Noel Jones put forth on 4/12/2011 6:56 PM: > On 4/12/2011 4:19 PM, Stan Hoeppner wrote: >> Mikael Bak put forth on 4/12/2011 7:31 AM: >>> Stan Hoeppner wrote: >>> [snip] >>>> >>>>> Received: from [190.221.28.39] (unknown [190.221.28.39]) >>>> >>>> In this example, reject_unknown_reverse_client_hostname would have >>>> generated a 450 rejection. You should always use >>>> reject_unknown_reverse_client_hostname at minimum, or the more >>>> restrictive reject_unknown_client_hostname, though this one can cause >>>> problems with FPs on occasion. Best to use it with warn_if_reject >>>> for a >>>> while and monitor what it would have rejected. >>>> >>>> http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname >>>> >>>> However, it appears that 190.221.28.39 has rDNS of >>>> >>>> Name: host39.190-221-28.telmex.net.ar >>>> Address: 190.221.28.39 >> >>> No. The "reject_unknown_reverse_client_hostname" in the above example >>> would not have generated a 450 rejection, since the IP address HAS a >>> reverse dns hostname. >> >> Yes, it would have. Note the "unknown" in the Received line. The rDNS
> The "unknown" gives zero information about the client's rDNS. The I didn't say it did. It does tell us there was a related error, and we know the IP has valid rDNS. > "unknown" signifies that the client does not have correct FCrDNS, which > does not disclose rDNS status. Combining "unknown" with the fact that "host" returns a valid rDNS name tells us the likely cause of "unknown" in this case was a temporary DNS lookup failure. > A client is marked unknown when 1) the client IP address->name mapping > fails, 2) the name->address mapping fails, or 3) the name->address > mapping does not match the client IP address. Since we know valid rDNS exists via manual sleuthing, it's pretty reasonable to conclude 1) above occurred, is it not? > The postfix log will show the reason why the client is marked unknown, > but postfix does not indicate the reason in the Received: header. Always good practice to check logs. Though in this case enough information was available in lieu of logs to correctly describe the issue, and put it in the context of the larger question, which was "best methods to block spam from this type of host". Do you disagree? >> lookup failed during the transaction in question, thus this restriction >> would have generated a 450 for this transaction. Note the following >> that I wrote, due to the fact the host does have rDNS: >> >>>> so reject_unknown_reverse_client_hostname isn't a permanent solution >>>> here. >> >> I think you were a bit hasty in your reply, not carefully reading the >> information I provided. -- Stan