[gw1500se]

That’s why I need the less strict form. As long as the IP resolves to some name it will eliminate most of the spam that is now slipping by the blacklists and Spamassassin.

[gw1500se]

It now appears that Apple’s implementation is not standard or an obsolete version of Postfix. I found that the following works but is not in the postfix.com documentation:
[code]
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_unknown_hostname
[/code]
Unfortunately this is the equivalent of the strict restriction in the postfix.com documentation (reject_unknown_client_hostname). The less strict setting (reject_unknown_reverse_client_hostname) does not work nor does what seems logically to the be equivalent Apple setting, reject_unknown_reverse_hostname. And of course that is the setting I need.

[gw1500se]

I tried setting that parameter and it seems postfix does not recognize it. This may be a version issue. I cannot find what version of postfix this is. Does anyone know? Hopefully it is 2.1 or higher. Assuming that is the case does anyone know why postfix does not recognize it? TIA.

[gw1500se]

After a little more research I think I found what I am looking for. There is a postfix config parameter ‘smtpd_client_restrictions=reject_unknown_client_hostname’. Does anyone have experience with this? My main concern is that if I turn this on will all my local mail be rejected from my DHCP users or do I need to put an entry in my DNS zone for them? TIA.

[gw1500se]

Thanks for the reply. Who is ‘they’? If you mean Apple, I could use a link as I found nothing on that with my own searches.

As for what most spammers know, I get at least 100 connections per day that cannot be reverse resolved. Fortunately, blacklists and Spamassassin catch many of them but not enough.

[gw1500se]

I don’t know. I have a new iMac and when I turn the brightness all the way down it gets dark enough so that it is unreadable unless you are right on top of it.

[gw1500se]

You could turn the brightness and contrast all the way down.

[gw1500se]

On the client, try deleting config/mcx_cache in netinfo manager and all the files in /Library/Preferences/DirectoryService. Then restart the client.

Did you verify that both LDAPv3 config and Authentication in Directory Access are correct?

[gw1500se]

We had exactly the same problem. It is fixed in Tiger server.

[gw1500se]

We’ve finally isolated it to our firewall. If we turn it off completely, it works. Thanks for the help anyway.

[gw1500se]

Thanks for the reply. Is there a mechanism for querying the password server?

[gw1500se]

To what does this refer? A dual homed host?

[gw1500se]

[QUOTE]Same problem here. Using the gui.[/QUOTE]
I called this in to Apple. The result was a surprise. According to Apple, reverse DNS is not supported via the GUI and an enterprise contract (as opposed to normal Applecare) is required to support it via command line. Interestingly, we also have XSAN installed. Reverse DNS is required by XSAN. Catch-22.

[gw1500se]

Thanks for the reply.

[QUOTE]How are the signing on? Are they using terminal or something else?
I usually do something like

%ssh [email protected]
[/QUOTE]
Exactly.

[QUOTE]it just asks for a password. Is that what’s happening (or not happening)?[/QUOTE]
That is what is not happening.

[QUOTE]Have these particular users been able to log on in the past and is this a new problem?[/QUOTE]

This is a new problem to us. We use ssh very little and hardly ever from the internet, until now. So there is no way to know if this has been a problem all along or not.

[gw1500se]

What is in /var/spool/imap/user?

[Author]

Posts