Re: check_client_access before reject_unknown_client_hostname in smtpd_client_restrictions block

Sun, 26 Jul 2015 00:31:02 -0700 

2015-07-26 10:19 GMT+03:00 User Nexus <user.nexus7...@gmail.com>:

> 2015-07-25 17:51 GMT+03:00 Wietse Venema <wie...@porcupine.org>:
>
>> > Hello Guys,
>> >
>> > I'm trying to set up some restrictions in 'smtpd_client_restrictions'
>> > Postfix config block. You can see my 'smtpd_client_restrictions' block
>> > bellow:
>> >
>> > smtpd_client_restrictions =
>> >                             permit_mynetworks,
>> >                             check_client_access hash:/etc/postfix/access
>> >                             reject_unknown_client_hostname,
>> >                             reject_unauth_destination,
>> >                             reject_invalid_hostname,
>> >
>>  reject_unauth_pipelining,reject_non_fqdn_sender,
>> >                             reject_unknown_recipient_domain,
>> >                             reject_unverified_recipient
>> >                             permit
>> >
>> > I put 'check_client_access' rule in oreder to whitelist some type of
>> > senders that have a specific domain part in the envelop-from header but
>> > doesn't have correct PTR/A DNS records.
>> >
>> > /etc/postfix/access:
>> >
>> > yahoo.com        OK
>>
>> For security reasons Postfix does not allow you to whitelist a
>> client hostname with incorrect PTR/A DNS records. Not even when you
>> use check_reverse_client_hostname_access instead of check_client_access.
>> If you must whitelist, use the IP address.
>>
>>         Wietse
>>
>
> Hello Wietse,
>
> Thank you for your reply. I don't need to whitelist client by a hostname,
> I need to whitelist a sender by the domain part of an envelope-from header.
> I've changed 'check_client_access' to 'check_sender_access' and it start
> working as expected right now:
>
>
> smtpd_client_restrictions =
>                             permit_mynetworks,
>                             check_sender_access hash:/etc/postfix/access
>                             reject_unknown_client_hostname,
>                             reject_unauth_destination,
>                             reject_invalid_hostname,
>
> reject_unauth_pipelining,reject_non_fqdn_sender,
>                             reject_unknown_recipient_domain,
>                             reject_unverified_recipient
>                             permit
>
> My question now, is it correct to use 'check_sender_access' in 
> 'smtpd_client_restrictions'
> section?
>
> Thank you for your cooperation.
>
> --
> Regards
>


Hello,

I've found the answer on my questions in the official Postfix
documentation. Feel free to skip answering on this email.
Thanks again.

--
Regards

Reply via email to