Comments (2)
Is there room for considering to stop using the PSL for Haraka checks?
Yes.
from haraka.
If Haraka's valid_hostname check is enabled, it rejects all of our hosts. Here's an example SMTP session:
That's not quite accurate. This is connecting to a Haraka server with the default configuration of helo.checks
:
$ nc wildduck.tnpi.biz 25
220 mail.tnpi.biz ESMTP Haraka/3.0.3 ready
EHLO fairydust.uberspace.de
250-mail.tnpi.biz Hello cali.tnpi.net [2605:7900:20:a::6]Haraka is at your service.
250-PIPELINING
250-8BITMIME
250-SMTPUTF8
250 SIZE 26214400
quit
221 mail.tnpi.biz closing connection. Have a jolly good day.
The default configuration of helo.checks
is to check whether the hostname is valid, but the default does not reject based on it.
[NOTICE] [core] connect ip=2605:7900:20:a::6 port=23411 local_ip=2605:ae00:329::c local_port=25
[INFO] [fcrdns] ip=2605:7900:20:a::6 rdns="cali.tnpi.net" rdns_len=1 fcrdns="cali.tnpi.net" fcrdns_len=1 other_ips_len=0 invalid_tlds=0 generic_rdns=true
[INFO] [helo.checks] helo_host: fairydust.uberspace.de, pass:match_re, bare_ip, dynamic, big_co(not), host_mismatch, fail:valid_hostname, rdns_match, forward_dns(invalid_hostname)
[NOTICE] [core] disconnect ip=2605:7900:20:a::6 rdns=cali.tnpi.net helo=fairydust.uberspace.de relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=21.892
[WARN] [core] data after disconnect from 2605:7900:20:a::6
Arguably, a number of the HELO/EHLO checks aren't suitable for rejecting mail connections. Which is why there's a separate [reject]
option that defaults to being disabled. The easy solution here is for you not to set [reject]valid_hostname=true
.
from haraka.
Related Issues (20)
- Enforcing TLS for LMTP not possible
- Email sent but ended up in SPAM or JUNK folder even with SPF, DKIM, DMARC and PTR set HOT 2
- Changing connect timeout of outgoing connections HOT 1
- Error in Greylist Plugin HOT 2
- Hook can run twice if registered with register_hook HOT 1
- release 3.0.4
- [Feedback needed] Execution control of plugins HOT 4
- Outbound - Fallback to MX's IPv4 when the MX's IPv6 is bogus HOT 2
- 550 Envelope domain 'domain.com' doesn't match AUTH domain 'null' HOT 8
- Spamhause warning HOT 1
- Bounces not working for me HOT 6
- OutboundTLS/plugin-redis missing logerror HOT 5
- Error: no PRIVATE key in /opt/haraka/config/tls/dhparams.pem HOT 10
- Sender verficiation failed HOT 3
- [core] TypeError: Cannot read properties of undefined (reading 'name') HOT 1
- Custom tx.notes.outbound_helo not working HOT 3
- Race condition error: listen EACCES: permission denied ::0:25
- Old clients: SSL issue and no_tls_hosts HOT 5
- Mail not being delivered to wildduck
- Inbound specific TLS configuration stopped working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from haraka.