How to block puny code Domains in EHLO?

[fw116]

like
EHLO xn--maliciousdomain.xn--com

i added :
/etc/pmg/main.cf.in

check_helo_access regexp:/etc/postfix/helo_access

added the line :
/^xn--.*$/ REJECT Punycode HELO domains are not allowed

in helo_access

then postmap /etc/postfix/helo_access
then pmgconfig sync --restart 1
postfix restart


does not work.
what's the thing is miss here ?
thanks

 

[fw116]

Well....
Did I ask such a stupid question that no one feels like answering, or was the question so trivial that I don't get a reply?

Cheers

 

[keeka]

Your template override should be created in /etc/pmg/templates/.
I may be wrong, but I don't believe you hash regex lookup file either.

 

[fw116]

Hi,
the template override is in /etc/pmg/templates/
forgot to mention it.
checked regex with chatgpt und it said it's fine.

so, anything else ?

 

[keeka]

Check that the generated config contains your modifications: Check the /etc/postfix/main.cf directly and/or via postconf.