Loading ...
Sorry, an error occurred while loading the content.

204583Re: To all of You who use: reject_non_fqdn_hostname and reject_unknown_hostname

Expand Messages
  • Blake Hudson
    Sep 1, 2006
    • 0 Attachment
      o2 - Marcin Wasilewski wrote:
      > Hello,
      >
      > I have a question to all of You who use: reject_non_fqdn_hostname and
      > reject_unknown_hostname.
      > I get lot of SPAM messages and almost all of them are from host which
      > in my mail.log are UNKNOWN, ie:
      > connect from unknown[222.181.95.54]
      > Sep 1 10:03:42 mymailhost postfix/smtpd[22196]: NOQUEUE: reject: RCPT
      > from unknown[222.181.95.54]: 550 <ukaszd@mydomainname>: Recipient
      > address rejected: User unknown; from=<abelpmoreira@...>
      > to=<ukaszd@mydomainname> proto=ESMTP helo=<LENOVO-OEM>
      >
      > Actually I use:
      > smtpd_helo_restrictions =
      > permit_mynetworks
      > check_helo_access hash:/etc/postfix/db/helo_access
      > reject_invalid_hostname
      >
      > and I would like to enable
      > reject_non_fqdn_hostname
      > reject_unknown_hostname
      >
      > but I wonder how many false-positives it gives..
      >
      > and one more question: I saw in doc that I could use: warn_if_reject,
      > but how to correctly place it in my config to see how these two rules
      > above will be hit.
      >
      > Best regards
      > Marcin



      I would suggest using reject_invalid_hostname, but be sure to place it
      after the permit_mynetworks check. Otherwise you will see false
      positives with clients that provide hostnames with just the PC name.

      I have to agree with Rene that reject_unknown_hostname provides too many
      false positives for some environments. You can test for your uses by
      using the warn_if_reject. To use warn_if_reject, your helo restrictions
      would look like this:

      smtpd_helo_restrictions =
      permit_mynetworks
      check_helo_access hash:/etc/postfix/db/helo_access
      reject_invalid_hostname
      warn_if_reject reject_unknown_hostname


      -Blake
    • Show all 8 messages in this topic