On 4/12/2011 4:19 PM, Stan Hoeppner wrote:
Mikael Bak put forth on 4/12/2011 7:31 AM:
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname would have
generated a 450 rejection. You should always use
reject_unknown_reverse_client_hostname at minimum, or the more
restrictive reject_unknown_client_hostname, though this one can cause
problems with FPs on occasion. Best to use it with warn_if_reject for a
while and monitor what it would have rejected.
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
However, it appears that 190.221.28.39 has rDNS of
Name: host39.190-221-28.telmex.net.ar
Address: 190.221.28.39
No. The "reject_unknown_reverse_client_hostname" in the above example
would not have generated a 450 rejection, since the IP address HAS a
reverse dns hostname.
Yes, it would have. Note the "unknown" in the Received line. The rDNS
The "unknown" gives zero information about the client's rDNS.
The "unknown" signifies that the client does not have
correct FCrDNS, which does not disclose rDNS status.
A client is marked unknown when 1) the client IP address->name
mapping fails, 2) the name->address mapping fails, or 3) the
name->address mapping does not match the client IP address.
The postfix log will show the reason why the client is marked
unknown, but postfix does not indicate the reason in the
Received: header.
-- Noel Jones
lookup failed during the transaction in question, thus this restriction
would have generated a 450 for this transaction. Note the following
that I wrote, due to the fact the host does have rDNS:
so reject_unknown_reverse_client_hostname isn't a permanent solution
here.
I think you were a bit hasty in your reply, not carefully reading the
information I provided.
