|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: reject_unknown_client exept if HELO hostname matches client
From: Tony Earnshaw (tonni
billy.demon.nl)
Date: Sat Aug 02 2003 - 12:11:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bastiaan Welmers wrote:
> One of the methods I want to use is
> smtpd_client_restricions = reject_unknown_client
>
> But there still seems to be several (poor maintained) servers without
> reverse-lookup we want to hold contact to.
> Al these servers have a HELO hostname corresponding to the IP number they use.
>
> Is there a way to configure Postfix so it will
>
> - Check if the client has a hostname
> - If not, check if the HELO hostname corresponds with the client, and if,
> don't reject
> - If both not, reject
I've never had to do this myself, but:
Is the list of misconfigured client servers small enough for you to make
a list of exceptions to a general rule of REJECT?
If it is, then the smtp.cf doc says:
# The smtpd_client_restrictions parameter specifies optional
# restrictions on SMTP client host names and addresses.
#
# The default is to allow connections from any host. The following
# restrictions are available:
[...]
# check_client_access maptype:mapname
[...]
# Permit the SMTP client if the result is OK or all numerical.
[...]
So, if you do:
smtpd_client_restrictions =
check_client_access regexp:/etc/postfix/maps/ok_clients.regexp
reject_unknown_client
permit_mynetworks
etc.
in /etc/postfix/maps/ok_clients.regexp:
/^212\.238\.97\.135$/ OK
etc.
Client access rules are acted on before helo access rules (at least
that's what my logs tell me,) so ...
Best,
Tony
--
Tony Earnshaw
http://www.billy.demon.nl
Mail: tonnibilly.demon.nl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]