@lbutlr:
> On Nov 26, 2016, at 11:30 AM, E. Recio <emre...@verizon.net> wrote:
> > On 11/22/2016 10:47 AM, @lbutlr wrote:
> >>=20
> >> reject_unknown_reverse_client_hostname,
> >>=20
> >> but I also use:
> >> reject_non_fqdn_recipient,
> >> reject_unknown_sender_domain,
> >> reject_invalid_hostname,
>
> > Wow, these settings cut down on spam by a lot! My concern is that if =
> someone is on a private remote NAT network (sending real) example.com =
> (sending real) 1.2.3.4 but the host behind the 1.2.3.4 NAT is (sending =
> host) example.local (sending host) 10.1.2.3 and sends email by directly =
> connecting to my postfix server via 25, would the email get to me?
>
> No. A host hiding behind a NAT should never be connecting directly to =
> you, that's rather the point.
They can, but they should announce an SMTP hostname that matches
the external IP address. In the Postfix case, that is controlled
with the smtp_helo_name parameter. If Postfix needs to deliver mail
to internal and external systems, use separate SMTP clients for
internal and external mail, and set smtp_helo_name on the outbound
SMTP client (in master.cf).
Wietse
