On 8/12/2010 1:07 PM, donovan jeffrey j wrote:
greetings
all day long I see tons of reject warnings from different ips sample
reject_warning: RCPT from unknown[65.60.20.157]: 450 Client host rejected:
cannot find your hostname, [65.60.20.157];
when I do an nslookup or host that IP it returns a 157.20.60.65.in-addr.arpa
domain name pointer sh4.amazingfireman.info
but dig returns nothing so postfix returns a reject warning.
Much of this mail is unwanted , i want to block the majority of these however I
do not want to block users that use a colocation site or legit users;
example; i know these people are legit but have no control over their mailserver
reject_warning: RCPT from unknown[209.131.70.106]: 450 Client host rejected: cannot
find your hostname, [209.131.70.106]; from=<u...@dhuy.com>
Non-authoritative answer:
106.70.131.209.in-addr.arpa name = ip70-106-tcpbbs.net.
dig shows nothing for that ip but they do have an mx record under their domain
name dhuy.com
;; ANSWER SECTION:
dhuy.com. 1595 IN MX 10 mail.dhuy.com.
Name: mail.dhuy.com
Address: 209.131.70.106
nc1-100:~ drfoo$ host 209.131.70.106
106.70.131.209.in-addr.arpa domain name pointer ip70-106-tcpbbs.net
it goes in a circle.
So in hopes that i can allow them to pass i have added the IP to my
smtpd_client_restrictions = permit_mynetworks check_client_access
hash:/etc/postfix/access
is that the right approach ?
I hope you mean you added the IP to your access table, not
mynetworks. Other than that, this is the right general idea.
Whether this is the right place to add the access table
depends on where your reject_unknown_client is. The whitelist
and reject_unknown_client must be in the same section.
-- Noel Jones
