Mail PTR Records
Matt Kettler
mkettler at evi-inc.com
Tue Mar 4 16:38:15 GMT 2008
Nathan Olson wrote:
> It looks like require_rdns works at the check_relay level,
> which is at connection time, so you are correct. If the
> connection proceeds to HELO/EHLO, then refusal based on
> lack of a PTR record is forbidden.
I'd say that even that isn't forbidden. You must not prohibit email based on DNS
lookup validation of the HELO/EHLO content (unless the content is syntactically
invalid, as this would cause your server to violate RFCs when generating
Received: headers quoting it. See RFC 1123 section 5.2.5).
However, AFAIK, there's nothing saying you can't block for other reasons at the
end of the HELO/EHLO command. They've only prohibited DNS lookup validation as a
reason, not the HELO/EHLO transaction as a point in time.
Ideally you should handle all blocking at the earliest possible stage, as this
conserves resources and saves time. But AFAIK, that's a should, not a must.
> I was incorrect.
More information about the MailScanner
mailing list