Not technically a centos question, but a lot of you guys seem to manage some large systems and I could use some clarification on a postfix setting.*
*reject_unknown_client_hostname (in postfix < 2.3 reject_unknown_client)
When I first used this there were issues with users trying to send mail through the server from hotels, wireless spots, etc. This was solved by pushing up permit sasl_authenticated.
I took it out after those issues. I read many online posts from 2008 saying too many false positives. (though none were clear if those were incoming mail or from mail users)
Do you use reject_unknown_client_hostname?
Other than someone trying to access the server to send mail through it as a user I do not see how this could be a bad setting and am thinking of using it. A person sending out a mail to the server, even if in that badly set up hotel wireless should be using their gmail, yahoo, own server, isp mail servers and should not be directly sending from their iphone....is that correct?
or do you ignore the use of this setting still?
-thanks for any updates on the use of this setting.
Hi, Bob.
I do not use this setting, though I do have this in my main.cf:
unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554
I can understand your wanting to use it, but you definitely want/need to keep the "permit_sasl_authenticated" at the top.
The idea, as you're no doubt aware, is that if they have a username and password, presumably you're allowing them to relay email, as long as they've authenticated. The iPhone provides that functionality with little effort required to configure.