On Fri, Mar 18, 2016 at 02:47:36PM -0400, Bill Cole wrote:
> In the postscreen(8) man page, postscreen_helo_required is
> described in the "AFTER 220 GREETING TESTS" and the
> POSTSCREEN_README says nothing of it. By implication, since it
> defaults to $smtpd_helo_required, the man page implies that if
> smtpd_helo_required=yes, any unfamiliar client would be subject to
> the greylisting-like treatment that comes from enabling any of the
> other "deep" tests: "If a client passes all tests during this
> phase, it will receive a 4XX response to all RCPT TO commands."
"
postscreen_helo_required ($smtpd_helo_required)
Require that a remote SMTP client sends HELO or EHLO
before commencing a MAIL transaction.
"
Before a client can possibly say HELO/EHLO to postscreen, it has
already been determined that after-220 tests will be applied for said
client.
If a client is passed at connection time, it will talk to smtpd, not
postscreen.
postscreen_helo_required means that a client which is being screened
will be required to give a HELO/EHLO command before it can proceed to
give a MAIL FROM command.
> This strikes me as an undesirable and surprising consequence of
> switching on smtpd_helo_required, however that fortunately seems
> NOT to be what actually happens. I hope that this is intentional
> and that one would need to explicitly set one of the other
> parameters listed in "AFTER 220 GREETING TESTS" to a non-default
> value to trigger the greylisting-like behavior (i.e. turn on one of
> the enable switches or set postscreen_helo_required,
postscreen_helo_required does not turn on after-220 tests. Nowhere
is that stated. Only the various enable switches do that.
> postscreen_disable_vrfy_command
That's not an enable switch. It does not activate after-220 tests.
> or postscreen_forbidden_commands
That's not an enable switch. It does not activate after-220 tests.
> to something other than references to their smtpd analogs.)
For the record, those enable switches are as follows:
postscreen_pipelining_enable (default: no)
postscreen_non_smtp_command_enable (default: no)
postscreen_bare_newline_enable (default: no)
If those three are left at default setting ("no"), postscreen will
never talk to any client, so settings which govern what it does in
conversation with clients are all moot.
If any one (or two) of those three are "yes", then postscreen will
talk to clients.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
