The two RFCs you quote are informational, and are not Internet standards. AFAIK, it is recommended but not required that mail servers' DNS A and PTR records match, and thus if you turn on such features you will be enforcing a requirement that does not exist in any Internet standard. Having said that, I do agree that where possible forward and reverse DNS should match. -j On Mon, 2008-04-07 at 11:09 +1200, Phil Snowdon wrote:
Why can't people correctly configure Mail and DNS correctly these days. If all legitimate mail servers had their forward and reverse DNS mapping configured correctly I could simply use the postfix reject_unknown_reverse_client_hostname, and instantly get rid of 10s of 1000's of unwanted spam messages.
However there are many servers set up in NZ where the forward and reverse DNS do not match, or there are no PTR records at all. After all this is outlined in RFC 1912 (section 2.1) and RFC 1033
Most of the big ISP mail servers are OK, but then they have customers running their own mailservers and this is where the problem lies. I have some numbers from tests over the weekend and it doesn't look good.
I am being too hopeful to expect mailservers to be configured correctly? I'm stuck between wanting to do things properly and help reduce SPAM on one side, and having customers on the other saying why can't I get mail from XXX.
While I can make an effort to try and contact the administrators of these mail servers the shear numbers make it difficult and even then i imagine the response would be 'well i can deliver mail to xxxx so it must be your systems that are broken'.
I know this isn't a silver bullet by any means, but every little helps. Any comments?
Phil
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog -- Jasper Bryant-Greene Network Engineer Unleash Technology Solutions