On 5/2/2013 6:27 AM, Vincent Lefevre wrote: > On 2013-05-01 07:14:37 -0500, /dev/rob0 wrote: >> On Wed, Apr 24, 2013 at 03:44:19PM -0700, Steve Jenkins wrote: >>> warn_if_reject reject_unknown_reverse_client_hostname, >> >> Safe, because many large receivers do this as well. > > That's interesting. Several months ago, I intended to add it, but > I noticed that legitimate mail I received sometimes contained > "unknown" (at least for some user), e.g. > > Received: from <snip> (unknown [174.33.138.226]) > by ioooi.vinc17.net (Postfix) with ESMTP id 017ED31D51 > for <vinc...@vinc17.org>; Tue, 19 Jul 2011 05:03:52 +0200 (CEST) > > and at that time, I thought that the machine didn't have a correct > reverse hostname, so that I thought that adding this option would be > bad. But if I grep all the messages from this IP, I now notice that > for most of them, I get "host1743300226138.direcway.com" instead of > "unknown", which occurs only from time to time. This makes me think > that the "unknown" could just be due to a temporary failure, but > with the above option, the mail wouldn't be rejected (it would just > be delayed from time to time due to the 450 reply, as documented). > Is this correct? > > Regards, >
If the DNS lookup fails with a temporary error, the mail will be deferred. It's important to note that not all clients labeled as "unknown" will be rejected by reject_unknown_reverse_client_hostname. For enlightenment, compare the docs on reject_unknown_client_hostname (a strict test not widely used), with the docs on reject_unknown_reverse_client_hostname (a generally safe check). Very strict: http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname Generally safe: http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname -- Noel Jones