On 3/20/2021 9:33 PM, li...@lazygranch.com wrote:
...
This got me wondering about my own configuration. It turns out I use the other reverse check: smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
The fqrdns file is fine. I've used it for a long time with good results and (near) zero false positives. It also has the advantage that it doesn't need much maintenance.
reject_unknown_reverse_client_hostname,
This will reject clients with no/bad PTR hostname. This is mostly safe since many major mail providers will either mark such mail as spam or outright reject it.
If these aren't causing you any trouble, feel free to keep using them. -- Noel Jones
