I'm going to take this chance to pipe into this thread that I am confused about Vincent's issue. He says that the client which lacked PTR (the one run by a Debianista) was not a mail exchanger, or not exchanging mail.
Why, then, would reject_unknown_reverse_client_hostname be an issue? Obviously one must never apply this against one's own submitting users. Or was Vincent confused about the distinction between mail exchanging clients and submission clients? On Tue, May 07, 2013 at 03:12:58PM -0500, Stan Hoeppner wrote: > On 5/6/2013 6:54 PM, /dev/rob0 wrote: > > FCrDNS itself is not just a best practice, it is a > > requirement. > > It is preferred, but optional, not required. If it was a I was speaking in a functional sense. In the real world, you either have FCrDNS for your outbound, or you have massive deliverability issues. > *requirement* then Postfix would have neither of these two > restrictions, and the first would simply be hard coded into > postscreen and smtpd. Nitpick there: postscreen does not look up rDNS. :) > reject_unknown_client_hostname > reject_unkown_reverse_client_hostname > > Obviously it is not. > > In addition, if FCrDNS was indeed a requirement, then nobody would > accept mail from my SOHO Postfix server, nor any mail servers > behind the tens of thousands of "business class" ADSL circuits in > the US which offer static IPs but not custom rDNS. Peter has explained this: you indeed seem to have FCrDNS, just not "good" FCrDNS with a custom PTR. You have generic-looking FCrDNS of the kind that your famous PCRE file is designed to block. :) > You yourself accept mail from my outbound, so obviously you're > not strictly enforcing FCrDNS. I do use reject_unknown_reverse_client_hostname for most recipient domains. I do not use reject_unknown_client_hostname much. Neither do I use reject_unknown_helo_hostname; and no policy daemon whereby the HELO and PTR are required to match. If you're not on Zen (PBL) you're fine by me. :) > That or you've manually whitelisted my IP. Perish the thought! I would do no such thing! ;) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
