On 9/13/2009 7:14 PM, Sahil Tandon wrote:
On Sun, 13 Sep 2009, Noel Jones wrote:
On 9/13/2009 10:45 AM, Sahil Tandon wrote:
On Sun, 13 Sep 2009, mouss wrote:
smtpd_sender_restrictions =
...
check_client_access hash:/etc/postfix/forged_sender_wl
check_sender_access hash:/etc/postfix/forged_sender_bl
== forged_sender_wl
hotmail.com OK
.hotmail.com OK
yahoo.com OK
.yahoo.com OK
...
== forged_sender_bl
hotmail.com REJECT blah blah
yahoo.com REJECT blah blah blah
...
Mouss, a thought: what if there is a temporary DNS lookup problem so
that Postfix believes the client hostname is 'unknown' instead of
'foo.bar.yahoo.com'? Unless reject_unknown_client_hostname is specified
before these checks (with the default unknown_client_reject_code of
450), the sending server would incorrectly be turned away with a 5xx.
This is because the hostname passed to the check_client_access query
would not contain the expected domain.tld. Or am I totally off with my
reasoning?
I use "reject_unknown_client_hostname" as part of the freemail
restriction class. That way temporary DNS errors result in a
temporary reject, and impostors without proper DNS are simply
rejected.
What about imposters *with* proper DNS? :-)
The others must come from "approved" clients. It's an
smtpd_restrictions_classes that's been posted often by several
people. Search for "freemail restriction classes" or
something like that.
-- Noel Jones