Noel Jones schrieb: > Robert Schetterer wrote: >> i...@lynet.de schrieb: >>> Noel Jones schrieb: >>>> Robert Schetterer wrote: >>> [...] >>>> You can reject such clients with a check_reverse_client_hostname >>>> access table. Make sure this is after permit_mynetworks so you don't >>>> reject the "real" localhost. >>>> http://www.postfix.org/postconf.5.html#check_reverse_client_hostname_access >>>> >>>> >>>> # some table >>>> localhost REJECT you're not localhost >>>> >>> In our Postfix Version 2.5.4 we use check_helo_access with the same map. >>> Together with smtpd_helo_required = yes this works too. >>> >>> >>> >>> Ilja Beeskow >> >> sorry helo_checks are on helo stage, you cant check >> ptr records here until they are on client stage, > > You can use any check in any stage with the default smtpd_delay_reject = > yes. As a general rule one should not change this setting.
of course you can use helo check in stage, i simplified my answer to short it but it wont catch if the helo is right and the ptr is localhost > > >> but youre right mostly the localhost ptr record clients >> have localhost in their helo too so you may catch the most of them >> but it musnt be in any case >> you might use >> reject_unknown_reverse_client_hostname in versions before 2.6 >> as i understand postfix differences between local and remote >> connects with/from localhost and catches remote ones as unknown >> so reject_unknown_reverse_client_hostname catches it >> > > Wrong, the client does have a reverse hostname, so > reject_unknown_reverse_client_hostname will not reject them. They would > be rejected with reject_unknown_client_hostname, but that rule is too > strict for most sites. ups youre right > > -- Noel Jones -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria