Jose Ildefonso Camargo Tolosa wrote, at 12/19/2008 08:47 PM: > On Fri, Dec 19, 2008 at 7:19 AM, Jorey Bump <l...@joreybump.com> wrote: >> Jose Ildefonso Camargo Tolosa wrote, at 12/18/2008 06:28 AM: >> >>> I think you should send more info on your config, for example: >>> >>> MX record for your domain. >>> myhostname entry from main.cf >>> >>> these two should match. >> There is no requirement that these match. They are completely unrelated. > > I said: should. There are some spam filters which uses the hostname > provided by the server and make several verifications like: > > + Is the hostname listed as a MX for the domain?
Such a filter would be broken. MX records are used only to specify the destination for a domain's mail, not the origin. Don't take my word for it, look at your maillog. You will immediately see that the client host is unlikely to match any MX record for much, if not most, of the legitimate mail you accept (it certainly won't for gmail, hotmail, etc.). Your own message doesn't even pass this test. In Postfix, $myhostname is the default for multiple settings, as seen when running this command: postconf -d | grep myhostname Not a single one of them has anything to do with the MX record. There is absolutely no benefit in having $myhostname match your domain's MX record. Suggesting that this will solve a configuration problem is a red herring. > + Does the hostname *forward* resolve to the IP I'm being contacted from? I agree that would be nice, but requiring the HELO/EHLO hostname to resolve to the client IP address would reject an unacceptable amount of legitimate mail (at least on my systems). > + Does the IP *reverse* resolve to the hostname? See above. For some international email, you can't even expect the client IP address to resolve to a PTR at all (although the situation seems to be improving). Strictly speaking, it would be useful to score based on FCrDNS: http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS But that begins only with a reverse lookup on the client IP address and doesn't consider the HELO/EHLO hostname at all.
