Sandy Drobic wrote:
david rankin wrote:
I could also mention the restriction "reject_unknown_hostname", although only postmaster that really hate spam more than they love their wanted mail would consider to apply that restriction. (^-^)
Don't laugh, I tested it (^-^)
Okay, I won't... bwa ha ha ha!!
I considered it for about 5 minutes myself. A grep on my log for unknown clients and a check if the mail I got from that client was spam or not yielded a sufficient amount of misconfigured systems that we could not reject. I just saw that it should be "reject_unknown_client" or "reject_unknown_client_hostname" for version 2.3.
reject_unknown_helo_hostname (for postfix v. 2.2 reject_unknown_hostname) will reject the client if the HELO name the client submitted has no mx or a record.
You could also try this one if you are already testing:
smtpd_helo_restrictions = permit_mynetworks, # check_client_access hash:/etc/postfix/client_whitelist warn_if_reject reject_invalid_hostname warn_if_reject reject_unknown_hostname
/etc/postfix/client_whitelist: 10.0.0.12 PERMIT mail.example.com PERMIT Do not use check_helo_access to whitelist a helo name! The helo name is under the control of the submitting client. You can use the same whitelist mechanism for reject_unknown_client. For the HELO restriction it should work. Though there are some regular servers that will be caught by that restriction. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com