On Sun, 13 Sep 2009, Noel Jones wrote: > On 9/13/2009 10:45 AM, Sahil Tandon wrote: > >On Sun, 13 Sep 2009, mouss wrote: > >> > >>smtpd_sender_restrictions = > >> ... > >> check_client_access hash:/etc/postfix/forged_sender_wl > >> check_sender_access hash:/etc/postfix/forged_sender_bl > >> > >> > >>== forged_sender_wl > >>hotmail.com OK > >>.hotmail.com OK > >>yahoo.com OK > >>.yahoo.com OK > >>... > >> > >>== forged_sender_bl > >>hotmail.com REJECT blah blah > >>yahoo.com REJECT blah blah blah > >>... > > > >Mouss, a thought: what if there is a temporary DNS lookup problem so > >that Postfix believes the client hostname is 'unknown' instead of > >'foo.bar.yahoo.com'? Unless reject_unknown_client_hostname is specified > >before these checks (with the default unknown_client_reject_code of > >450), the sending server would incorrectly be turned away with a 5xx. > >This is because the hostname passed to the check_client_access query > >would not contain the expected domain.tld. Or am I totally off with my > >reasoning? > > I use "reject_unknown_client_hostname" as part of the freemail > restriction class. That way temporary DNS errors result in a > temporary reject, and impostors without proper DNS are simply > rejected.
What about imposters *with* proper DNS? :-) -- Sahil Tandon <sa...@tandon.net>
