On Fri, 11 Aug 2017 12:36:34 +0100 Rui Ribeiro wrote:
> There were even customized ports of Qmail in the past that had
> options that could be easily be enabled to downright refuse email
> from emails hosts not matching A/PTR or HELO
Postfix has these types of filters built in by default.
Similar to spamd's standard greylisting & stuttering options,
these lightweight DNS tests are simply superb spam nukers.
Why? Zombies can't set a machine's (r)DNS, nor make them match.
These Postfix options kill spam (be careful about using on port 587):
For testing, each can be prefixed with 'warn_if_reject'.
Warnings are logged while the session continues as usual.
There are other more and less aggressive (RFC derived) settings.
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7