Yes, with this option I can't send an email with my smartphone, because
the smartphone IP have not proper reverse DNS.
And there is my problem: reject all IPs without proper reverse DNS but
accept my smartphone.
---
##################
Philippe - Forums
Le 2018-12-22 10:55, Matus UHLAR - fantomas a écrit :
> On 22.12.18 10:13, Philippe - Forums wrote:
>
>> I would like to secure more my postfix.
>>
>> My SMTP configuration actually is:
>>
>> _smtpd_tls_cert_file=/path/to/certs/fullchain.pem_
>> _smtpd_tls_key_file=/path/to/certs/privkey.pem_
>> _smtpd_tls_CAfile=/path/to/certs/chain.pem_
>> _smtpd_use_tls=yes_
>> _smtpd_tls_session_cache_database =
>> btree:${data_directory}/smtpd_scache_
>> _smtpd_tls_security_level = may_
>
> please avoid those underscores and avoid line wrapping when possible.
>
>> But with this configuration I can't send an email from my smartphone
>> (reject).
>
> what's in the logs? It's hard to see in crystall ball (especially when I
> don't have any)
>
> I only can guess one thing:
>
>> smtpd_client_restrictions =
>> permit_mynetworks,
>> reject_unknown_client_hostname,
>> permit
>
> this however can cause rejecting even client authentication, when client
> connects from IP without proper reverse/direct DNS records
