[CentOS] postfix - reject of incoming mail due to helo check??

Thu Feb 2 17:35:51 UTC 2012
Ned Slider <ned at unixmail.co.uk>

On 02/02/12 15:44, Giles Coochey wrote:
> On 2012-02-02 15:39, Ned Slider wrote:
>> I would recommend removing reject_unknown_client from your
>> smtpd_sender_restrictions.
> I would not recommend that, I would recommend you fix your DNS. If you
> have a lot of mail throughput perhaps run a caching-DNS server or proxy
> to improve performance and reduce timeouts.

What makes you think it's his DNS that is/was broken?

But yes, a caching name server is almost obligatory for anyone running a 
mail server.

There is a reason the default rejection code is 450 and that is because 
temporary failures in DNS lookups are not uncommon, otherwise it would 
be a permanent rejection. IMHO this setting is more likely to delay 
legitimate mail with temporary DNS issues, as is the case here, than it 
is to block spam. There are more reliable indicators of spam that are 
less likely to cause FPs than relying on a rDNS lookup.