How about allow the GUI option to choose between reject_unknown_client_hostname and reject_unknown_reverse_client_hostname?

H

hata_ph

Well-Known Member
Nov 13, 2019
866
199
48
45
I know rDNS should be a standard for all standard email server. But since it is very hard to make sure all email server to have a valid rDNS setup, it is possible to have the GUI option to choose between reject_unknown_client_hostname and reject_unknown_reverse_client_hostname?
Notice there is some false negative due to bad DNS setup on the sender's side with reject_unknown_client_hostname.
Currently I am using a custom main.cf.in to change reject_unknown_client_hostname to reject_unknown_reverse_client_hostname.

reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
Reject the request when 1) the client IP address->name mapping fails, or 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address.
This is a stronger restriction than the reject_unknown_reverse_client_hostname feature, which triggers only under condition 1) above.
The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name or name->address lookup failed due to a temporary problem.
reject_unknown_reverse_client_hostname
Reject the request when the client IP address has no address->name mapping.
This is a weaker restriction than the reject_unknown_client_hostname feature, which requires not only that the address->name and name->address mappings exist, but also that the two mappings reproduce the client IP address.
The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name lookup failed due to a temporary problem.
This feature is available in Postfix 2.3 and later.
Click to expand...
 
+1 open a feature request in bugzilla.proxmox.com, I adjusted it manual. FCrDNS is really hard and not usable on business environments. On private, where you could loose mails because of lame administrators, everything is fine.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom