Slightly OT: Postfix smtpd restrictions

John Wilcock john at tradoc.fr
Thu Jun 24 13:51:46 IST 2010


Le 24/06/2010 13:57, Jason Ede a écrit :
> This is purely MTA based, but since a lot of users here run postfix...
>
> How have others found *reject_unknown_reverse_client_hostname** *and the
> more harsh *reject_unknown_client_hostname** * in postfix? I’m debating
> implementing them here and wonder if others have found them problematic
> or useful? I thinking they should be good for weeding out spam emails
> and I can’t see that they should catch legitimate senders, but want to
> be sure.

In theory they *shouldn't* catch legit senders, but in practice not 
everyone has well-configured rDNS.

Quickly grepping through my recent logs for 'unknown\[' and counting 
either 'hold:' or 'reject:' shows that almost exactly 99% of those with 
unknown reverse DNS are rejected by other restrictions (primarily 
reject_non_fqdn_helo_hostname, reject_unlisted_recipient, 
reject_rbl_client zen.spamhaus.org). Of the 1% that aren't rejected, 
about a quarter are genuine regular correspondents. It would be possible 
to whitelist those regulars, of course, but IMO it wouldn't be worth the 
hassle.

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr


More information about the MailScanner mailing list