I ma getting some backscatter problems lately. I used to have the line: reject_unknown_reverse_client_hostname, in my smtpd_client_restrictions but I commented it out because an important client is on a microsoft cloud and had been having problems sending mail to us.
Would adding the reject_unknown_reverse_client_hostname help with the backscatter? If it does, is there any other way to deal with these microsoft clouds and their screwed up reverse DNS? I am not a mialguy, our mailguy was downsized along with all the other tech staff except me. I write all the code here, but I have been lurking on this list for over a year. Thanks a bunch, Mike My postconf dump is below: alias_database = $alias_maps alias_maps = hash:/etc/aliases anvil_rate_time_unit = 180s biff = no body_checks = pcre:$config_directory/pcre.body_checks body_checks_size_limit = 1572864 broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix default_privs = nobody disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 fast_flush_domains = header_checks = pcre:$config_directory/pcre.header_checks html_directory = /usr/local/share/doc/postfix in_flow_delay = 1s inet_interfaces = $myhostname, localhost inet_protocols = ipv4 local_recipient_maps = unix:passwd.byname $alias_maps mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 67108864 milter_default_action = accept mime_header_checks = pcre:$config_directory/pcre.mime_header_checks mydestination = $myhostname, localhost mydomain = $myhostname myhostname = mailhost.intelacom.com mynetworks = 162.42.195.80, 162.42.195.41, 162.42.195.148,162.42.195.134, 162.42.195.135, 162.42.195.136, 75.127.176.42, 75.127.176.43, 75.127.176.44, 127.0.0.1 myorigin = $myhostname nested_header_checks = newaliases_path = /usr/local/bin/newaliases notify_classes = 2bounce, delay, resource, software proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $virtual_mailbox_domains $virtual_mailbox_maps $virtual_alias_maps queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix recipient_delimiter = + relay_domains = cdb:$config_directory/cdb.relay_domains sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop slow_destination_concurrency_limit = 2 slow_destination_recipient_limit = 20 smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_connection_count_limit = 30 smtpd_client_connection_rate_limit = 50 smtpd_client_port_logging = yes smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access pcre:$config_directory/pcre.whitelist_allow, warn_if_reject reject_unknown_client_hostname, warn_if_reject reject_rbl_client bl.spamcop.net, warn_if_reject reject_rbl_client psbl.surriel.com, reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining, permit smtpd_discard_ehlo_keywords = silent-discard, dsn smtpd_end_of_data_restrictions = check_policy_service unix:private/checkquota smtpd_error_sleep_time = ${stress?1s}${stress:5s} smtpd_hard_error_limit = ${stress?1}${stress:20} smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access pcre:$config_directory/pcre.whitelist_allow, check_helo_access pcre:$config_directory/pcre.helo_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rhsbl_helo dbl.spamhaus.org smtpd_junk_command_limit = ${stress?1}${stress:50} smtpd_milters = unix:/var/run/clamav/clmilter.sock smtpd_recipient_limit = 300 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_mx_access cidr:$config_directory/cidr.sender_mx_access, check_sender_mx_access cdb: $config_directory/cdb.sender_mx_access, check_recipient_access pcre: $config_directory/pcre.whitelist_allow, reject_rhsbl_sender dbl.spamhaus.org smtpd_soft_error_limit = ${stress?5}${stress:10} smtpd_timeout = ${stress?10s}${stress:120s} smtpd_tls_cert_file = /etc/ssl/mailhost.pem smtpd_tls_key_file = /etc/ssl/mailhost.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = no smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree: $data_directory/smtpd_tls_session_cache soft_bounce = no spamass_destination_recipient_limit = 1 strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom transport_maps = cdb:$config_directory/cdb.transport_maps unknown_address_reject_code = 550 unknown_client_reject_code = 550 unknown_hostname_reject_code = 550 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 virtual_alias_maps = proxy:mysql:$config_directory/virtual_alias_maps.cf proxy:mysql:$config_directory/virtual_catchall_maps.cf virtual_mailbox_domains = proxy:mysql: $config_directory/virtual_mailbox_domains.cf virtual_mailbox_maps = proxy:mysql:$config_directory/virtual_mailbox_maps.cf virtual_transport = dovecot -- Mike McGinn KD2CNU Ex Uno Plurima No electrons were harmed in sending this message, some were inconvenienced. ** Registered Linux User 377849