Loading ...
Sorry, an error occurred while loading the content.

check_client access - match by client hostname dont work (for me), help please

Expand Messages
  • sftf@yandex.ru
    Hi! I would like to bypass reject_unknown_reverse_client_hostname for certain clients (by their host names) and use configuration below. If I use client IP as
    Message 1 of 2 , Jun 1, 2007
    • 0 Attachment
      Hi!
      I would like to bypass reject_unknown_reverse_client_hostname for certain clients
      (by their host names) and use configuration below.

      If I use client IP as key, it's work well, but if I use client name (like in this example)
      it does not work (see mail.log below).
      Looks like postfix checks only IP's against /etc/postfix/maps/inet/check_inet_hosts.

      From postconf.5 I have understood, that I can use a client hostname:
      "check_client_access type:table
      Search the specified access database for the **client hostname**,
      parent domains, client IP address..."
      What have I made incorrectly?
      Thanks!

      Debian etch/postfix-2.3.4-3

      /etc/postfix/master.cf-------------------------------------------------------
      195.xxx.xxx.xxx:smtp inet n - n - - smtpd
      -o smtpd_client_restrictions=inet_smtpd_client_restrictions_class
      -o smtpd_recipient_restrictions=inet_sr_class_lite
      ...

      /etc/postfix/main.cf----------------------------------------------------------
      smtpd_restriction_classes =
      ...
      inet_smtpd_client_restrictions_class,
      ...
      inet_smtpd_client_restrictions_class=
      check_client_access hash:/etc/postfix/maps/inet/check_inet_hosts,
      reject_unknown_reverse_client_hostname
      ...

      /etc/postfix/maps/inet/check_inet_hosts-----------------------------------------
      .a3a.ru OK
      router.a3a.ru OK
      .oblfu.omsknet.ru OK
      inet.oblfu.omsknet.ru OK

      /var/log/mail.log---------------------------------------------------------------
      ...
      postfix/smtpd[24104]: >>> START Client host RESTRICTIONS <<<
      postfix/smtpd[24104]: generic_checks: name=inet_smtpd_client_restrictions_class
      postfix/smtpd[24104]: >>> START Client host RESTRICTIONS <<<
      postfix/smtpd[24104]: generic_checks: name=check_client_access
      postfix/smtpd[24104]: check_namadr_access: name unknown addr 195.162.33.82
      postfix/smtpd[24104]: check_domain_access: unknown
      postfix/smtpd[24104]: check_addr_access: 195.162.33.82
      postfix/smtpd[24104]: generic_checks: name=check_client_access status=0
      postfix/smtpd[24104]: generic_checks: name=reject_unknown_reverse_client_hostname
      postfix/smtpd[24104]: reject_unknown_reverse_name: unknown
      postfix/smtpd[24104]: NOQUEUE: reject: RCPT from unknown[195.162.33.82]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [195.162.33.82]; from=<> to=<tome@...> proto=ESMTP helo=<inet.oblfu.omsknet.ru>
      postfix/smtpd[24104]: generic_checks: name=reject_unknown_reverse_client_hostname status=2
      postfix/smtpd[24104]: generic_checks: name=inet_smtpd_client_restrictions_class status=2
      postfix/smtpd[24104]: > unknown[195.162.33.82]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [195.162.33.82]
      ...
    • Noel Jones
      ... These clients have no verified hostname and are considered unknown . You must whitelist them by IP address. -- Noel Jones
      Message 2 of 2 , Jun 1, 2007
      • 0 Attachment
        At 08:48 AM 6/1/2007, sftf@... wrote:
        >Hi!
        >I would like to bypass reject_unknown_reverse_client_hostname for
        >certain clients
        >(by their host names) and use configuration below.
        >
        >If I use client IP as key, it's work well, but if I use client name
        >(like in this example)
        >it does not work (see mail.log below).
        >Looks like postfix checks only IP's against
        >/etc/postfix/maps/inet/check_inet_hosts.
        >
        > From postconf.5 I have understood, that I can use a client hostname:
        >"check_client_access type:table
        >Search the specified access database for the **client hostname**,
        >parent domains, client IP address..."
        >What have I made incorrectly?
        >Thanks!

        These clients have no verified hostname and are considered "unknown".
        You must whitelist them by IP address.

        --
        Noel Jones
      Your message has been successfully submitted and would be delivered to recipients shortly.