On 6/7/2020 9:01 AM, A. Schulze wrote:
Am 07.06.20 um 14:38 schrieb yuv:
Is there a valid reason for a sender not to fix something so essential
as DNS configuration?
no valid reason but reality.
There are so many sendings hosts named "foobar.local". Via NAT they are visible
with a public IP
and a perfect DNS. But this hosts still say "EHLO foobar.local"
It's the receivers policy how to handle such connections.
reject_unknown_helo_hostname reject them.
Andreas
It's been my experience that reject_unknown_helo_hostname has more
false positives than stopping actual spam, and the few spam that
fail it usually fail other tests. Use with caution. Rejecting
invalid or non-FQDN helo names is relatively safe.
It's also been my experience that reject_unknown_client_hostname has
a large number of false positives, while
reject_unknown_reverse_client_hostname is relatively safe.
YMMV
-- Noel Jones