Am 04.07.2017 um 22:10 schrieb Joachim Fahrner:
Am 2017-07-04 22:01, schrieb Robert Schetterer:
Die Idee hinter den HELO restrictions war ja, dass Botnet Zombies normal keinen korrekt konfigurierten Hostnamen und DNS-Einträge haben.
was definierst du als korrekt ?
Na dass der Rechner ein passendes Forward- und Reverse-DNS hat.
gibt die postfix faq so als zwingend nicht her ,nach meiner Lesart
reject_invalid_helo_hostname (with Postfix < 2.3: reject_invalid_hostname) Reject the request when the HELO or EHLO hostname is malformed. Note: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip reject_invalid_helo_hostname by not sending HELO or EHLO). The invalid_hostname_reject_code specifies the response code for rejected requests (default: 501).
und
reject_non_fqdn_helo_hostname (with Postfix < 2.3: reject_non_fqdn_hostname) Reject the request when the HELO or EHLO hostname is not in fully-qualified domain or address literal form, as required by the RFC <<<<<<<
im Gegensatz zu
reject_unknown_helo_hostname (with Postfix < 2.3: reject_unknown_hostname) Reject the request when the HELO or EHLO hostname has no DNS A or MX record. The reply is specified with the unknown_hostname_reject_code parameter (default: 450) or unknown_helo_hostname_tempfail_action (default: defer_if_permit). See the respective parameter descriptions for details. Note: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip reject_unknown_helo_hostname by not sending HELO or EHLO).
Best Regards MfG Robert Schetterer