On Thu, Sep 17, 2015 at 23:31:04 +0200, Werner Detter wrote: > Hi Julien, > > this is the default behaviour of policyd-weight, from the manpage: > > -- cut -- > @bogus_mx_score (2.1, 0) > If the sender domain has neither MX nor A records or these records > resolve to a bogus IP-Address > (for instance private networks) then this check asigns the full score of > bogus_mx_score. If there is > no MX but an A record of the sender domain then it receives a penalty only if > DNSBL-listed. > > Log Entries: > > BOGUS_MX > The sender A and MX records are bogus or empty. > > BAD_MX > The sender domain has an empty or bogus MX record anthe client is > DNSBL listed. > > Related RFCs: > > [1918] Address Allocation for Private Internets > [2821] Simple Mail Transfer Protocol (Sect 3.6 and Sect 5) > -- cut -- > > Having an global A-record with a private IP address is "suspicous" as those > addresses aren't routed > globally. I don't think this is something that needs to be adjusted within > policyd-weight. > The above says "The sender A and MX records are bogus or empty", it doesn't say "The sender A or MX records are bogus or empty"?
And anyway, if the sender domain has a MX record, its A or AAAA records shouldn't matter in the email context in any way. The sender address in this case is reachable, there's nothing wrong with it, unlike if the MX record was pointing at a host with a private address, or if there was no MX record and a private address in the A record, so I don't think these cases should be treated the same. In one of them I'm rejecting valid mail, in the other I'm rejecting mail from an unreachable address. Cheers, Julien
signature.asc
Description: Digital signature
