Discussion:
Postfix and 'smtpd_helo_required'
Nikolas Kallis
2013-05-13 03:56:05 UTC
Permalink
Hello,



Since I started using mailing-lists, my inbox has been attacked with
spam. At first it was not so bad, but now its ridiculous and I have to act.

I am currently looking at using the 'smtpd_helo_required' parameter in
my main/cf configuration file.

I am someone that won't use a spam prevention method that could block a
a legitimate e-mail, and as so, my way of fighting spam is by
protocol-compliance means only.

I wasn't sure if 'smtpd_helo_required' was suitable as I wasn't sure if
the SMTP 'HELO' message was a protocol requirement. After reading
'4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)' of RFC 2821, I learnt
that it is a protocol requirement.

As HELO is a requirement of the SMTP specification, then the parameter
'smtpd_helo_required' should not exist, and Postfix should not accept
e-mail if the remote server does not send a HELO message, period.



Regards,

Nikolas Kallis
Viktor Dukhovni
2013-05-13 04:00:56 UTC
Permalink
Post by Nikolas Kallis
I am someone that won't use a spam prevention method that could
block a a legitimate e-mail, and as so, my way of fighting spam is
by protocol-compliance means only.
This won't get you very far at all. Spam bots are largely protocol
compliant, the only common violation is early talking and fast
timeouts. So you can use postscreen with a greet pause to catch those.

If you're not willing to use an RBL (zen.spamhaus.org puts you in
very good company with the rest of the planet), be prepared for
a lot of spam.
Post by Nikolas Kallis
I wasn't sure if 'smtpd_helo_required' was suitable as I wasn't sure
if the SMTP 'HELO' message was a protocol requirement. After reading
'4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)' of RFC 2821, I
learnt that it is a protocol requirement.
Completely safe to use. Won't block any spam. You can feel good
about upholding RFC compliance though. :-)
--
Viktor.
Loading...