> On Sep 11, 2019, at 5:05 PM, J Doe <[email protected]> wrote:
>
> Is there a way to achieve this ? Alternatively, should I not be attempting
> to do this because legitimate server’s sometimes EHLO address literals ?
You could try something like:
...
warn_if_reject check_helo_access pcre:${config_directory}/helo-access
...
helo-access:
/^\[/ 454 4.7.1 EHLO domain-literals not accepted here
And see whether that'll work out for you. This only logs warnings
when EHLO domain-literals would be rejected, but the message may
still be rejected by later restrictions. If you see enough warnings
for messages that are not in any case rejected, and no false positives,
you could try removing the 'warn_if_reject', and watch the soft rejects
for a while. If that works out, change the '4XX' to '5XX'.
--
Viktor.
