broken Exchange servers use '_' in the HELO data. If we reject at HELO
# time, they very often fail to deal with the problem; plus they cannot mail
# postmaster here (yippee!) to discuss the problem. So rather than using
# acl_smtp_helo, we allow it through the HELO by specifying
helo_allow_chars = _
# and then check it later, in acl_smtp_rcpt, _after_ we have got past the
# postmaster exception.
... and later, in the RCPT ACL ...
# This one is a composite from several suggestions
deny message = Rejected because of unacceptable syntax in \
HELO/EHLO name:\n\
$sender_helo_name\n\
This is commonly associated with misconfigured mail \
software;\n\
see RFC2821 section 4.1.2 for legal domain syntax.\n\
For assistance please contact postmaster@$domain
log_message = invalid HELO syntax $sender_helo_name
####condition = ${if match {$sender_helo_name} {_} {1} {0}}
condition = ${if and { \
{ match {$sender_helo_name} {_} } \
{ eq {${lookup {$sender_helo_name} \
lsearch {SPAMDIR/HELO-except-hosts} \
{Y} {N} }} \
{N} } \
} \
{yes} {no} }
(Sorry about the layout!)
I haven't found it necessary (yet) myself, but I guess if you needed to do
other checks at HELO time, eg because the necessary info isn't available
at RCPT time, you could save the result in a $acl_mN variable, and then
test that at RCPT time. Hopefully the mechanism is fairly obvious.
>
> Regards,
> Jim Roberts
> Punster Productions, Inc.
HTH,
Richard Hall