[CentOS] question for those who run mail servers
Craig White
craig.white at ttiltd.com
Thu May 31 17:35:13 UTC 2012
On May 31, 2012, at 6:09 AM, Bob Hoffman wrote:
> Not technically a centos question, but a lot of you guys seem to manage
> some large systems
> and I could use some clarification on a postfix setting.*
>
> *reject_unknown_client_hostname
> (in postfix < 2.3 reject_unknown_client)
>
> When I first used this there were issues with users trying to send mail
> through the server
> from hotels, wireless spots, etc. This was solved by pushing up permit
> sasl_authenticated.
>
> I took it out after those issues. I read many online posts from 2008
> saying too many
> false positives. (though none were clear if those were incoming mail or
> from mail users)
>
> Do you use reject_unknown_client_hostname?
>
> Other than someone trying to access the server to send mail through it
> as a user I do
> not see how this could be a bad setting and am thinking of using it.
> A person sending out a mail to the server, even if in that badly set up
> hotel wireless
> should be using their gmail, yahoo, own server, isp mail servers and
> should not
> be directly sending from their iphone....is that correct?
>
> or do you ignore the use of this setting still?
>
> -thanks for any updates on the use of this setting.
----
if the goal is to minimize spam then this is a really good option as it duplicates methodologies employed by a lot of the large e-mail providers (ie, AOL) which require both the forward and reverse addresses to resolve.
Requiring someone to authenticate to a known SMTP host is reasonable and prudent - and I would agree that the senders should be using a registered SPF (sender permitted from) SMTP host for forwarding their outgoing e-mails.
Craig
More information about the CentOS
mailing list