[CentOS] postfix - reject of incoming mail due to helo check??

Thu Feb 2 18:01:56 UTC 2012
Giles Coochey <giles at coochey.net>

On 02/02/2012 17:35, Ned Slider wrote:
> On 02/02/12 15:44, Giles Coochey wrote:
>> On 2012-02-02 15:39, Ned Slider wrote:
>>> I would recommend removing reject_unknown_client from your
>>> smtpd_sender_restrictions.
>> I would not recommend that, I would recommend you fix your DNS. If you
>> have a lot of mail throughput perhaps run a caching-DNS server or proxy
>> to improve performance and reduce timeouts.
> What makes you think it's his DNS that is/was broken?
I didn't take much notice to the overall context of the error. The 
sender's DNS is broken, the sender may be the same organisation as the 
> But yes, a caching name server is almost obligatory for anyone running a
> mail server.
> There is a reason the default rejection code is 450 and that is because
> temporary failures in DNS lookups are not uncommon, otherwise it would
> be a permanent rejection. IMHO this setting is more likely to delay
> legitimate mail with temporary DNS issues, as is the case here, than it
> is to block spam. There are more reliable indicators of spam that are
> less likely to cause FPs than relying on a rDNS lookup.
There are times when you might want to just receive anything on port 25, 
missing rDNS is a good indication of a bot. I don't use absolute rules 
myself for accepting or rejecting emails on my gateways, but rather a 
score based system.

However, the sender will have a large number of deferred messages in 
their queue if we assume that the missing rDNS is a global problem and 
their users will eventually be receiving warning messages and later 
bounces for a good proportion of emails they send. I don't see any 
reason to go out of my way to workaround their problem.