Re: OT? DNS checks in postfix - best practice, experience
Jogi Hofmüller schrieb am 06.3.2014:
> Personally I still think that having a matching IN A and IN PTR record
> for a mail server *and* use the same name in an EHLO/HELO message is a
> minimum requirement for a decently configured service. Still, some
> admins disagree ...
> Now I was wondering how other people deal with this issue. Curious what
> you people think/say.
for our really small (non ISP) mailserver setups we ended with two
levels of compromise:
These are always enabled.
This is enabled on some servers -- on others it does reject legitimate
mails. It is usually safer to assign a higher score in spamsassassin
than to reject.
These are never enabled as they sadly block way to much legitimate
We still use reject_invalid_helo_hostname to block nonsense HELOs.