On Wed, Mar 12, 2014 at 05:28:38PM +0530, tejas sarade wrote: > > how should that be possible? > > the hostname the client pretends? > > how could you trust that? > > how could you trust any hostname? > > there is nothing else trustable than the connecting real IP > > No. Not the hostname that client pretends, I am talking about valid DNS A > record throuch DNS lookup. > > > > frankly you must even not make relay decisions based on a > > static PTR because i can add any PTR i like in my own DNS > > server which is authoritative for my in-addr.arpa zone > I am not running my own DNS server. > > the same way you can nobody stop make a valid PTR record > > you like to see on your side for grant relay permissions > > I just want to creat and access control system where I will provide the > list of valid hostname(FQDN). > Postfix will lookup the IP of that FQDN through public DNS and consider > that IP as trusted IP.
If you want to limit access to the box to certain FQDNs you're probably looking for iptables and custom rules that are rewritten every 30/60 seconds with something like ddclient. This is only good for limiting maybe login attempts, or something like that but shouldn't be used for authentication to postfix and it would only work if you were planning on dropping all packets to that port that aren't on the list so it won't work on 25. Probably best to figure out the auth methods for postfix. -- Pete
