Mikael Bak wrote:
> I'm currently blocking all attepmts to connect from hosts not having a
> valid reverse DNS name with "reject_unknown_reverse_client_hostname".
> ...
> Nevermind. To make it short: Is it ok to reject such sending servers or
> not? :-)
In my believes using reject_unknown_reverse_client_hostname is fine, I
wouldn't use reject_unknown_client_hostname. The latter would reject
many many SOHO-setups, but the former is a restriction we are enforcing
since more than a year right now (with peaks of slightly more than 6
million delivery attempts a day - so not that large, but large enough
to encounter all sorts of trouble you could run into when enabling such
a setting ;-)).
You will for sure have a few people complaining, but as I can tell from
my experience they'll satisfied if you can explain them, why you are
doing so - and why you are also helping their business partners if you
are doing so. It is far, far better to reject a mail than to put it
into quarantine (as you reached the required spam score as of your
missing PTR).
Quarantine folders are seldom checked, mail there is always on risk
to be completely lost. Rejected mail usually is able to inform at
least the sender - and he will for sure call someone to ask for
clarification (the recipient, his admin, his ISP...).
You should prepare a mail template explaining WHY you are doing so (you
are helping them - a very good argument is stating that their mails
will be lost in large ISP's quarantine, if they don't fix their setup).
Also explaing WHAT their business partner should fix this ("tell his
server admin he should tell your ISP to configure a Reverse-DNS entry
for their IP or use a correctly configured mail relay").
Be prepared to meet missconfigured hosts, and be prepared to add
exceptions to your config (Hash file, DB, whatever). Many public
entities are running badly configured systems - they'll NOT fix them
and your customers will insist on receiving their mail. Therefore you
will need a "whitelist"-feature.
Best regards,
Thomas Gelf
