On Mon, 26 May 2025, Kenneth Ingham wrote:
Why is smtpd bouncing the mail when it does have rdns?
Pretty much every IP4 has rdns. When used as a filter, you want
something other than the ISP default (e.g. 4.3.2.1.myisp.com).
I don't use that filter, but it is likely looking for a match
between MAIL FROM and an rdns entry.
RANT:
rDNS is a stupid mail filter. Since inception, SMTP provides
HELO in the mail envelope with the host name. An MTA simple
looks up the HELO and verifies the IP matches the connect IP.
Simple, cheaper, just as effective as rDNS.
Why is this so little used? Well, when Microsoft introduced their
"easy to use" MTA, there were millions of mail admins who had
no clue what to put for HELO. The prompt, to Microsoft's credit,
helpfully told them to put the MTA's hostname. But these admins
just couldn't bring themselves to follow instructions, and
put just about everything EXCEPT the MTA's hostname.
Their emails were rejected, of course. But these were admins for
otherwise legitimate companies, and would reach out to the
email recipient, this was considered a bug, and recipients began
to disable checking for valid HELO. So now how do you check that
IP is legit for MAIL FROM? Enter rDNS. But rDNS is not implemented
but many ISPs. Eventually, SPF was developed to replace the role
that HELO once played - and can express much more complex relations
(including authorizing 3rd party mailers, like your situation).
CONCLUSION:
Use a filter that checks SPF, and in the absence of a policy, default
to checking that HELO and or MAIL FROM domain matches connect ip.
