Robert Schetterer wrote:
i...@lynet.de schrieb:
Noel Jones schrieb:
Robert Schetterer wrote:
[...]
You can reject such clients with a check_reverse_client_hostname
access table. Make sure this is after permit_mynetworks so you don't
reject the "real" localhost.
http://www.postfix.org/postconf.5.html#check_reverse_client_hostname_access
# some table
localhost REJECT you're not localhost
In our Postfix Version 2.5.4 we use check_helo_access with the same map.
Together with smtpd_helo_required = yes this works too.
Ilja Beeskow
sorry helo_checks are on helo stage, you cant check
ptr records here until they are on client stage,
You can use any check in any stage with the default
smtpd_delay_reject = yes. As a general rule one should not
change this setting.
but youre right mostly the localhost ptr record clients
have localhost in their helo too so you may catch the most of them
but it musnt be in any case
you might use
reject_unknown_reverse_client_hostname in versions before 2.6
as i understand postfix differences between local and remote
connects with/from localhost and catches remote ones as unknown
so reject_unknown_reverse_client_hostname catches it
Wrong, the client does have a reverse hostname, so
reject_unknown_reverse_client_hostname will not reject them.
They would be rejected with reject_unknown_client_hostname,
but that rule is too strict for most sites.
-- Noel Jones
