On 4/28/2013 9:52 AM, Reindl Harald wrote: > > Am 28.04.2013 14:41, schrieb Wietse Venema: >> Reindl Harald: >>> 454: smtpd_relay_restrictions = permit_mynetworks, >>> permit_sasl_authenticated, defer_unauth_destination >>> 554: smtpd_relay_restrictions = permit_mynetworks, >>> permit_sasl_authenticated, reject_unauth_destination >>> >>> was the default changed from 2.10-devel to 2.10 final? >> >> defer_unauth_destination etc.. is the default safety net for >> sites that haven't set smtpd_relay_restrictions > > ah, i remembered correct it was set by "postfix upgrade-configuration" > at the bottom of "main.cf", maybe the "safety net" should be the > same as "postconf -d" which is "reject_unauth_destination"?
What practical difference do you see between these two reject codes? The client in this transaction is almost certainly not an MTA. It's most likely rat/malware, which typically either: A. Don't pay attention to reply codes at all B. Log any rejection and the IP into a "don't try again" list And BTW, reject_unknown_reverse_client_hostname would have rejected much earlier. This IP returns NXDOMAIN. Why aren't you using reject_unknown_reverse_client_hostname? -- Stan
