diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2016-01-12 17:52:30 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2016-01-12 17:52:30 +0000 |
commit | 731c6a90439a22e26418f75ce9207a0c8ab112dc (patch) | |
tree | 74e348cd4a08515500856b3086cb2987c442ed70 | |
parent | 9dc2b215e83a63efa242f6acd3ab7af8b608e5a1 (diff) |
Docs: add note on HELO rejections, and add requirment on good HELO in
the example configuration
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 6 | ||||
-rw-r--r-- | src/src/configure.default | 5 |
2 files changed, 11 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 6b4b5f314..44623a550 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -27548,6 +27548,12 @@ Note that a client may issue more than one EHLO or HELO command in an SMTP session, and indeed is required to issue a new EHLO or HELO after successfully setting up encryption following a STARTTLS command. +.new +Note also that a deny neither forces the client to go away nor means that +mail will be refused on the connection. Consider checking for +&$sender_helo_name$& being defined in a MAIL or RCPT ACL to do that. +.wen + If the command is accepted by an &%accept%& verb that has a &%message%& modifier, the message may not contain more than one line (it will be truncated at the first newline and a panic logged if it does). Such a message cannot diff --git a/src/src/configure.default b/src/src/configure.default index ec60700df..ee94d2f91 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -436,6 +436,11 @@ acl_check_rcpt: control = submission control = dkim_disable_verify + # Insist that a HELO/EHLO was accepted. + + require message = nice hosts say HELO first + condition = ${if def:sender_helo_name} + # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow # relaying. Any other domain is rejected as being unacceptable for relaying. |