I have:
smtpd_delay_reject = yes
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
hash:/etc/postfix/whitelist,
regexp:/etc/postfix/spam_ip_regex,
reject_unknown_reverse_client_hostname,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org
which AFAIK, should reject inbound connections that do not have a
reverse DNS entry.
However it doesn't seem to be consistant. I get a lot of these, for example;
NOQUEUE: reject: RCPT from unknown[218.94.129.166]:
450 4.7.1 Client host rejected: cannot find your reverse hostname, [218.94.129.166];
from=<stev...@xuite.net> to=<te...@cnysupport.com> proto=ESMTP helo=<njgzwibm346.njgzw.org>
which are properly rejected, however I also get:
NOQUEUE: reject: RCPT from unknown[202.70.195.135]:
554 5.7.1 Service unavailable; Client host [202.70.195.135] blocked using zen.spamhaus.org.
To resolve this issue, please call CNY Support and ask that your IP address be whitelisted.;
from=<fatiguelc...@sina.com.tw> to=<oneofmyus...@example.com> proto=ESMTP helo=<abc>
lost connection after DATA (0 bytes) from unknown[202.70.195.135]
Shouldn't this be rejected by reject_unknown_reverse_client_hostname instead of
making it all the way to the zen.spamhaus.org RBL, or is the smtpd_delay_reject
causing all the restrictions to execute before rejecting the message?
Terry
