On Aug 12, 2010, at 2:24 PM, Noel Jones wrote: > On 8/12/2010 1:07 PM, donovan jeffrey j wrote: >> greetings >> >> all day long I see tons of reject warnings from different ips sample >> reject_warning: RCPT from unknown[65.60.20.157]: 450 Client host rejected: >> cannot find your hostname, [65.60.20.157]; >> >> when I do an nslookup or host that IP it returns a 157.20.60.65.in-addr.arpa >> domain name pointer sh4.amazingfireman.info >> >> but dig returns nothing so postfix returns a reject warning. >> Much of this mail is unwanted , i want to block the majority of these >> however I do not want to block users that use a colocation site or legit >> users; >> >> example; i know these people are legit but have no control over their >> mailserver >> reject_warning: RCPT from unknown[209.131.70.106]: 450 Client host rejected: >> cannot find your hostname, [209.131.70.106]; from=<u...@dhuy.com> >> >> Non-authoritative answer: >> 106.70.131.209.in-addr.arpa name = ip70-106-tcpbbs.net. >> >> dig shows nothing for that ip but they do have an mx record under their >> domain name dhuy.com >> >> ;; ANSWER SECTION: >> dhuy.com. 1595 IN MX 10 mail.dhuy.com. >> >> Name: mail.dhuy.com >> Address: 209.131.70.106 >> >> nc1-100:~ drfoo$ host 209.131.70.106 >> 106.70.131.209.in-addr.arpa domain name pointer ip70-106-tcpbbs.net >> >> it goes in a circle. >> >> So in hopes that i can allow them to pass i have added the IP to my >> smtpd_client_restrictions = permit_mynetworks check_client_access >> hash:/etc/postfix/access >> is that the right approach ? > > I hope you mean you added the IP to your access table, not mynetworks. Other > than that, this is the right general idea.
hehe yeah yeah not my network, i added to access. > > Whether this is the right place to add the access table depends on where your > reject_unknown_client is. The whitelist and reject_unknown_client must be in > the same section. is it okay to have the warn_if_reject reject_unknown_client in smtpd_recipient_restrictions, I had read somewhere it was better to reject after client and helo because the client would just hang up and try again. right now I have the restriction in recipient. and I also have a check_recipient_access hash:/etc/postfix/recipient_access. So i must place it in there. -j > > > -- Noel Jones >
