Re: reject_unknown_reverse_client_hostname not working as I expect

Thu, 11 Aug 2022 03:55:14 -0700 

On 11.08.22 11:43, Nick Howitt wrote:

[root@server ~]# postconf -n | grep restrictions



smtpd_client_restrictions = permit_mynetworks, 
reject_unknown_reverse_client_hostname smtpd_recipient_restrictions = 
permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, 
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, 
reject_unauth_pipelining, reject_unknown_recipient_domain, 
check_policy_service unix:/var/spool/postfix/postgrey/socket 
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination smtpd_sender_restrictions = permit_mynetworks, 
permit_sasl_authenticated, check_sender_access hash:/etc/postfix/access, 
reject_non_fqdn_sender, reject_invalid_hostname


Sometimes I see things like:

Aug 11 05:29:50 server postfix/smtpd[22642]: connect from 
unknown[103.169.188.140]
Aug 11 05:29:50 server postfix/smtpd[22642]: NOQUEUE: reject: RCPT 
from unknown[103.169.188.140]: 450 4.7.1 Client host rejected: cannot 
find your reverse hostname, [103.169.188.140]; 


% host 103.169.188.140
Host 140.188.169.103.in-addr.arpa. not found: 3(NXDOMAIN)


To me this implies it is working. But other times I see:


Aug  9 15:53:47 server postfix/smtpd[16934]: connect from 
unknown[162.240.216.231]


% host 162.240.216.231
231.216.240.162.in-addr.arpa domain name pointer 
162-240-216-231.unifiedlayer.com.
% host 162-240-216-231.unifiedlayer.com.
Host 162-240-216-231.unifiedlayer.com. not found: 3(NXDOMAIN)



Here it has not worked and the spam came through. Is it just a 
question of changing the smtpd_delay_reject or is it an unavoidable 
issue when using postgrey or is there something else I can do?



this is the main diference between reject_unknown_reverse_client_hostname 
and reject_unknown_client_hostname.



- the first that you used doesn't check for fcrdns mapping and only rejects 
  IP addresses that have no reverse mapping, no matter if the reverse 
  hostname is random 


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer






















					Reply via email to