M postfix/main.cf => postfix/main.cf +2 -2
@@ 33,8 33,8 @@ anvil_rate_time_unit = 60s
smtpd_client_auth_rate_limit = 10
smtpd_client_connection_rate_limit = 10
smtpd_client_new_tls_session_rate_limit = 10
-# reject if not authenticated
-smtpd_client_restrictions = permit_sasl_authenticated, reject
+# reject if client IP and hostname do not match EXCEPT if authenticated
+smtpd_client_restrictions = permit_sasl_authenticated, reject_unknown_client_hostname
# reject if HELO or EHLO hostname does not have a valid A or MX record
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_helo_required = yes
M postfix/main.cf.tls-in => postfix/main.cf.tls-in +2 -2
@@ 34,8 34,8 @@ anvil_rate_time_unit = 60s
smtpd_client_auth_rate_limit = 10
smtpd_client_connection_rate_limit = 10
smtpd_client_new_tls_session_rate_limit = 10
-# reject if not authenticated
-smtpd_client_restrictions = permit_sasl_authenticated, reject
+# reject if client IP and hostname do not match EXCEPT if authenticated
+smtpd_client_restrictions = permit_sasl_authenticated, reject_unknown_client_hostname
# reject if HELO or EHLO hostname does not have a valid A or MX record
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_helo_required = yes