On Sun, 13 Sep 2009, Noel Jones wrote: > On 9/13/2009 7:14 PM, Sahil Tandon wrote: > >On Sun, 13 Sep 2009, Noel Jones wrote: > > > >>On 9/13/2009 10:45 AM, Sahil Tandon wrote: > >>>On Sun, 13 Sep 2009, mouss wrote: > >>>> > >>>>smtpd_sender_restrictions = > >>>> ... > >>>> check_client_access hash:/etc/postfix/forged_sender_wl > >>>> check_sender_access hash:/etc/postfix/forged_sender_bl > >>>> > >>>> > >>>>== forged_sender_wl > >>>>hotmail.com OK > >>>>.hotmail.com OK > >>>>yahoo.com OK > >>>>.yahoo.com OK > >>>>... > >>>> > >>>>== forged_sender_bl > >>>>hotmail.com REJECT blah blah > >>>>yahoo.com REJECT blah blah blah > >>>>... > >>> > >>>Mouss, a thought: what if there is a temporary DNS lookup problem so > >>>that Postfix believes the client hostname is 'unknown' instead of > >>>'foo.bar.yahoo.com'? Unless reject_unknown_client_hostname is specified > >>>before these checks (with the default unknown_client_reject_code of > >>>450), the sending server would incorrectly be turned away with a 5xx. > >>>This is because the hostname passed to the check_client_access query > >>>would not contain the expected domain.tld. Or am I totally off with my > >>>reasoning? > >> > >>I use "reject_unknown_client_hostname" as part of the freemail > >>restriction class. That way temporary DNS errors result in a > >>temporary reject, and impostors without proper DNS are simply > >>rejected. > > > >What about imposters *with* proper DNS? :-) > > > > The others must come from "approved" clients. It's an > smtpd_restrictions_classes that's been posted often by several > people. Search for "freemail restriction classes" or something like > that.
Not interested; I find it more efficient to do this via policy. TMTOWTDI! -- Sahil Tandon <sa...@tandon.net>
