Re: OT? DNS checks in postfix - best practice, experience
On 06.03.14 10:42, Jogi Hofmüller wrote:
Ever since we started using postfix in our small environment we had all
the DNS related checks [1] enabled. Every now and then we get problems
because a misconfiguration on some mail server keeps it from
successfully delivering e-mail to us.
Personally I still think that having a matching IN A and IN PTR record
for a mail server *and* use the same name in an EHLO/HELO message is a
minimum requirement for a decently configured service. Still, some
admins disagree ...
just note that requiring the same name in HELO and (fc)rDNS is in a
violation of the SMTP standard (since it exists). However I can't find this
requirement in postfix restrictions so this should not be a problem :-)
Now I was wondering how other people deal with this issue. Curious what
you people think/say.
[1] DNS related checks we use:
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_non_fqdn_helo_hostname
reject_unknown_reverse_client_hostname
reject_unknown_recipient_domain
reject_unknown_sender_domain
all these should be OK
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer
Reply to: