Sahil Tandon put forth on 4/12/2011 10:58 PM: > On Tue, 2011-04-12 at 16:19:03 -0500, Stan Hoeppner wrote: > >> Mikael Bak put forth on 4/12/2011 7:31 AM: >>> Stan Hoeppner wrote: >>> [snip] >>>> >>>>> Received: from [190.221.28.39] (unknown [190.221.28.39]) >>>> >>>> In this example, reject_unknown_reverse_client_hostname would have >>>> generated a 450 rejection. You should always use >>>> reject_unknown_reverse_client_hostname at minimum, or the more >>>> restrictive reject_unknown_client_hostname, though this one can cause >>>> problems with FPs on occasion. Best to use it with warn_if_reject for a >>>> while and monitor what it would have rejected. >>>> >>>> http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname >>>> >>>> However, it appears that 190.221.28.39 has rDNS of >>>> >>>> Name: host39.190-221-28.telmex.net.ar >>>> Address: 190.221.28.39 >> >>> No. The "reject_unknown_reverse_client_hostname" in the above example >>> would not have generated a 450 rejection, since the IP address HAS a >>> reverse dns hostname. >> >> Yes, it would have. > > Not in this case. > >> Note the "unknown" in the Received line. The rDNS lookup failed >> during the transaction in question, thus this restriction would have >> generated a 450 for this transaction. Note the following that I >> wrote, due to the fact the host does have rDNS: > > The 'unknown' in the Received: header is not due to rDNS problems, but > more likely because the name->address mapping (still) fails. > > % dig +short -x 190.221.28.39 > host39.190-221-28.telmex.net.ar. > > ... so rDNS is OK; however: > > % host host39.190-221-28.telmex.net.ar > Host host39.190-221-28.telmex.net.ar not found: 3(NXDOMAIN)
But the test condition is 1) or 2) or 3) isn't it? Not 1) and 2) and 3)? If the latter, you seem to be saying one can have a case with an "unknown" stamp for the reverse-name in the log and Received: header, but reject_*unknown*_reverse_client_hostname will not reject the connection? Wietse Venema put forth on 3/31/2011 11:42 AM: > The format is: > > Received: from helo-hostname (verified-reverse-name [ip-address]) If what you seem to be saying is correct, and I'm thus apparently wrong here in this pedantic sub-thread, then I'm not in this boat alone. If Postfix stamps a client's reverse-name as "unknown", but at the same time doesn't reject based on this "unknown reverse-name" with reject_*unknown*_reverse_client_hostname then, well, there's apparently a problem with the concept of the "unknown" reverse-name and what that actually means. -- Stan
