Robert Schetterer a écrit : > Hi, > some nets have > set their ptr records to localhost > this causes problems to several mailservers > i see no problems at mine but > just asked to clear > > dig -x 123.27.178.4 > > ; <<>> DiG 9.3.5-P1 <<>> -x 123.27.178.4 > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46689 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 > > ;; QUESTION SECTION: > ;4.178.27.123.in-addr.arpa. IN PTR > > ;; ANSWER SECTION: > 4.178.27.123.in-addr.arpa. 86266 IN PTR localhost. > > i only get warnings ( like ever ) > > Aug 6 15:04:31 mxback postfix/smtpd[30131]: warning: 123.27.178.4: > address not listed for hostname localhost > Aug 6 15:04:31 mxback postfix/smtpd[30131]: connect from > unknown[123.27.178.4] > > > is this a hard coded match ( ptrs to localhost are resolved unknown? ) > so i.e reject_unknown_reverse_client_hostname > will reject it ever ? > > after all this was warned by german heise pc magazin > http://www.heise.de/newsticker/Namens-Trick-oeffnet-Mailserver--/meldung/143123
I use somthing like this: smtpd_recipient_restrictions = ... check_reverse_client_hostname_access ${hash}/access_host check_helo_access ${hash}/access_host ... to reject things like: localhost unreachable .localhost .arpa .invalid .inv .test .local .lokaal .localdomain .lan .private .root .adsl .firewall .speedportw700v .belkin .kornet ... be them found in helo or in the PTR. I also use a pcre version to reject "." as PTR (among other things).