>Is the above covered by RFC or is it just best practise?
the HELO is a hostname, not an IP address. The HELO is by the computer, so the HELO domain name should correspond to the PTR domain name. I see 10's of 1000's of subscriber network IPs HELOing as microsoft.com, aol.com, yahoo.com, etc, etc, so when they do that, it throws them into a restriction_class where I, 1) do SAV 2) see if PTR hostname is in a list of BigISP's, if not reject. > I'm seeing a >few of our partner sites using a helo with IP address. it's WRONG, so send abuse@ and postmaster@ a email saying they are in violation of RFCs by not having FQDN as HELO hostname (and help them out: say the FQDN will be rejectd if has no A and/or MX records in DNS). > I've whitelisted >them but in doing so have minimised the checks not minized, you zeroed the other checks. So rather than whitelist them with OK, put DUNNO so this HELO check is skipped, but the other checks will continue (SAV, RAV, whatever). > for mail coming from >them. I like them to clean up their act so any advise as to what I >should convey to them (in terms of standards) would be greatly >appreciated! Rod pasted in the RFC, so quote that, or better yet, make up a web page for this specific item, and send them there. and all you reject msgs could also ref that URL. hmm, I could set up a whole bunch of these webpage on the IMGate site, and you could just send them there, rather than each of us do the same thing over and over, or, I could set up the pages, and you could copy them to your website, one page per envelope item page 1: IP IP must have PTR hostname (if this your policy: PTR hostname must not be subscriber network) PTR hostname must have a DNS A record (don't know how to do that in postfix) highly recommended: PTR hostname should be in same domain as HELO hostname page 2: HELO no invalid characters. cannot be an IP must be FDQN FQDN must have A and/or MX records in DNS highly recommended: domain of HELO hostname should be same domain of PTR hostname. page3: sender domain no invalid characters. must be FDQN FQDN must have A and/or MX records in DNS sender@ is present, the MX for the @sender.domain must accpet mail to the sender. (SAV) > >they won't cooperate, and then convert warn_if_reject to reject. > >I'm getting quite a few warnings since incorporating this and I suspect >the majority of these are missing PTR records. hey, Pete!!!! :)) the helo_world regex applied to helo hostname is: /.*/ :)) what strings match .* ?? That's why I call it "world" :) To get more precise logginh, or perhaps before adding this restriction, try this: warn_if_reject reject_unknown_client warn_if_reject reject_unknown_hostname and then report on those specific reject_warn log lines Len
