On Fri, 3 Jun 2016, Noel Jones wrote:
On 6/3/2016 6:39 PM, Homer Wilson Smith wrote:
The following main.cf, thanks to Noel, blocks mail whose
DNS is misconfigured as follows.
1.) IP -> nothing
2.) IP -> domain -> nothing
3.) IP -> domain -> IP2
It accepts only mail where
4.) IP -> domain -> IP
I find that 1 and 2 block most of the spam, and very little
bad mail comes in via 3.
I would like to automatically let all mail through where
IP -> domain -> IP2
There are a small number of valid mail servers that are
misconfigued, like when the server's IP changes, and the admin
forgets to set the domain -> to the new IP.
Periodically my large corp customers ask me to white list
IP's or domain names because they aren't getting valid mail.
and the misconfigurations are always of this type.
Pointers to RTFM are welcome.
Right now you're using reject_unknown_client_hostname, which is a
very strict check and known to reject legit mail. I expect this was
mentioned in any earlier discussions.
Yes, and this is VERY effective at killing spam, but does get
some good mail as stated.
The other postfix built-in choice is
reject_unknown_reverse_client_hostname, which rejects mail if the
client has no IP->name mapping. This is considered generally safe
and is reasonably effective at stopping spam.
http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname
Yes, however this lets through so much spam that our barracuda
can't keep up with it. It's like day and night.
For the other possible combinations of bad DNS setup, you'll need to
use a policy service.
OK, can you point me to RTFM for this?
Thanks for all your hard work.
Homer W Smith
CEO Lightlink.com
-- Noel Jones
