On Sam, Mär 19, 2005 at 12:40:58 +0100, Kurt A. Schumacher wrote:
While not having a ptr in DNS is just a bad behavior, there is no requirement at all forward and reverse lookup to be identical. You will generate a lot of false positives (e.g. blocked mails from the correct senders) and your service quality for the customers will go down.
RFC1912 - Common DNS Operational and Configuration Errors
2.1 Inconsistent, Missing, or Bad Data
Every Internet-reachable host should have a name. The consequences of this are becoming more and more obvious. Many services available on the Internet will not talk to you if you aren't correctly registered in the DNS.
Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. If a host is multi-homed, (more than one IP address) make sure that all IP addresses have a corresponding PTR record (not just the first one). Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all. Also, PTR records must point back to a valid A record, not a alias defined by a CNAME. It is highly recommended that you use some software which automates this checking, or generate your DNS data from a database which automatically creates consistent data.
Beyond that, there is no requirement that the originating IP address (nor the associated domain name) has to match with the MX address to receive mails for these domains. Any many SOHO organizations are forced to send their SMTP traffic over the ISP SMTP server, highly probably not related to their small corporate infrastructure at all.
That's not the issue, in fact it's not an issue at all...
Reserving a dedicated IP address for each domain handled is simply a waste of IP addresses for the community.
You got the meaning of reject_unknown_client slightly wrong....
There are smarter ideas around then black and white approaches, such as SPF, but this is not the golden egg either.
No it's not... but it is the best approach known to "patch" smtp for the things smtp is used these days...
Regards Philipp