@lbutlr: > On Nov 26, 2016, at 11:30 AM, E. Recio <emre...@verizon.net> wrote: > > On 11/22/2016 10:47 AM, @lbutlr wrote: > >>=20 > >> reject_unknown_reverse_client_hostname, > >>=20 > >> but I also use: > >> reject_non_fqdn_recipient, > >> reject_unknown_sender_domain, > >> reject_invalid_hostname, > > > Wow, these settings cut down on spam by a lot! My concern is that if = > someone is on a private remote NAT network (sending real) example.com = > (sending real) 1.2.3.4 but the host behind the 1.2.3.4 NAT is (sending = > host) example.local (sending host) 10.1.2.3 and sends email by directly = > connecting to my postfix server via 25, would the email get to me? > > No. A host hiding behind a NAT should never be connecting directly to = > you, that's rather the point.
They can, but they should announce an SMTP hostname that matches the external IP address. In the Postfix case, that is controlled with the smtp_helo_name parameter. If Postfix needs to deliver mail to internal and external systems, use separate SMTP clients for internal and external mail, and set smtp_helo_name on the outbound SMTP client (in master.cf). Wietse