On May 31, 2012, at 6:09 AM, Bob Hoffman wrote:
Not technically a centos question, but a lot of you guys seem to manage some large systems and I could use some clarification on a postfix setting.*
*reject_unknown_client_hostname (in postfix < 2.3 reject_unknown_client)
When I first used this there were issues with users trying to send mail through the server from hotels, wireless spots, etc. This was solved by pushing up permit sasl_authenticated.
I took it out after those issues. I read many online posts from 2008 saying too many false positives. (though none were clear if those were incoming mail or from mail users)
Do you use reject_unknown_client_hostname?
Other than someone trying to access the server to send mail through it as a user I do not see how this could be a bad setting and am thinking of using it. A person sending out a mail to the server, even if in that badly set up hotel wireless should be using their gmail, yahoo, own server, isp mail servers and should not be directly sending from their iphone....is that correct?
or do you ignore the use of this setting still?
-thanks for any updates on the use of this setting.
---- if the goal is to minimize spam then this is a really good option as it duplicates methodologies employed by a lot of the large e-mail providers (ie, AOL) which require both the forward and reverse addresses to resolve.
Requiring someone to authenticate to a known SMTP host is reasonable and prudent - and I would agree that the senders should be using a registered SPF (sender permitted from) SMTP host for forwarding their outgoing e-mails.
Craig