Glenn Steen glenn.steen at
Mon Sep 25 21:15:14 IST 2006

On 25/09/06, mikea <mikea at> wrote:
> On Mon, Sep 25, 2006 at 07:58:38PM +0200, Gordon Colyn wrote:
> > Please can you give me more info on how to do this?
> in response to my post containing
> > An additional sendmail ruleset stops SMTP transactions with MTAs that
> > HELO/EHLO as our MX, with this message:
> >           "ruleset=check_rcpt, arg1=<recipient_address>,
> > relay=[relay_IPADDR],
> >            reject=554 5.7.1 Invalid helo rejected; send mail to
> > abuse at
> >            if rejected in error - are you really"
> > which stops even more _and_ gives me nice patterns to watch in my maillog
> > database. But all that's off-topic here, so ask in private mail if you
> > want more info.
> For Rob Poe, Gordon Colyn, and everyone else who asked how to do
> rejection on HELO/EHLO string:
> should give you the pointers you need. It's very brown'n'serve, though
> you will want to set the list of rejected HELO/EHLO strings to your needs
> *and*
> you will want to tailor the rejection message to your standards.
Just a small observation: I see that you (IMO rightly) reject the
domain literal (MX IP address) too... This _technically_ breaks RFC
compliance. (IIRC... Not the best memory in the world, and too lazy to
look it up:-)..
But having said that, I've been happily doing this for quite some time
(with Postfix), and have observed no ill effects. I always found the
whole part, in the RFCs, about domain literals just a tad idiotic:-).
Because of that, I might be remembering that whole passage wrong;-)

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list