Questionable use of Public Suffix List (PSL) in helo.checks module about haraka HOT 2 CLOSED

Is there room for considering to stop using the PSL for Haraka checks?

Yes.

from haraka.

If Haraka's valid_hostname check is enabled, it rejects all of our hosts. Here's an example SMTP session:

That's not quite accurate. This is connecting to a Haraka server with the default configuration of helo.checks:

$ nc wildduck.tnpi.biz 25
220 mail.tnpi.biz ESMTP Haraka/3.0.3 ready
EHLO fairydust.uberspace.de
250-mail.tnpi.biz Hello cali.tnpi.net [2605:7900:20:a::6]Haraka is at your service.
250-PIPELINING
250-8BITMIME
250-SMTPUTF8
250 SIZE 26214400
quit
221 mail.tnpi.biz closing connection. Have a jolly good day.

The default configuration of helo.checks is to check whether the hostname is valid, but the default does not reject based on it.

[NOTICE] [core] connect ip=2605:7900:20:a::6 port=23411 local_ip=2605:ae00:329::c local_port=25
[INFO] [fcrdns] ip=2605:7900:20:a::6  rdns="cali.tnpi.net" rdns_len=1 fcrdns="cali.tnpi.net" fcrdns_len=1 other_ips_len=0 invalid_tlds=0 generic_rdns=true
[INFO] [helo.checks] helo_host: fairydust.uberspace.de, pass:match_re, bare_ip, dynamic, big_co(not), host_mismatch, fail:valid_hostname, rdns_match, forward_dns(invalid_hostname)
[NOTICE] [core] disconnect ip=2605:7900:20:a::6 rdns=cali.tnpi.net helo=fairydust.uberspace.de relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=21.892
[WARN] [core] data after disconnect from 2605:7900:20:a::6

Arguably, a number of the HELO/EHLO checks aren't suitable for rejecting mail connections. Which is why there's a separate [reject] option that defaults to being disabled. The easy solution here is for you not to set [reject]valid_hostname=true.

from haraka.