From 0aae2ebe17eac359af50c460bb6f44aac258c491 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Sat, 4 Dec 2021 17:00:51 +0100
Subject: [PATCH] Add smtpd helo restrictions.

---
 defaults/main.yml    | 1 +
 templates/main.cf.j2 | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index efa1921..72e1339 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -20,6 +20,7 @@ postfix_use_relay_host: '{{ postfix_relay_client }}'
 postfix_biff: "no"
 postfix_append_dot_mydomain: "no"
 postfix_smtp_helo_required: "yes"
+postfix_helo_restrictions: True
 postfix_smtp_delay_reject: "yes"
 postfix_smtp_disable_vrfy: "yes"
 
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
index 58df795..c579bce 100644
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -579,6 +579,14 @@ smtpd_milters =
 {% endif %}
 
 {% if postfix_smtpd_server %}
+{% if postfix_helo_restrictions %}
+smtpd_helo_restrictions =
+    permit_mynetworks
+    reject_invalid_helo_hostname
+    reject_non_fqdn_helo_hostname
+    reject_unknown_helo_hostname
+{% endif %}
+
 smtpd_recipient_restrictions =
 {% for recipient_rule in postfix_smtpd_server_restrictions %}
         {{ recipient_rule }}