LuKreme wrote, at 06/23/2009 02:58 AM: > On 22-Jun-2009, at 18:29, mouss wrote: >>> Is there anyway to, if not outright reject anyone whose DNS shows up as >>> unknown to at least tempfail them with a "Ooops, your DNS is not >>> resolving, try back later" or something? > >> if you insist, you could use one of >> >> http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname >> >> http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname >> >> but use at your own risks. In particular, reject_unknown_client_hostname >> (previously: reject_unknown_client) _will_ block or delay legitimate >> mail. > > Will it block or delay it? Can I set the error code to a tempfail > instead of a outright rejection. Blocking legitimate mail that fails dns > checks is one thing, rejecting it outright is another thing altogether.
When using the default response code (450) the practical effect is that the sending MTA will continually try to resend the message and you will continually deny it until it gives up. Thus, it is blocked, at higher expense for both sides. The only *true* delay will occur when the sender fixes DNS or you relax your restriction, allowing the message to be delivered. You are correct that changing unknown_client_reject_code to 550 is not something that should be considered lightly.
