Alex a écrit : > Hi, > >>> Is it common practice to have that restriction in a production environment? >>> >>> It appears to be the third case here, that the name->address mapping >>> does not match the client IP address. Could this be from a legitimate >>> cause, or typically intentionally to be evasive? >>> >> since they put their domain name in their HELO (zaphod.chipchaps.com), >> they're not trying to evade anything. > > Yes, I guess they would have been rejected as a result of my helo checks. > >> you could try >> >> check_client_access hash:/etc/postfix/access_unknown >> >> >> smtpd_restriction_classes = >> ... >> policy_strong >> >> policy_strong = >> reject_rbl_client bb.barracudacentral.org > > Is it possible to use maps_rbl_domains instead of reject_rbl_client > here?
with maps_rbl_domains, you can't specify which list to check in different places. since you're already using it in the "general" case, if you add barracuda list, it will apply unconditionally, which is different from my suggestion to call it when the clien is unknown. but if you think barracuda list is safe for you (it's not for me. the corresponding score in spamassassin confirms this for me), you can use it. > It appears this machine has a version of postfix that doesn't > understand reject_rbl_client. > > Thanks again! > Best regards, > Alex
