> On Sep 12, 2016, at 12:54 AM, Jeremy <jer...@smartpoint.co.nz> wrote:
>
> Sep 12 15:36:58 mailsrv postfix/smtpd[30413]: connect from
> unknown[210.246.XX.XX]
> *******
> Sep 12 15:37:32 mailsrv postfix/smtpd[30413]: NOQUEUE: reject: RCPT from
> unknown[210.246.XX.XX]: 554 5.7.1 Service unavailable;
> *******
> Client host [210.246.XX.XX] blocked using zen.spamhaus.org;
> https://www.spamhaus.org/query/ip/210.246.XX.XX;
> from=<jer...@mydomain.com> to=<jer...@smartpoint.co.nz>
> proto=SMTP helo=<host.mydomain.com>
The name "unknown" does not match your access table.
It is highly probable that while "210.246.XX.XX" may have a PTR
record indicating the desired hostname, that hostname does not
in turn resolve to the IP address in question.
Postfix does not use unverified PTR records in access checks
that can return "OK", that would be a major security hole.
Anyone can set their PTR records to point to any name of their
choice, but they cannot as easily get the owner of that name
to confirm that the original IP address is theirs.
The owner of the sending system should avoid sending from
ZEN-listed IP addresses. If they really only want to send
email to you and nobody else, perhaps you can arrange for
authentication via SASL or TLS client certificates.
--
Viktor.
