I have reject_unknown_client_hostname in smtpd_client_restrictions.
Some clients are able to pass this restriction with accompanying warning
when the hostname does not point to the IP address of the client. The
rDNS does point to the claimed hostname, which seems to be why Postfix
gives it a pass.
warning: hostname host.example.com does not resolve to address
111.222.333.444
$ dig +short -x 111.222.333.444
host.example.com
$ dig +short host.example.com
555.666.777.888
$ dig +short -x 555.666.777.888
host.example.com
The docs say "3) the name->address mapping does not match the client IP
address" so in this case shouldn't it be rejected?
PS - I had temporarily downgraded to use
reject_unknown_reverse_client_hostname instead, but am fairly sure I
removed this change and did a postfix reload before the most recent
incident. Could it just be a timing mishap? I have since done a full
restart to be sure.
