ghe wrote, at 04/10/2009 02:54 PM: > Oh, dear! I'm not sure what, if anything, I can do about this, but > thanks to you all for the response(s). Maybe a non-caching name server > might help.
You've only indicated that an authenticated client's IP address does not reliably provide a reverse lookup. Why is that a problem? Is the connection being rejected? Authenticated users should be exempted from such checks. Provide the output of postconf -n. > I'm thinking it's getting to be time to turn > reject_unknown_sender_domain into a full reject instead of just a > warning, but if DNS isn't working quite right. What is wrong with the sender's domain (MAIL FROM:)? You don't mention it in any of your posts. The unknown client issue you reported only involves resolving the connecting IP and is unrelated to reject_unknown_sender_domain (which is normally safe to reject, with varying philosophies on *when* is the best time to reject it). Of course, if you mention this only because you think your DNS is unreliable, it is a concern. But the type of problem you're reporting is often isolated to a few domains. If you're logging warnings for reject_unknown_sender_domain, you should be able to review the logs to see if there is a regular problem with your DNS (but this would also be apparent for outgoing messages, in a much more serious way).
