The documentation[1] and several e-mails here mention that
reject_unknown_client_hostname can reject legitimate e-mails.
What exactly are these scenarios? When do they occur in real life? Are
there really legitimate mail servers that don't have a reverse DNS
record that resolves to their IP?
I would like to know so that I can decide whether I should care and
whether I can use this option for my setup. I would only use this option
for port 25 (not submission) and make sure that sasl_authenticated
clients are exempt from it.
[1]http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
I use it. I like it. But... real world can/will bite you in the ass:
1) DNS lookup failures: stuff *does* break occasionally and there *will*
be minutes/hours when you reject stuff unintentionally, and
2) the source changes their systems or email provider, or their email
provider changes their systems, and formerly-working reverse DNS stops
resolving, for all kinds of reasons: I do encounter this occasionally
when exchanging email with small local businesses.
Therefore: watch your mail log. I exchange a very small amount of email
so it's easy for me to do this. Your mileage will vary.
--
- James
