On 07/19/2013 08:19 AM, L.W. van Braam van Vloten wrote:
> Hello list,
>
> I have configured postfix to not accept connections from clients that
> fail the reverse dns check.
> But I want to be able to whitelist specific clients, even if the reverse
> hostname check fails.
>
> To achieve this I configured the following:
> smtpd_client_restrictions =
> check_client_access hash:/etc/postfix/client-whitelist,
> reject_unknown_reverse_client_hostname
>
> /etc/postfix/client-whitelist contains comment lines (starting with #)
> and entries, like this:
> # mail.acipol.ac.mz
> 197.218.14.50 OK
>
What you probably want is,
smtpd_client_restrictions =
check_client_access cidr:/etc/postfix/client_access
and then,
$ cat /etc/postfix/client_access
# Legitimate clients without rDNS.
197.218.14.50 DUNNO
# Default action
0.0.0.0/0 reject_unknown_reverse_client_hostname
The first matching entry in /etc/postfix/client_access is what will be
used, so the whitelist entries will hit first. If none of the whitelist
entries are matched, then the default will kick in.
If you ever add more smtpd_client_restrictions, this method avoids
skipping the entire set of tests for hosts which should only be
whitelisted against the reject_unknown_reverse_client_hostname test.
