Basic
Table of content
Description
This module implements the postfix basic checks, but adds the capability of scoring instead of harsh yes or no answers.
Those checks implement the following:
- Syntax and RFC check of the HELO hostname, the sender hostname, the sender domain and the recipient domain
- DNS checks (does an A or MX record exist) for the HELO hostname, the client hostname, the sender and recipient domain
If you use postfix, the performance of the built-in checks is better, but, as mentioned, does not support scoring. So, if you have a strong belief in RFCs and expect from any mail admin on the opposite side to be a professional - stick with the built-in.
Config
weight_invalid_helo_hostname
Default: 0
Allowed values: Integer (negative scoring)
Required: no
Re-implements reject_invalid_helo_hostname: Syntax of helo hostname is invalid (eg "???" or "#%@" or whatever is not syntactically correct)
weight_non_fqdn_helo_hostname
Default: 0
Allowed values: Integer (negative scoring)
Required: no
Re-implements reject_non_fqdn_helo_hostname: Syntax is correct, but not in FQDN form (eg localhost, but not localhost.tld)
weight_non_fqdn_recipient
Default: 0
Allowed values: Integer (negative scoring)
Required: no
Re-implements reject_non_fqdn_recipient: Recipient address is not FDQN (eg: "user" without domain or anything or "user@localhost" but not "user@localhost.tld").
weight_non_fqdn_sender
Default: 0
Allowed values: Integer (negative scoring)
Required: no
Re-implements reject_non_fqdn_sender: Same as above but for sender address.
weight_unknown_helo_hostname
Default: 0
Allowed values: Integer (negative scoring)
Required: no
Re-implements reject_unknown_helo_hostname: If the syntax is correct and in FQDN form but NOT an existing domain (has no A or MX record).
weight_unknown_recipient_domain
Default: 0
Allowed values: Integer (negative scoring)
Required: no
Re-implements reject_unknown_recipient_domain: Recipient is in correct FQDN but recipient domain does not have an A or MX record.
weight_unknown_sender_domain
Default: 0
Allowed values: Integer (negative scoring)
Required: no
Re-implements reject_unknown_sender_domain: Same as above, but for sender.
weight_unknown_client_hostname
Default: 0
Allowed values: Integer (negative scoring)
Required: no
Re-implements reject_unknown_client_hostname, which matches if any of the following is true
- the client IP address -> name mapping fails (eg there is no reverse DNS entry for the client's IP 123.123.123.123 or the reverse DNS entry points to a non existing hostname)
- the name -> client IP address mapping fails (eg the client hostname is mail.sender.tld and there is no A-Record for mail.sender.tld)
- the name -> client IP address mapping does not match the client IP address (eg the client hostname is mail.sender.tld and points to 123.123.123.123 whereas the sender IP is 123.123.234.234)
weight_unknown_reverse_client_hostname
Re-implements reject_unknown_reverse_client_hostname: Same as above, but matches only 1), thus weaker than above. However, some people (not me) argue even this is to harsh. Decide yourself.
You cannot use weight_unknown_reverse_client_hostname AND weight_unknown_client_hostname the same time.
Usage suggestion
Use it as early as possible. If you plan on using CWL, it is up to you whether you like to allow whitelisted senders to break RFCs or not.
Example
--- disable: 0 weight_invalid_helo_hostname: -100 weight_non_fqdn_helo_hostname: -100 weight_non_fqdn_recipient: -100 weight_non_fqdn_sender: -100 weight_unknown_helo_hostname: -50 weight_unknown_recipient_domain: -50 weight_unknown_sender_domain: -50 #weight_unknown_client_hostname: -50 weight_unknown_reverse_client_hostname: -25
Performance
The syntax checks are very fast, but the name resolution depends on the speed and timeout values of your DNS server.