Mail PTR Records

Matt Kettler mkettler at
Tue Mar 4 16:38:15 GMT 2008

Nathan Olson wrote:
> It looks like require_rdns works at the check_relay level,
> which is at connection time, so you are correct.  If the
> connection proceeds to HELO/EHLO, then refusal based on
> lack of a PTR record is forbidden.

I'd say that even that isn't forbidden. You must not prohibit email based on DNS 
lookup validation of the HELO/EHLO content (unless the content is syntactically 
invalid, as this would cause your server to violate RFCs when generating 
Received: headers quoting it. See RFC 1123 section 5.2.5).

However, AFAIK, there's nothing saying you can't block for other reasons at the 
end of the HELO/EHLO command. They've only prohibited DNS lookup validation as a 
reason, not the HELO/EHLO transaction as a point in time.

Ideally you should handle all blocking at the earliest possible stage, as this 
conserves resources and saves time. But AFAIK, that's a should, not a must.

> I was incorrect.

More information about the MailScanner mailing list