Thanks for the explanation, Wietse. Probably the issue is just with the logging levels. My current configuration already has
> smtpd_client_restrictions=reject_unknown_client_hostname and the log file is flooded with message like this > connect from unknown[ x.x.x.x] > NOQUEUE: reject: CONNECT from unknown[ x.x.x.x]: 450 4.7.25 Client host > rejected: cannot find your hostname which makes it hard to analyse. For comparison, the postscreen_*_action params let you `enforce` reject a delivery attempt and log it, or just 'drop' the connection silently. Eugene пн, 8 февр. 2021 г. в 19:39, Wietse Venema <wie...@porcupine.org>: > Eugene Podshivalov: > > Have read through the postscreen documentation closely and got it setup > and > > running already, but could not find the three major possibilities > provided > > by the tcp wrappers: > > 1. block by hostname > > 2. block clients with unknown hostname > > 3. block clients with invalid address<->name mapping > > Those are implemented by http://www.postfix.org/smtpd.8.html > > Postscreen does not look up or verify the client hostname. > It is the FIRST line of defense; the more expensive checks > are done in other programs. In increasing order of cost, that's > postscreen, smtpd_mumble_restrictions, header/body_checks, and > content inspection with Milter, smtpd_proxy_filter, or FILTER. > > Wietse >
