David Favro a écrit :
> Friends,
> 
> What would be valuable (or at least interesting) to me is to treat the RDNS
> lookup (peer address->name and subsequent name->address) as a part of
> smtpd_client_restrictions, or in some way delay it until that time.  
> [snip]

The lookup result is used in the Received headers (and in logs as Wietse
 said).

and this can also be used in to implement special checks if the IP has
no reverse. for example, one could decide to block all outbound smtp if
the client IP doesn't resolve. The goal would be to block outbound smtp
from unregistered machines.


When running a mail server, it is recommended to run a local DNS server,
and if you do you can setup a reverse zone for your private IPs. This is
trivial (and is even provided in default setups of BIND in some systems).

alternatively, if your resolver uses /etc/hosts, then you can put the
IPs there. if your smtpd is chrooted, you need to copy this file to the
cage.

and of course, one can also enable the submission service and disable
lookups on this service. if you don't want to change clients, you can
use a NAT redirection (iptables, pf, ... etc) to redirect traffic frm
your LAN going to 25 to the submission IP:port.

Reply via email to