>While I have you, what happens if the PTR is forged? like: > >spam.ebay.com >amazon.com.spam.com > >Spammers know that usually the PTR for those domains are whitelisted.
yes, but with my current "advanced" config using restrictions classes, I can do logic like this: If PTR hostname is ebay.com, then reject_unknown_hostname, reject_unknown_client, This would catch PTR forgers, because postfix will look up the A record for label.ebay.com, and it won't match the forger's PTR hostname, so reject. you could achieve similar with an mta_clients_bogus.map file amazon.com reject_unknown_hostname, reject_unknown_client ebay.com reject_unknown_hostname, reject_unknown_client paypay.com reject_unknown_hostname, reject_unknown_client Your 4tuple reports, sorted by IP, will show help you see if forging of PTR hostnames is happening. Len
