Hi Rui, On Fri, 11 Aug 2017 12:36:34 +0100 Rui Ribeiro wrote: > There were even customized ports of Qmail in the past that had > options that could be easily be enabled to downright refuse email > from emails hosts not matching A/PTR or HELO
Postfix has these types of filters built in by default. Similar to spamd's standard greylisting & stuttering options, these lightweight DNS tests are simply superb spam nukers. Why? Zombies can't set a machine's (r)DNS, nor make them match. These Postfix options kill spam (be careful about using on port 587): smtpd_client_restrictions = reject_unknown_client_hostname smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unlisted_sender reject_unknown_sender_domain smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain For testing, each can be prefixed with 'warn_if_reject'. Warnings are logged while the session continues as usual. There are other more and less aggressive (RFC derived) settings. See http://www.Postfix.Org/postconf.5.html Cool, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7