Return-Path: Delivered-To: apmail-spamassassin-users-archive@www.apache.org Received: (qmail 87062 invoked from network); 3 Jun 2008 13:31:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Jun 2008 13:31:16 -0000 Received: (qmail 38156 invoked by uid 500); 3 Jun 2008 13:31:09 -0000 Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org Received: (qmail 37881 invoked by uid 500); 3 Jun 2008 13:31:09 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 37870 invoked by uid 99); 3 Jun 2008 13:31:09 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Jun 2008 06:31:09 -0700 X-ASF-Spam-Status: No, hits=1.6 required=10.0 tests=MISSING_HEADERS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [91.121.103.130] (HELO imlil.netoyen.net) (91.121.103.130) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Jun 2008 13:30:17 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=netoyen.net; h=message-id: date:from:mime-version:cc:subject:references:in-reply-to: content-type:content-transfer-encoding; q=dns/txt; s=msa; bh=t/R cvjl6BovR17uakEB7kjs2mXc=; b=tz/3n+BVdiJuqIyasAJdnh5xQl8XUzSBj6Z NwvOnfsqGsPHj++NPslATfYsw7EE7Pz6pwKAN8N13Qh1RD5MZOHJRFuWAVV8YqRG LTNW32sXN5pZ/KTkBQxJd1SPvHxppBi4lgWjNklpv2EeXTJOH/Nkff8SpeeC4Y99 +2P53dBQ= X-Virus-Scanned: amavisd-new at netoyen.net Received: from [192.168.1.65] (ouzoud.netoyen.net [82.239.111.75]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: mouss@netoyen.net) by imlil.netoyen.net (Postfix) with ESMTPSA id 1B6663BD6E19 for ; Tue, 3 Jun 2008 15:30:47 +0200 (CEST) Message-ID: <48454777.2020409@netoyen.net> Date: Tue, 03 Jun 2008 15:30:31 +0200 From: mouss User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 CC: users@spamassassin.apache.org Subject: Re: google netblocks records etc References: <004f01c8c4e5$c7563650$9e00000a@msys1> <48444FB8.5070300@perkel.com> <000801c8c4ee$87e288d0$4201a8c0@msys1> <20080603063231.GA4915@posti.hege.li> <45794.RkEUX0YQVF8=.1212487001.squirrel@mail.junc.org> <20080603103438.GA6781@posti.hege.li> <52177.RkEUX0YQVF8=.1212494549.squirrel@mail.junc.org> <20080603124231.GA8125@posti.hege.li> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org D Hill wrote: > [snip] > In Postfix: > > reject_unknown_reverse_client_hostname > Reject the request when the client IP address has no address->name > mapping. > > reject_unknown_client_hostname > Reject the request when 1) the client IP address->name mapping fails, > 2) the name->address mapping fails, or 3) the name->address mapping > does not match the client IP address. > > reject_unknown_client_hostname would be what you are calling confirmed > reverse. If I were to use that, support would start getting phone > calls and customers would start getting upset. He is about check_client_access. recent postfix also have check_reverse_client_hostname_access which acts on PTR (unconfirmed rDNS), but is intended for blocking, not whitelisting.