> How can I reject connections from generic Forward Confirmed Reverse DNS > (FCrDNS) like “123-45-67-8.your.isp.com”.
I do not know if there is an easier way but you could make a script using check_policy_service or a milter to check if client name contains client IP. However i wonder how complicated the filter rules would be considering IPv6 and the different ways an address could be abbreviated. I have also seen some providers reverse the IPv4 in the FQDN. Also some legit mailers include the last part of the servers IP in the FQDN for large companies with many servers like gmail/google.