Re: warning: use DUNNO instead of OK if you want to make an exception

Thu, 18 Sep 2014 04:20:27 -0700 

or making it simpler and put all other restrictions in 
"smtpd_recipient_restrictions"
and only leaving that two - this could be reduced to one rule if 
"check_helo_access"
would accept the PTR-Regexp for DUNNOS

according to http://www.postfix.org/postconf.5.html#check_helo_access that's 
not the case
so the question remains: how can i skip "check_helo_access" by 
"check_reverse_client_hostname_access"

smtpd_helo_restrictions =
 check_reverse_client_hostname_access 
proxy:regexp:/etc/postfix/whitelist_helo_by_ptr.cf
 check_helo_access proxy:regexp:/etc/postfix/blacklist_helo.cf

Am 18.09.2014 um 13:02 schrieb li...@rhsoft.net:
> postfix/smtpd[29991]: warning: restriction 
> check_reverse_client_hostname_access returns OK
> postfix/smtpd[29991]: warning: this is not allowed for security reasons
> postfix/smtpd[29991]: warning: use DUNNO instead of OK if you want to make an 
> exception
> _____________________________________________________________________________
> 
> how can one skip all following rules in "smtpd_helo_restrictions" and
> so apply only "smtpd_recipient_restrictions"?
> 
> in general i understand the reason for that but given i want to skip
> all the other checks in "smtpd_helo_restrictions" would DUNNO in
> "check_reverse_client_hostname_access" which only contains "allows"
> not skip only the PTR checks but not the following ones and so have
> no function at all?
> 
> * check_sender_access
> * reject_non_fqdn_helo_hostname
> * reject_invalid_helo_hostname
> * check_helo_access
> 
> the idea here is to have rules to reject by HELO but at the same
> time skip them for several reasons and the "real" restrictions
> are present in "smtpd_recipient_restrictions"
> _____________________________________________________________________________
> 
> smtpd_helo_restrictions =
>  check_reverse_client_hostname_access 
> proxy:regexp:/etc/postfix/whitelist_helo_by_ptr.cf
>  check_sender_access proxy:hash:/etc/postfix/whitelist_sender.cf
>  reject_non_fqdn_helo_hostname
>  reject_invalid_helo_hostname
>  check_helo_access proxy:regexp:/etc/postfix/blacklist_helo.cf

Reply via email to