[CentOS] postfix - reject of incoming mail due to helo check??

Fri Feb 3 14:02:32 UTC 2012
Les Mikesell <lesmikesell at gmail.com>

On Fri, Feb 3, 2012 at 7:01 AM, Stephen Harris <lists at spuddy.org> wrote:
>> many "false" positives. There is no definitive RFC requirement that the
>> mapping has to match.
> But it's a standard security feature (on Solaris NFS server it was
> added around 1996, I think).  Without the match I could set my servers
> IP address to be "mail.google.com".  No one should believe me unless
> a forward lookup matches.  It is commonly considered "broken" for rDNS
> to return a value that doesn't match forward DNS.

If you say something is "broken", you should quote the RFC with the
MUST requirement that it breaks.  I don't think there is one for this.
 The forward and reverse naming control is delegated 2 different ways
and may not be under the same person's control.   It is also
relatively common to have multi-homed hosts with the same name for
multiple interfaces, or connections that go through NAT where the host
doesn't even know what source address will appear on its connections.

  Les Mikesell
     lesmikesell at gmail.com