On 12 May 2018, at 18:45 (-0400), James wrote:
The documentation[1] and several e-mails here mention that
reject_unknown_client_hostname can reject legitimate e-mails.
What exactly are these scenarios? When do they occur in real life?
Are there really legitimate mail servers that don't have a reverse
DNS record that resolves to their IP?
I would like to know so that I can decide whether I should care and
whether I can use this option for my setup. I would only use this
option for port 25 (not submission) and make sure that
sasl_authenticated clients are exempt from it.
[1]http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
I use it. I like it. But... real world can/will bite you in the ass:
Yes, it can. Note this Received header from *your* message:
Received: from trackivity.com (unknown [IPv6:2607:f0b0:0:205::2])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by english-breakfast.cloud9.net (Postfix) with ESMTPS id A7ADC33260A
for <postfix-users@postfix.org>; Sat, 12 May 2018 18:45:26 -0400
(EDT)
So, it is good that the mail server handling this list does not use
reject_unknown_client_hostname
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
