Somebody in the thread at some point said:
I think reject_unknown_client refers to rDNS for the connect IP, not
the
hello hostname, which would be reject_unknown_hostname. My milter
disallows relaying from any connect IP that seems "dynamic", such as having
no rDNS at all.
You're quite right. Now there aren't too many direct spams I quite like
looking at the headers of the successful ones anyway, I'll do a host on
the HELO fqdn by hand for a while and see if it would be worth the risk
of unwanted rejects by adding reject_unknown_hostname.
> # reject bad syntax hostname
> reject_invalid_hostname,
> # non FQDN gets the boot
> reject_non_fqdn_hostname
I have my milter set up to reject any form of numeric hello, even the
RFC-compliant [xx.xx.xx.xx], and then to reject if the hello has DNS "A"
record. I don't check for "MX", since AIUI anything with an "MX"
record
should have an "A" record, and "MX" records are for receiving email,
not
sending it.
Do you mean "reject if the hello *doesn't* have a DNA A record"?
Thanks for the precision on the host and HELO reject_unknown_*
-Andy