LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Odd problem with Postfix and reject_unknown_client option (https://www.linuxquestions.org/questions/linux-server-73/odd-problem-with-postfix-and-reject_unknown_client-option-683077/)

jimwillsher 11-13-2008 03:12 AM
Odd problem with Postfix and reject_unknown_client option
 
I have a strange problem with Ubunto 8.10 (Intrepid Ibex) and Postfix. In the interest of cutting down spam, I've been using the reject_unknown_client configuration setting. According to the docs, this will reject mail from servers with no PTR (e.g. reject virtually all dynamic-server stuff).

I'm getting a few issues. For example, in my log today:

Quote:
Nov 13 08:34:22 osprey postfix/smtpd[23740]: NOQUEUE: reject: RCPT from unknown[195.74.102.190]: 450 4.7.1 Client host rejected: cannot find your hostname, [195.74.102.190]; from=<bounce@senderdomain.net> to=<myemail@mydomain.co.uk> proto=ESMTP helo=<partners.enta.net>
Quote:
Nov 13 08:34:23 osprey postfix/smtpd[23749]: NOQUEUE: reject: RCPT from unknown[84.234.16.230]: 450 4.7.1 Client host rejected: cannot find your hostname, [84.234.16.230]; from=<adsl24@adsl24.co.uk> to=<myemail@mydomain.co.uk> proto=ESMTP helo=<server.adsl24.co.uk>
Yet the host command gives these responses:

Code:
root@osprey:~# host 195.74.102.190
190.102.74.195.in-addr.arpa domain name pointer partners.enta.net.
root@osprey:~# host partners.enta.net
partners.enta.net has address 195.74.102.190
Code:
root@osprey:~# host 84.234.16.230
230.16.234.84.in-addr.arpa domain name pointer server.adsl24.co.uk.
root@osprey:~# host server.adsl24.co.uk
server.adsl24.co.uk has address 84.234.16.230
So, as far as I can tell, Postfix shouldn't have had any issues.

Am I missing something?

Many thanks,


Jim

billymayday 11-13-2008 03:41 AM
Assuming you are using >=2.3, try using reject_unknown_reverse_client_hostname instead and see what happens.

jimwillsher 11-13-2008 04:08 AM
Many thanks for the quick reply, I appreciate you taking the time.

I'm using 2.5.5, so I've changed my entry to:

Quote:
smtpd_client_restrictions = hash:/etc/postfix/client_restrictions,reject_unknown_helo_hostname,reject_unknown_reverse_client_hostname
Does this look to be safer?


Jim

billymayday 11-13-2008 04:10 AM
My suggestion was more that the change I suggested limits the rejections - you can narrow down the cause this way.

Try sending an email from one of those senders that failed before and see what happens.

jimwillsher 11-13-2008 04:14 AM
Many thanks.

I'm have to wait for one of the "problematic" senders to send me an email, as I'll want it to be a realistic test.

Thanks again for your help.


Jim

billymayday 11-13-2008 04:40 AM
That's OK. In the meantime, read up of the differences between reject_unknown_client_hostname and reject_unknown_reverse_client_hostname at http://www.postfix.org/postconf.5.ht...lient_hostname


All times are GMT -5. The time now is 11:02 PM.