Mikael Bak wrote: > I'm currently blocking all attepmts to connect from hosts not having a > valid reverse DNS name with "reject_unknown_reverse_client_hostname". > ... > Nevermind. To make it short: Is it ok to reject such sending servers or > not? :-)
In my believes using reject_unknown_reverse_client_hostname is fine, I wouldn't use reject_unknown_client_hostname. The latter would reject many many SOHO-setups, but the former is a restriction we are enforcing since more than a year right now (with peaks of slightly more than 6 million delivery attempts a day - so not that large, but large enough to encounter all sorts of trouble you could run into when enabling such a setting ;-)). You will for sure have a few people complaining, but as I can tell from my experience they'll satisfied if you can explain them, why you are doing so - and why you are also helping their business partners if you are doing so. It is far, far better to reject a mail than to put it into quarantine (as you reached the required spam score as of your missing PTR). Quarantine folders are seldom checked, mail there is always on risk to be completely lost. Rejected mail usually is able to inform at least the sender - and he will for sure call someone to ask for clarification (the recipient, his admin, his ISP...). You should prepare a mail template explaining WHY you are doing so (you are helping them - a very good argument is stating that their mails will be lost in large ISP's quarantine, if they don't fix their setup). Also explaing WHAT their business partner should fix this ("tell his server admin he should tell your ISP to configure a Reverse-DNS entry for their IP or use a correctly configured mail relay"). Be prepared to meet missconfigured hosts, and be prepared to add exceptions to your config (Hash file, DB, whatever). Many public entities are running badly configured systems - they'll NOT fix them and your customers will insist on receiving their mail. Therefore you will need a "whitelist"-feature. Best regards, Thomas Gelf