From: Tom Allison (no email)
Date: Mon Sep 27 2004 - 22:10:41 EDT
Andrew Boring wrote:
>
> On Sep 27, 2004, at 4:07 PM, Tom Allison wrote:
>
>> Sep 27 11:18:54 cling postfix/smtpd[17470]: connect from
>> unknown[207.148.212.34]
>> Sep 27 11:18:55 cling postfix/smtpd[17470]: NOQUEUE: reject: RCPT from
>> unknown[207.148.212.34]: 450 Client host rejected: cannot find your hos
>> tname, [207.148.212.34]; from=<>
>> to=<> proto=ESMTP
>> helo=<patriot1.suburbancollection.com>
>> Sep 27 11:18:56 cling postfix/smtpd[17470]: disconnect from
>> unknown[207.148.212.34]
>>
>> smtpd_client_restrictions = permit_mynetworks
>> [...]
>> reject_unknown_client
>
>
> Postfix cannot find the hostname for 207.148.212.34. Your
> "reject_unknown_client" restriction will reject mail from this and any
> other mail servers that do not have a valid PTR mapping in DNS:
>
> $ host -t mx suburbancollection.com
> suburbancollection.com mail is handled by 10 mail.suburbancollection.com.
>
> $ host mail.suburbancollection.com
> mail.suburbancollection.com has address 207.148.212.34
>
> $ host -t ptr 34.212.148.207.in-addr.arpa
> Host 34.212.148.207.in-addr.arpa not found: 3(NXDOMAIN)
>
> http://www.postfix.org/postconf.5.html#reject_unknown_client
>
> Don't use this unless you are prepared to whitelist many, many, many
> legitimate mail servers on a near daily basis (or unless you don't care
> about the fallout).
>
legitimate mail server.
But is the mail server correctly configured?
It was my understanding that the correct configuration required a MX
record for the client and also a reverse lookup for the IP address.
Not being as familiar with 'host -t ptr' I have to assume that this is
equivelant to 'dig -x'.
I guess the question I'm really after is, why do legitimate mail servers
do this?
I am reluctant to change much because of the incredable amount of spam
that I am blocking and the relatively small amount of non-spam that I am
blocking because of the use of ALL UCE rules available.
|
|
|