12

My outer SMTP is blocking some e-mails with the error 450 4.7.1 Client host rejected: cannot find your hostname, which we traced back to the reject_unknown_client_hostname. As it happens, the hostname to which the reverse address resolves does not, itself, have a DNS record. The chances of getting this fixed are low, but we do need to get their e-mail.

So, can we configure some sort of exception to get around this rule just for them?

Daniel C. Sobral
  • 5,713
  • 6
  • 34
  • 48

1 Answers1

15

You can allow specific client to bypass the smtpd_client_restrictions:

smtpd_client_restrictions =
  check_client_access hash:/etc/postfix/client_access,
  reject_invalid_hostname

This would first take the specified action in client_access, and if it doesnt match any rule listed there, then reject the senders that have no valid domain.

The syntax in client_access would be:

1.2.3.4    OK
bad.domain REJECT

Once this file is setup, execute the following command to generate the indexed version of this file (db):

postmap /etc/postifx/client_access

Reload postfix and you should be ok.

More doc on access tables

More on smtpd_client_restrictions

EDIT: If for some reason you need to debug this, you could try to enable debugging in smtpd depending on who is connecting to your service. Edit /etc/postfix/master.cf, locate smtpd service and add a line like this one:

smtp      inet  n       -       -       -       -       smtpd
       -o debug_peer_level=10 -o debug_peer_list=1.2.3.4

It will enable debug only for peer 1.2.3.4. This should give you an idea of what is happening when the client 1.2.3.4 is connecting to the smtp service to send you email, by looking at your mail log.

Torian
  • 2,364
  • 18
  • 10
  • It is not working for some reason. Is there any way to debug this? – Daniel C. Sobral Nov 17 '10 at 19:55
  • check out the answer. I edited and put some info on how to debug the scenario only for the peer which is troubling you. – Torian Nov 18 '10 at 03:51
  • Thanks, but I think I know what the problem is... It's not the sender rules rejecting the e-mail, but the client rules -- so I was making changes at the wrong place. I am just now putting configuration about the client in place (check_client_access in smtpd_client_restrictions), and if everything goes well I'll post a note here. I _will_ ask for the text to be corrected before accepting the answer though. :-) At any rate, thanks for putting me in the right direction. – Daniel C. Sobral Nov 18 '10 at 16:16
  • As a matter of fact, you are right. The problem being the client without reverse dns record, and not the recipient (or from) to which it is sending is solved by smtpd_client_restrictions. The way in which you solve this is similar. I'll correct the answer. You welcome, and thanks for pointing the mistake. – Torian Nov 18 '10 at 18:16
  • Seems I have insufficient points on this stack platform to edit this helpful posting: There's a little typo "postifx" that's easily missed. – BurninLeo Mar 09 '19 at 12:06
  • In case it helps: I added as this as first restriction to my existing `smtpd_sender_restrictions` which had `reject_unknown_client_hostname` in the list and caused the rejection – DrPsychick Mar 06 '21 at 22:13