On 02/02/12 15:44, Giles Coochey wrote: > On 2012-02-02 15:39, Ned Slider wrote: >> >> I would recommend removing reject_unknown_client from your >> smtpd_sender_restrictions. >> > > I would not recommend that, I would recommend you fix your DNS. If you > have a lot of mail throughput perhaps run a caching-DNS server or proxy > to improve performance and reduce timeouts. > What makes you think it's his DNS that is/was broken? But yes, a caching name server is almost obligatory for anyone running a mail server. There is a reason the default rejection code is 450 and that is because temporary failures in DNS lookups are not uncommon, otherwise it would be a permanent rejection. IMHO this setting is more likely to delay legitimate mail with temporary DNS issues, as is the case here, than it is to block spam. There are more reliable indicators of spam that are less likely to cause FPs than relying on a rDNS lookup.