On Fri, 2010-03-05 at 14:40 +1030, Tim wrote:
On Thu, 2010-03-04 at 13:42 -0700, Craig White wrote:
At this stage, I simply will not accept mail from any smtp server whose forward & reverse DNS don't match. So if you are sending me e-mails from server mail.example.com you better have a reverse DNS address that tells me that your ip address points to mail.example.com.
That's a rather bad idea, and simply not workable for an *awful* lot of people. You *will* be rejecting legit mail with that methodology.
Although many of us have our own domains, many of them will be hosted by a service which hosts hundreds or thousands of other sites using virtual named based hosting. We don't each get an IP, and it's completely impractical to expect that in an IPv4 world. The reverse IP will point to the host's domain name, not ours.
You need to do *better* testing than simply forward and reverse checking of one domain name.
---- first... at the point where AOL and other big user systems started enforcing that rule, it made total sense for me to do likewise. If you don't have forward/reverse dns resolution for your smtp server, you aren't getting e-mail through to the mail servers with a large user base, you aren't getting through to my servers either. You can stand on a soap box and shout about what you think is practical but if you can't get mail through to the big boys...
I actually have a long set of postfix rules which determine which mail gets through - far more than 'simply forward and reverse checking' and I'm surprised that you would think I would do less. I start with greylisting, I also require a full helo/ehlo, valid user, resolvable domain and more. I also use MailScanner which fully scores for spam and also implements phishing, virus checking and much more. I do this for many companies that are my clients and I get absolutely no complaints (and very little spam).
Craig