[CentOS] question for those who run mail servers

Thu May 31 13:19:03 UTC 2012
Mike Burger <mburger at bubbanfriends.org>

> Not technically a centos question, but a lot of you guys seem to manage
> some large systems
> and I could use some clarification on a postfix setting.*
>
> *reject_unknown_client_hostname
> (in postfix < 2.3 reject_unknown_client)
>
> When I first used this there were issues with users trying to send mail
> through the server
> from hotels, wireless spots, etc. This was solved by pushing up permit
> sasl_authenticated.
>
> I took it out after those issues. I read many online posts from 2008
> saying too many
> false positives. (though none were clear if those were incoming mail or
> from mail users)
>
> Do you use reject_unknown_client_hostname?
>
> Other than someone trying to access the server to send mail through it
> as a user I do
> not see how this could be a bad setting and am thinking of using it.
> A person sending out a mail to the server, even if in that badly set up
> hotel wireless
> should be using their gmail, yahoo, own server, isp mail servers and
> should not
> be directly sending from their iphone....is that correct?
>
> or do you ignore the use of this setting still?
>
> -thanks for any updates on the use of this setting.

Hi, Bob.

I do not use this setting, though I do have this in my main.cf:

unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554

I can understand your wanting to use it, but you definitely want/need to
keep the "permit_sasl_authenticated" at the top.

The idea, as you're no doubt aware, is that if they have a username and
password, presumably you're allowing them to relay email, as long as
they've authenticated. The iPhone provides that functionality with little
effort required to configure.

-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org http://dogpound2.citadel.org
https://dogpound2.citadel.org

To be notified of updates to the web site, visit:

https://www.bubbanfriends.org/mailman/listinfo/site-update

or send a blank email to:

site-update-subscribe at bubbanfriends.org