> On May 12, 2018, at 6:45 PM, James <postfix_trac...@trackivity.com> wrote:
>
> 1) DNS lookup failures: stuff *does* break occasionally and there *will* be
> minutes/hours when you reject stuff unintentionally,
For the record, when the problem is lost packets, lame delegations,
expired DNSSEC signatures, ... mail will be deferred (4XX error code)
not rejected (5XX). Only when the DNS definitively returns no
reverse or forward data, or the two don't match with the mail be
rejected by this restriction. Which still does not make it broadly
safe, but it is not quite so brittle as to hard fail for a few lost
packets or some other transient problem that makes queries fail.
--
Viktor.
