On 6/3/2016 6:39 PM, Homer Wilson Smith wrote: > > The following main.cf, thanks to Noel, blocks mail whose > DNS is misconfigured as follows. > > 1.) IP -> nothing > > 2.) IP -> domain -> nothing > > 3.) IP -> domain -> IP2 > > It accepts only mail where > > 4.) IP -> domain -> IP > > I find that 1 and 2 block most of the spam, and very little > bad mail comes in via 3. > > I would like to automatically let all mail through where > > IP -> domain -> IP2 > > There are a small number of valid mail servers that are > misconfigued, like when the server's IP changes, and the admin > forgets to set the domain -> to the new IP. > > Periodically my large corp customers ask me to white list > IP's or domain names because they aren't getting valid mail. > and the misconfigurations are always of this type. > > Pointers to RTFM are welcome.
Right now you're using reject_unknown_client_hostname, which is a very strict check and known to reject legit mail. I expect this was mentioned in any earlier discussions. The other postfix built-in choice is reject_unknown_reverse_client_hostname, which rejects mail if the client has no IP->name mapping. This is considered generally safe and is reasonably effective at stopping spam. http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname For the other possible combinations of bad DNS setup, you'll need to use a policy service. -- Noel Jones
