Does anybody know whether the Postfix checks reject_unknown_client_hostname [aka Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address] follows actually any requirement by a RFC? If so, which one?
Thanks, Juerg
Juerg Reimann wrote:
Does anybody know whether the Postfix checks reject_unknown_client_hostname [aka Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address] follows actually any requirement by a RFC? If so, which one?
I feel pretty certain it is not according to any RFC.
On 2010-09-29 14:33, Juerg Reimann wrote:
Does anybody know whether the Postfix checks reject_unknown_client_hostname [aka Reject the request when
- the client IP address->name mapping fails,
- the name->address mapping fails,
In these cases it rejects the message with a 450, which is warning indicating a retry later.
(null route your dns server to test this ;)
- the name->address mapping does not match the client IP address]
Then it rejects with afaik a 500, prolly a 5xx. As such the sender will get a bounce and the sending SMTP server (which is a client in this case) will have to handle all of that.
follows actually any requirement by a RFC? If so, which one?
SMTP is one of the least specified protocols concerning security an checks, it is too old for that, thus nope, no RFC, but there are MAAWG documents suggesting that one does this.
Note that in general a host which is supposed to be sending mail will have proper forward/reverse set up and the idea behind this check is that if the sender can't be bothered to set their mail up correctly why would the receiver bother to accept it.
Note that the est and most effective method still is to use a scoring algorithm. Aka: use Spamassassin (or a variety of other such tools)
Greets, Jeroen
Hoi,
On Wed, Sep 29, 2010 at 2:33 PM, Juerg Reimann jr@jworld.ch wrote:
Does anybody know whether the Postfix checks reject_unknown_client_hostname [aka Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address] follows actually any requirement by a RFC? If so, which one?
I do not think it is a requirement by RFC, and I also think it is strictly harmful to force the connecting IP address to resemble the hostname, for example a pool of machines called smtp[1-9].example.com going out via a single IP address. Calling them all smtp.example.com is (a) not true and (b) frustrates debugging.
groet, Pim
Hi,
Does anybody know whether the Postfix checks reject_unknown_client_hostname [aka Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address] follows actually any requirement by a RFC? If so, which one?
To reject any mails with errors 5XX with just ONE criterium is very bad behaviour anyway and will always lead to false positives.
-- Martin
Martin Blapp wrote:
Hi,
Does anybody know whether the Postfix checks reject_unknown_client_hostname [aka Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address] follows actually any requirement by a RFC? If so, which one?
To reject any mails with errors 5XX with just ONE criterium is very bad behaviour anyway and will always lead to false positives.
hmm, how about "unknown user" :-)
Anyway, the default postfix reject for the above is a 450 and always 450 if the failure was caused by a lookup problem.
-
Jeroen Massar -
Juerg Reimann -
Martin Blapp -
Per Jessen -
Pim van Pelt