Yes, with this option I can't send an email with my smartphone, because the smartphone IP have not proper reverse DNS.
And there is my problem: reject all IPs without proper reverse DNS but accept my smartphone. --- ################## Philippe - Forums Le 2018-12-22 10:55, Matus UHLAR - fantomas a écrit : > On 22.12.18 10:13, Philippe - Forums wrote: > >> I would like to secure more my postfix. >> >> My SMTP configuration actually is: >> >> _smtpd_tls_cert_file=/path/to/certs/fullchain.pem_ >> _smtpd_tls_key_file=/path/to/certs/privkey.pem_ >> _smtpd_tls_CAfile=/path/to/certs/chain.pem_ >> _smtpd_use_tls=yes_ >> _smtpd_tls_session_cache_database = >> btree:${data_directory}/smtpd_scache_ >> _smtpd_tls_security_level = may_ > > please avoid those underscores and avoid line wrapping when possible. > >> But with this configuration I can't send an email from my smartphone >> (reject). > > what's in the logs? It's hard to see in crystall ball (especially when I > don't have any) > > I only can guess one thing: > >> smtpd_client_restrictions = >> permit_mynetworks, >> reject_unknown_client_hostname, >> permit > > this however can cause rejecting even client authentication, when client > connects from IP without proper reverse/direct DNS records