How about allow the GUI option to choose between reject_unknown_client_hostname and reject_unknown_reverse_client_hostname?

H

hata_ph

Renowned Member
Nov 13, 2019
868
200
88
45
I know rDNS should be a standard for all standard email server. But since it is very hard to make sure all email server to have a valid rDNS setup, it is possible to have the GUI option to choose between reject_unknown_client_hostname and reject_unknown_reverse_client_hostname?
Notice there is some false negative due to bad DNS setup on the sender's side with reject_unknown_client_hostname.
Currently I am using a custom main.cf.in to change reject_unknown_client_hostname to reject_unknown_reverse_client_hostname.

reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
Reject the request when 1) the client IP address->name mapping fails, or 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address.
This is a stronger restriction than the reject_unknown_reverse_client_hostname feature, which triggers only under condition 1) above.
The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name or name->address lookup failed due to a temporary problem.
reject_unknown_reverse_client_hostname
Reject the request when the client IP address has no address->name mapping.
This is a weaker restriction than the reject_unknown_client_hostname feature, which requires not only that the address->name and name->address mappings exist, but also that the two mappings reproduce the client IP address.
The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name lookup failed due to a temporary problem.
This feature is available in Postfix 2.3 and later.
Click to expand...
 
+1 open a feature request in bugzilla.proxmox.com, I adjusted it manual. FCrDNS is really hard and not usable on business environments. On private, where you could loose mails because of lame administrators, everything is fine.
 
You must log in or register to reply here.
Top Bottom