John Fawcett:
> Hi
>
> I was recently trying to whitelist a client hostname that frequently
> changes ip.
>
> >From the documentation check_client_access restriction for use with
> smtpd allows to specify access table lookups which contains hostnames.
>
> postscreen_access_list does not seem to allow hostnames in lookup tables.
>
> Is my understanding correct? Is there a reason why hostnames should not
> be supported in postscreen_access_list lookup tables?
Yes, it is working as documented and it is working as intended.
If you have clients in blacklisted networks, they should connect
to a different address or port, and be required to authenticate.
postscreen only makes requests to well-managed DNSXL servers that
the local system admin specifies in main.cf, and it makes the request
only if the client did not pass the postscreen DNSBL check recently.
If a DNSXL server specifies a very small or very large TTL, then
postscreen clamps the TTL to a more reasonable value.
The basic idea of postcreen is that 'good' clients must have only
millisecond delays as postscreen looks up their status from postscreen
cache. That is a lot less delay than when postscreen has to do
FQRDNS on EVERY DAMNED CLIENT CONNECTION, with reverse and forward DNS
requests to DNS servers that are often not competently managed.
Wietse
