On 12/01/2008 19:27, George wrote:
> Hello List:
>
> I'm using the following ACL to drop incorrect HELO names:
>
> deny condition = ${if ! match {$sender_helo_name}{\N^[^.].*\.[^.]+$\N}}
> message = "See RFC2821 section 4.1.2 for legal domain syntax"
> log_message = invalid HELO syntax 1 $sender_helo_name
>
>
> The problem is that Outlook (On XP Pro) sends computer name as host
> name and the connection gets dropped.
>
> 2008-01-12 08:45:21 H=(GEORGE) [68.183.245.148] rejected EHLO or HELO
> george: invalid HELO syntax 1 GEORGE
>
>
> Is there something that can be done to be able preserve the use of
> the ACL. Maybe there is a setting on the XP that is incorrect? This
> doesn't happen with Thunderbird, but I cannot tell all clients not
> use MS crap.
I only reject at HELO time if somebody does something very bad, e.g.
tries to impersonate me. Other HELO checking like the above I do in
acl_smtp_predata, not acl_smtp_helo, so I can first
accept authenticated = *
before denying as the above; this means only non-authenticated
connections get subjected to stricter HELO checking.
Cheers,
John.
