Dan Mahoney (Gushi):
> Hey there,
>
> We have an interesting problem, at the dayjob.
>
> We recently decommed a site, as in, removed it from forward DNS, but it's
> still sending us root mail, which postfix is rejecting with unknown
> hostname. (Totally reasonably)
>
> Now, it's sending using an SSL cert that we've marked as trusted. Is
> there a way to tell Postfix "we know it's invalid, accept it at the border
> anyway?" only for sites that have presented a valid client cert?
By far the simplest approach is to make an exception for the
client IP address.
Replace
... reject_unknown_client_hostname ...
with:
... check_client_access cidr:/etc/postfix/client.cidr ...
/etc/postfix/client.cidr:
10.2.3.4 dunno
0.0.0.0/0 reject_unknown_client_hostname
Similar patterns for IPv6.
Wietse
