29 Sep
2010
29 Sep
'10
2:33 p.m.
Does anybody know whether the Postfix checks reject_unknown_client_hostname [aka Reject
the request when 1) the client IP address->name mapping fails, 2) the name->address
mapping fails, or 3) the name->address mapping does not match the client IP address]
follows actually any requirement by a RFC? If so, which one?
Thanks,
Juerg
29 Sep
29 Sep
3:15 p.m.
Juerg Reimann wrote:
Does anybody know whether the Postfix checks
reject_unknown_client_hostname [aka Reject the request when 1) the
client IP address->name mapping fails, 2) the name->address mapping
fails, or 3) the name->address mapping does not match the client IP
address] follows actually any requirement by a RFC? If so, which one?
I feel pretty certain it is not according to any RFC.
--
Per Jessen, Zürich (15.0°C)
3:47 p.m.
On 2010-09-29 14:33, Juerg Reimann wrote:
Does anybody know whether the Postfix checks
reject_unknown_client_hostname
[aka Reject the request when
1) the client IP address->name mapping fails,
2) the name->address mapping fails,
In these cases it rejects the message with a 450, which is warning
indicating a retry later.
(null route your dns server to test this ;)
3) the name->address mapping does not match the
client IP address]
Then it rejects with afaik a 500, prolly a 5xx. As such the sender will
get a bounce and the sending SMTP server (which is a client in this
case) will have to handle all of that.
follows actually any requirement by a RFC? If so,
which one?
SMTP is one of the least specified protocols concerning security an
checks, it is too old for that, thus nope, no RFC, but there are MAAWG
documents suggesting that one does this.
Note that in general a host which is supposed to be sending mail will
have proper forward/reverse set up and the idea behind this check is
that if the sender can't be bothered to set their mail up correctly why
would the receiver bother to accept it.
Note that the est and most effective method still is to use a scoring
algorithm. Aka: use Spamassassin (or a variety of other such tools)
Greets,
Jeroen
4:23 p.m.
Hoi,
On Wed, Sep 29, 2010 at 2:33 PM, Juerg Reimann <jr(a)jworld.ch> wrote:
Does anybody know whether the Postfix checks
reject_unknown_client_hostname [aka Reject the request when 1) the client IP
address->name mapping fails, 2) the name->address mapping fails, or 3) the
name->address mapping does not match the client IP address] follows actually any
requirement by a RFC? If so, which one?
I do not think it is a requirement by RFC,
and I also think it is
strictly harmful to force the connecting IP address to resemble the
hostname, for example a pool of machines called smtp[1-9].example.com
going out via a single IP address. Calling them all smtp.example.com
is (a) not true and (b) frustrates debugging.
groet,
Pim
--
Pim van Pelt <pim(a)ipng.nl>
PBVP1-RIPE - http://www.ipng.nl/
30 Sep
30 Sep
2:27 a.m.
Hi,
Does anybody know whether the Postfix checks
reject_unknown_client_hostname [aka Reject the request when 1) the client IP
address->name mapping fails, 2) the name->address mapping fails, or 3) the
name->address mapping does not match the client IP address] follows actually any
requirement by a RFC? If so, which one?
To reject any mails with errors 5XX with just ONE criterium is very bad
behaviour anyway and will always lead to false positives.
--
Martin
8:51 a.m.
Martin Blapp wrote:
Hi,
hmm, how about "unknown user" :-)
Anyway, the default postfix reject for the above is a 450 and always 450
if the failure was caused by a lookup problem.
--
Per Jessen, Zürich (11.0°C)
Does anybody know whether the Postfix checks
reject_unknown_client_hostname [aka Reject the request when 1) the
client IP address->name mapping fails, 2) the name->address mapping
fails, or 3) the name->address mapping does not match the client IP
address] follows actually any requirement by a RFC? If so, which one?
To reject any mails with errors 5XX with just ONE criterium is very
bad behaviour anyway and will always lead to false positives.
4816
days inactive
4817
days old
5 comments
5 participants
participants (5)
-
Jeroen Massar -
Juerg Reimann -
Martin Blapp -
Per Jessen -
Pim van Pelt