summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2016-01-12 17:52:30 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2016-01-12 17:52:30 +0000
commit731c6a90439a22e26418f75ce9207a0c8ab112dc (patch)
tree74e348cd4a08515500856b3086cb2987c442ed70
parent9dc2b215e83a63efa242f6acd3ab7af8b608e5a1 (diff)
Docs: add note on HELO rejections, and add requirment on good HELO in
the example configuration
-rw-r--r--doc/doc-docbook/spec.xfpt6
-rw-r--r--src/src/configure.default5
2 files changed, 11 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 6b4b5f314..44623a550 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27548,6 +27548,12 @@ Note that a client may issue more than one EHLO or HELO command in an SMTP
session, and indeed is required to issue a new EHLO or HELO after successfully
setting up encryption following a STARTTLS command.
+.new
+Note also that a deny neither forces the client to go away nor means that
+mail will be refused on the connection. Consider checking for
+&$sender_helo_name$& being defined in a MAIL or RCPT ACL to do that.
+.wen
+
If the command is accepted by an &%accept%& verb that has a &%message%&
modifier, the message may not contain more than one line (it will be truncated
at the first newline and a panic logged if it does). Such a message cannot
diff --git a/src/src/configure.default b/src/src/configure.default
index ec60700df..ee94d2f91 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -436,6 +436,11 @@ acl_check_rcpt:
control = submission
control = dkim_disable_verify
+ # Insist that a HELO/EHLO was accepted.
+
+ require message = nice hosts say HELO first
+ condition = ${if def:sender_helo_name}
+
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
# relaying. Any other domain is rejected as being unacceptable for relaying.