Menu

#4937 Postfix "Reject clients with no reverse hostname "

1.830
closed-fixed
nobody
None
5
2017-04-30
2017-04-14
M.T.R
No

Hi Jamie,

The option "Reject clients with no reverse hostname " is in Postfix manual:
"reject_unknown_reverse_client_hostname"

Webmin uses instead:
"reject_unknown_client" which is since Postfix 2.3 replaced by "reject_unknown_client_hostname"

It's indeed a stronger rule than "reject_unknown_reverse_client_hostname"

In Postfix manual:

reject_unknown_client_hostname

(with Postfix < 2.3: reject_unknown_client)Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address. This is a stronger restriction than the reject_unknown_reverse_client_hostname feature, which triggers only under condition 1) above. The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name or name->address lookup failed due to a temporary problem.

reject_unknown_reverse_client_hostname

Reject the request when the client IP address has no address->name mapping.
This is a weaker restriction than the reject_unknown_client_hostname feature, which requires not only that the address->name and name->address mappings exist, but also that the two mappings reproduce the client IP address.

Cheers mike

ps.
it would be perhaps a good idea to update all the postfix rules to the actual postfix version.

Discussion

  • Jamie Cameron

    Jamie Cameron - 2017-04-16

    I had a look at the Webmin code, and for Postfix version 2.3 and above it already uses reject_unknown_reverse_client_hostname instead of reject_unknown_client

    Or are you suggesting that it would be good to support all these options?

     

  • M.T.R

    M.T.R - 2017-04-16

    Jamie, i think i found the reason for this problem:

    in postfix-lib.pl
    there is written concerning the version:
    $postfix_version < 2.3 ? "reject_unknown_client"

    my version is 2.11.3

    webmin handles my version as it was older then 2.3

    but in fact 2.11.3 is newer than 2.3

    i have tested this:

    if i change the line to
    $postfix_version < 2.11.3 ? "reject_unknown_client"

    then it is working as intended,
    webmin writes then:
    reject_unknown_reverse_client_hostname instead of reject_unknown_client

    hope this helps

    cheers mike

     

    Last edit: M.T.R 2017-04-16

  • M.T.R

    M.T.R - 2017-04-26

    Hi Jamie,

    did you have a look on this version issue?

    Thanks mike

     

  • Jamie Cameron

    Jamie Cameron - 2017-04-29
    • status: open --> closed-fixed
     

  • Jamie Cameron

    Jamie Cameron - 2017-04-29

    Sorry, I forgot about this bug - this will be fixed in the next Webmin release by doing a proper version comparison.

     

  • M.T.R

    M.T.R - 2017-04-30

    thanks lot.

    cheers mike

     

Log in to post a comment.