Dear Tobias,
"Postfix rejects mail with "reject_unknown_client", even when a ptr record exist, but forward and reverse lookup are not identical. In our logs we see this misconfiguration happen very often. When I activate blocking these clients, the reject rate nearly doubles."
While not having a ptr in DNS is just a bad behavior, there is no requirement at all forward and reverse lookup to be identical. You will generate a lot of false positives (e.g. blocked mails from the correct senders) and your service quality for the customers will go down.
Beyond that, there is no requirement that the originating IP address (nor the associated domain name) has to match with the MX address to receive mails for these domains. Any many SOHO organizations are forced to send their SMTP traffic over the ISP SMTP server, highly probably not related to their small corporate infrastructure at all.
Reserving a dedicated IP address for each domain handled is simply a waste of IP addresses for the community.
There are smarter ideas around then black and white approaches, such as SPF, but this is not the golden egg either.
-Kurt.
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Xaver Aerni Sent: Saturday, March 19, 2005 11:53 AM To: swinog@swinog.ch Subject: AW: [swinog] Rejecting unknown/misconfigured mailclients
<snip>