I'd like to know if it's safe to configure our MTA to require HELO?

Also, is it safe to also require that the senders domain is valid, e.g. has an A and MX record?

Thanks!

BTW: The MTA we're using is Postfix.

Hy,

i think to reverse check the domain and require a helo command is just the base of a secure smtp server. Without any checks your system will be blacklisted very fast (IMHO, correct me if im wrong).

If you use this system public (directly connected to the Internet for your customers, company..) your should start thinking about SMTPAUTH or POPbeforeSMTP and theese things.

SMTPAUTH with Postfix : http://www.thecabal.org/~devin/postfix/smtp-auth.txt

Greetings
Oliver

These restrictions are merely for e-mail received from other servers.

As for e-mail from our users, we only accept it from the appropriate IP pools for our dialup network.

Hy,

then IMHO you should use the reverse lookup of the domain name, the helo command and perhaps a BlackList to connect with.

Greetings
Oliver

I've looked into blacklists, but we're going to take a smarter approach to it. We'd rather let some SPAM in, to keep the flow of legit e-mail going, since I've had the fun before of having legit e-mail blocked.

Um, I hope you mean EHLO or HELO. If you require just HELO, only really old SMTP servers will be able to deliver mail.

Other than that, I have no comments. Let us know how it works out. :)

Yes, I also mean EHLO.