On 4/18/2010 10:24 PM, Alex wrote:
Note, from the documentation suggested for you, that there are
different conditions which trigger reject_unknown_client_hostname.
Mine was lack of PTR, which also triggers the less aggressive
reject_unknown_reverse_client_hostname restriction. This is fairly
common, and IMO, a pretty likely spam sign. Given my experience, I
think it is time to use reject_unknown_reverse_client_hostname. At
least you know you're not alone in enforcing that policy.
In this thread from just last June, the consensus was that it still
rejected too much mail:
http://www.mail-archive.com/postfix-users@postfix.org/msg12683.html
It was only from a few users, but wonder what their experience is
almost a year later.
Yes, reject_unknown_client_hostname is still too strict for
us. And we're very strict!
But the cool thing about local email policy is that you get to
decide for yourself what's too strict. Some people do use
reject_unknown_client_hostname, but my impression it that they
are mostly home/hobbyist/very small business.
Rule of thumb: the more people you have to answer to, the
less strict you must be.
In any case, I can't even test it, because apparently my postfix
doesn't even understand "warn_if_reject". It silently ignored it, and
silently stopped accepting mail until I realized there were two
hundred messages in the queue after five minutes on a Sunday :-) Most
of it was spam anyway :-)
The "warn_if_reject" feature predates
"reject_unauth_pipelining", which you seem to be using
successfully. I strongly suspect there was some other error
-- probably a simple typo in your config -- that kept
warn_if_reject from working for you.
From the (ancient) HISTORY file:
20011105
...
Feature: put "warn_if_reject" before an smtpd
restriction,
and that restriction logs warnings without rejecting
mail.
[...]
20020905
Feature: "smtpd_data_restrictions =
reject_unauth_pipelining"
blocks mail from SMTP clients that send message content
before Postfix has replied to the DATA command. File:
-- Noel Jones
