2015-07-25 17:51 GMT+03:00 Wietse Venema <wie...@porcupine.org>:
> ???? ?????:
> > Hello Guys,
> >
> > I'm trying to set up some restrictions in 'smtpd_client_restrictions'
> > Postfix config block. You can see my 'smtpd_client_restrictions' block
> > bellow:
> >
> > smtpd_client_restrictions =
> > permit_mynetworks,
> > check_client_access hash:/etc/postfix/access
> > reject_unknown_client_hostname,
> > reject_unauth_destination,
> > reject_invalid_hostname,
> >
> reject_unauth_pipelining,reject_non_fqdn_sender,
> > reject_unknown_recipient_domain,
> > reject_unverified_recipient
> > permit
> >
> > I put 'check_client_access' rule in oreder to whitelist some type of
> > senders that have a specific domain part in the envelop-from header but
> > doesn't have correct PTR/A DNS records.
> >
> > /etc/postfix/access:
> >
> > yahoo.com OK
>
> For security reasons Postfix does not allow you to whitelist a
> client hostname with incorrect PTR/A DNS records. Not even when you
> use check_reverse_client_hostname_access instead of check_client_access.
> If you must whitelist, use the IP address.
>
> Wietse
>
Hello Wietse,
Thank you for your reply. I don't need to whitelist client by a hostname, I
need to whitelist a sender by the domain part of an envelope-from header.
I've changed 'check_client_access' to 'check_sender_access' and it start
working as expected right now:
smtpd_client_restrictions =
permit_mynetworks,
check_sender_access hash:/etc/postfix/access
reject_unknown_client_hostname,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_unverified_recipient
permit
My question now, is it correct to use 'check_sender_access' in
'smtpd_client_restrictions'
section?
Thank you for your cooperation.
--
Regards
