David Favro a écrit : > Friends, > > What would be valuable (or at least interesting) to me is to treat the RDNS > lookup (peer address->name and subsequent name->address) as a part of > smtpd_client_restrictions, or in some way delay it until that time. > [snip]
The lookup result is used in the Received headers (and in logs as Wietse said). and this can also be used in to implement special checks if the IP has no reverse. for example, one could decide to block all outbound smtp if the client IP doesn't resolve. The goal would be to block outbound smtp from unregistered machines. When running a mail server, it is recommended to run a local DNS server, and if you do you can setup a reverse zone for your private IPs. This is trivial (and is even provided in default setups of BIND in some systems). alternatively, if your resolver uses /etc/hosts, then you can put the IPs there. if your smtpd is chrooted, you need to copy this file to the cage. and of course, one can also enable the submission service and disable lookups on this service. if you don't want to change clients, you can use a NAT redirection (iptables, pf, ... etc) to redirect traffic frm your LAN going to 25 to the submission IP:port.