I have a host running postfix on port 25 (also 12345 for debugging
purposes[*]),
and I want to test the following line in my main.cf:
smtpd_client_restrictions = reject_unknown_client_hostname
The host is on the internet, publicly accessible, but I haven't pointed any
DNS MX records at it.
The first thing I've tried is a manual test, using my home internet, which
I thought would fail.
Unfortunately, my home ISP is Comcast, and so my IP address has both
a DNS and reverse DNS , and they match.
I could use a live domain for a test (set the MX record for a single
domain),
but that isn't good (never test in production).
Is there a different way to test this?
Given that my home IP address (completely dynamic from Comcast)
doesn't trigger this, is this measure no longer very effective?
As a footnote, even though the site hasn't been advertised via DNS,
I still get quite a few connections failing to connect with the following
error:
ul 19 22:49:37 dev postfix/smtpd[21058]: warning: hostname
hosted-by.hostgrad.ru does not resolve to address 185.40.4.30: Name or
service not known
Jul 19 22:49:37 dev postfix/smtpd[21058]: connect from unknown[185.40.4.30]
Jul 19 22:49:42 dev postfix/smtpd[21058]: warning: unknown[185.40.4.30]:
SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 19 22:49:50 dev postfix/smtpd[21058]: warning: unknown[185.40.4.30]:
SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 19 22:50:03 dev postfix/smtpd[21058]: warning: unknown[185.40.4.30]:
SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 19 22:50:03 dev postfix/smtpd[21058]: disconnect from
unknown[185.40.4.30] ehlo=1 auth=0/3 rset=3 quit=1 commands=5/8
I'm guessing there are at least a few servers with default passwords set
up out there.
Thanks
John
[*]Comcast blocks ALL outgoing port 25 traffic from their home users.
I guess that makes it okay for them to reverse DNS map home IP
addresses. I always get burned by this port 25 blocking any time I
try to test something at home!
