Salut,
J’ai activé dans Postfix l’option smtpd_client_restrictions = reject_unknown_client. Le but est de refuser les mails provenant d’adresses IP qui n’ont pas de reverse DNS afin d’éliminer une partie du spam.
Y’a un truc que j’ai dû faire de travers, car…
Or bien entendu, aucun problème du côté de la résolution inverse…
[code]# dig -x 209.85.214.49
; <<>> DiG 9.7.3 <<>> -x 209.85.214.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3134
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;49.214.85.209.in-addr.arpa. IN PTR
;; ANSWER SECTION:
49.214.85.209.in-addr.arpa. 33485 IN PTR mail-bk0-f49.google.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb 16 13:04:35 2012
;; MSG SIZE rcvd: 81[/code]
NB: ça me fait ça avec n’importe quel émetteur.
Dès que je désactive l’option reject_unknown_client y’a plus aucun souci.
Mon serveur DNS local est dnsmasq (le domaine lui-même est “hébergé” sur les DNS du registrar), mais je ne pense pas que ça joue (le dig -x prouve que ça fonctionne).
Une piste ? Je sèche…
Edit : Rien de bien extraordinaire mais voici tout de même mon /etc/postfix/main.cf
[code]# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
appending .domain is the MUA’s job.
append_dot_mydomain = no
Uncomment the next line to generate “delayed mail” warnings
delay_warning_time = 1h
readme_directory = no
TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
information on enabling SSL in the smtp client.
myhostname = XXX.XXX.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = XXX.XXX.com, localhost.XXX.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
virtual_uid_maps = static:3000
virtual_gid_maps = static:3000
virtual_mailbox_base = /home/mail-delivery
virtual_transport = dovecot
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
check_policy_service inet:127.0.0.1:10023,
reject_invalid_hostname
Le coupable est ici…
#smtpd_client_restrictions = reject_unknown_client
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
dovecot_destination_recipient_limit = 1[/code]