[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT? DNS checks in postfix - best practice, experience


Jogi Hofmüller schrieb am 06.3.2014:
> Personally I still think that having a matching IN A and IN PTR record
> for a mail server *and* use the same name in an EHLO/HELO message is a
> minimum requirement for a decently configured service.  Still, some
> admins disagree ...
> Now I was wondering how other people deal with this issue.  Curious what
> you people think/say.

for our really small (non ISP) mailserver setups we ended with two
levels of compromise:

>   reject_non_fqdn_sender
>   reject_non_fqdn_recipient
>   reject_unknown_sender_domain

These are always enabled.


This is enabled on some servers -- on others it does reject legitimate
mails. It is usually safer to assign a higher score in spamsassassin
than to reject.

>   reject_unknown_reverse_client_hostname
>   reject_non_fqdn_helo_hostname

These are never enabled as they sadly block way to much legitimate

We still use reject_invalid_helo_hostname to block nonsense HELOs.

Best regards,

Reply to: