Yes, there is a reason. If they have a large amount of virtualized servers set up using wildcarding, like: *.123.123.123.in-addr.arpa IN PTR mailservers.office365.com
Its of course not possible to add the corresponding forward record, because that would create a pretty large forward zone, especially if Microsoft does this with a large amount of IP-adresses. Dynamically assigning reverse/forward, like *.123.123.123.in-addr.arpa IN PTR *.mailservers.office365.com, so a server like 72.123.123.123 has a PTR of 72.mailservers.office365.com, would require specialised name server software, same with the forward zone, if you don't want unneccesarly large zones. You could however check which ASN's microsoft has, and then whitelist these in a rule file so these IPs will be let through without any spam checking. (Be careful however, so you don't put the whitelist too early and let through mails you don't want to let through at all) -----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Karel Skickat: den 15 februari 2016 10:19 Till: postfix users <postfix-users@postfix.org> Ämne: Re: Can this sort of spam be easily and safely blocked in postfix > On 2016-02-14 18:34, Bill Cole wrote: > >> are there any legitimate (non-spam) senders, that would be blocked by >> reject_unknown_client_hostname ? > > Do you consider Microsoft's Office365 to be "legitimate?" > > They send substantial non-spam, yet many of their output IPs have PTR > addresses which yield addresses which do not resolve back to the > original IPs. sorry for keep dwelling on this, but is there any reason why a legitimate sender (ie Microsoft) would not use corresponding IP -> hostname -> IP ? Is there some technical limitation that prevents them from doing it?
smime.p7s
Description: S/MIME Cryptographic Signature