My apologies for shouting, but this wrong idea just won't go away: >.... If Postfix can't determine the client's reverse domain >(tempfail) and therefore cannot even ask SpamHaus whether the >(verified) client (PTR) domain is on the whitelist,
NO! NO, NO, NO! Do NOT look up rDNS in the DWL. If you do, you will get random results, since we have no idea what rDNS our clients use. The Spamhaus DWL is only for DKIM signature domains. If you want to whitelist by sending host, look up the IP address. Once again, do NOT attempt to whitelist on rDNS. We now return you to your previous discussion. R's, John PS: > In a large enough organization, someone, somewhere will unilaterally >engage in some marketing under the radar, so we need to think about >separating the known good, rather than trying to preclude the unknown >bad. Quite right. It may be easier to hand out DKIM signing keys to people who know what they're doing, and keep everything else unsigned.
