On 7/13/2017 2:26 PM, MRob wrote: > I have reject_unknown_client_hostname in smtpd_client_restrictions. > Some clients are able to pass this restriction with accompanying > warning when the hostname does not point to the IP address of the > client. The rDNS does point to the claimed hostname, which seems to > be why Postfix gives it a pass. > > warning: hostname host.example.com does not resolve to address > 111.222.333.444 > > $ dig +short -x 111.222.333.444 > host.example.com > > $ dig +short host.example.com > 555.666.777.888 > > $ dig +short -x 555.666.777.888 > host.example.com > > The docs say "3) the name->address mapping does not match the client > IP address" so in this case shouldn't it be rejected? >
Yes. > > PS - I had temporarily downgraded to use > reject_unknown_reverse_client_hostname instead, but am fairly sure I > removed this change and did a postfix reload before the most recent > incident. Could it just be a timing mishap? I have since done a > full restart to be sure. I believe this feature to work exactly as documented. If you believe otherwise, you'll need to provide evidence. http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
