George
Please consider subscribing to the list first so any replies to the list
are not held up waiting for moderation (by me or one of the other
moderators).
On Sat, 2008-01-12 at 11:27 -0800, George wrote:
> I'm using the following ACL to drop incorrect HELO names:
>
> deny condition = ${if ! match {$sender_helo_name}{\N^[^.].*\.[^.]+$\N}}
> message = "See RFC2821 section 4.1.2 for legal domain syntax"
> log_message = invalid HELO syntax 1 $sender_helo_name
Assuming your clients are using the submission port, 587, you could have
above that at the start of your HELO ACL:
accept condition = ${if eq{$received_port}{587} }
This, obviously, is a small risk in case one of your client machines
gets a trojan/worm/other malware which utilises the defined system MUA
in the background as a sending engine, but if you make your clients use
the submission port with authentication then you'd be following best
current practice *and* not then really care what HELO/EHLO the client
sends.
Graeme
