deoren:
> On 6/28/17 1:32 PM, Wietse Venema wrote:
>
> > I suggest that you look at Postfix features that focus on 'unknown'
> > client names:
> >
> > http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
> > http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname
> >
> > These descriptions also discuss permanent versus temporary errors.
>
> Thank you for your reply.
>
> I use the first restriction in my setup, but was surprised whenever a
> check_client_access entry I added for a vendor's mail server (with an
> 'OK' result) still resulted in mail being rejected from that server's
> "client name".
Yes, the text should be repeated in other places. There are about
seven check_client*access features, and only check_reverse_client_*
may use a client hostname that failed validation.
> Is your answer a combination of multiple points, or is this statement
> covered in more detail somewhere?
The two http links point to the instances of the text that I was
able to find quickly. There may be other instances: I did not have
time for an exhaustive search.
> > For security reasons Postfix does not allow you to whitelist a
> client hostname with incorrect PTR/A DNS records
Is that a question?
Wietse
