On January 12, 2010 1:33:46 PM -0500 Victor Duchovni
<victor.ducho...@morganstanley.com> wrote:
On Tue, Jan 12, 2010 at 01:12:52PM -0500, Frank Cusack wrote:
I can't accept mail from hosts with multiple PTR records without manually
whitelisting them. Additionally, I can't even tell that I'm experiencing
a failure until it is reported to me "manually" and out of band.
Don't use "reject_unknown_client_hostname" indiscriminantly. Do so only
for CIDR blocks in which you find a small number of legitimate MTAs in a
larger pool of spam sending hosts without valid PTR records.
In my case, I don't have reject_unknown_client_hostname configured.
Here is my postconf -n, also in my other thread on my problem:
mydestination =
mynetworks = 127.0.0.0/8
myorigin = foo.com
recipient_delimiter = +
relay_domains = foo.com
relay_recipient_maps = dbm:/etc/postfix/relay_recipients
smtpd_data_restrictions = reject_multi_recipient_bounce permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_unauth_pipelining
reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = reject_non_fqdn_sender
reject_unknown_sender_domain reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks check_sender_access
dbm:/etc/postfix/sender_access reject_unauth_destination
reject_non_fqdn_hostname reject_invalid_hostname check_sender_mx_access
cidr:/etc/postfix/bogus_mx reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rhsbl_sender bogusmx.rfc-ignorant.org reject_rhsbl_sender
zen.spamhaus.org reject_rhsbl_sender bl.spamcop.net permit
smtpd_reject_unlisted_sender = yes
transport_maps = dbm:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = dbm:/etc/postfix/virtual
suggestion: have postconf -n use multiline output like
smtpd_helo_restrictions = 1
2
3
Postfix does not by default reject clients with mismatched forward/reverse
DNS. Do not enable this feature for all IPs, it is not recomended. With
or without multiple PTRs, plenty of valid MTAs have various DNS issues.
It doesn't seem my configuration is doing that? I know I am not
intentionally doing it, that's for sure. I could care less if PTR matched.
But that is the distinguishing factor for this host trying to send me
mail, which is why I latched onto it.
-frank
