5

I explicitly added reject_unknown_client_hostname and several other reject rules to slow down SPAM in our server. So far that's working nicely.

However, there is an important client that keeps getting rejected by our mail server, either because there isn't a ptr record on their name server giving a valid hostname or because dns lookups are failing.

warning: 00.00.00.00: hostname 00.00.00.00.dynamic.isp.com verification failed: Name or service not known

In any case, before they get that fixed with their ISP, is there a way to allow only their IP in our postfix? I tried adding it to mynetworks but it didn't work.

Mike Darrow
  • 53
  • 3
  • Thanks guys! It worked, the only thing is that `check_client_access hash:/etc/postfix/access` has to go before `reject_unknown_client` – Mike Darrow Oct 09 '11 at 14:58

2 Answers2

4

You can do it as Lasy Badger suggests. Here a bit cleaner:

Modify main.cf:

smtpd_client_restrictions =
  check_client_access hash:/etc/postfix/client_access

Create /etc/postfix/client_access:

00.00.00.00    OK

After that you have to postmap /etc/postfix/client_access and then postfix reload.

But note: It will not work! At least not in your case. Because your "client" uses a dynamic IP. So you have to edit it every time your client changes his IP. Probably once a day.

So note that it is not your fault how you configured your server. It is the fault of your client to have a bad mail server configuration. One should not run a mail server behind a dynamic IP. Running one behind a dynamic IP looks like being a Spammer.

mailq
  • 17,023
  • 2
  • 37
  • 69
1

Did you tried STFW? I'm not postfix fun (I'm consider it as loozer's MTA), but nothing more than 3 URL from Google

smtpd_client_restrictions =
  check_client_access hash:/etc/postfix/maps/access_client, ...

Content of access_client

IP  <policy>
Lazy Badger
  • 3,137
  • 15
  • 13