On 10/7/2013 12:25 PM, Jim Reid wrote: > On 7 Oct 2013, at 18:15, Erwan David <er...@rail.eu.org> wrote: > >> Google is really rejecting emails in IPv6 because of a lack of PTR... > > If that's the case, good. Just do The Right Thing and arrange a valid PTR for > the IPv6 address that speaks SMTP. This should be simpler and less hassle > than changing the postfix config. Or adding more workaround to that when > someone finds yet more mail providers who reject connections from addresses > with no reverse DNS. > > SMTP from an address with no reverse DNS is a fairly good indicator of a spam > source. YMMV.
Agreed. Postfix' reject_unknown_reverse_client_hostname is functionally equivalent to what Google is doing here. And I'd guess everyone here enables this restriction. And if not, they should. Hmm...that makes me wonder... Since Postscreen stops bots without checking for existence of PTR, I'm wondering if many folks have simply eliminated this restriction in main.cf, and thus forgotten how critical PTR is as a first level of trust evaluation of inbound SMTP connections. Yesterday reject_unknown_reverse_client_hostname accounted for 45% of rejected spam attempts here. I do not use Postscreen. And neither does Google, and their MTA is self baked. -- Stan
