Description^

This module implements the postfix basic checks, but adds the capability of scoring instead of harsh yes or no answers. However, the performance of the postfix build in checks is of course better. If you have a strong belief in RFCs and expect from any mail admin on the opposite side to be a professional – use the build in. This module’s main purpose is of more completeness and the “centralized spam fighting” approach.

The postfix built-in anti anti-spam checks (besides DNSBL) are mainly focused on the validity and correctness of the sender’s hostname and IP (HELO, client IP and hostname, sender domain, recipient domain). So this is what they do:

• Syntax and RFC check of the HELO hostname, the sender hostname, the sender domain and the recipient domain
• DNS checks (does an A or MX record exist) for the HELO hostname, the client hostname, the sender and recipient domain

Config^

weight_invalid_helo_hostname^

Default: 0
Allowed values: Integer (negative scoring)
Required: no

Reimplements reject_invalid_helo_hostname: Syntax of helo hostname is invalid (eg “???” or “#@%@@” or whatever is not syntactically correct)

weight_non_fqdn_helo_hostname^

Default: 0
Allowed values: Integer (negative scoring)
Required: no

Reimplements reject_non_fqdn_helo_hostname: Syntax is correct, but not in FQDN form (eg localhost, but not localhost.tld)

weight_non_fqdn_recipient^

Default: 0
Allowed values: Integer (negative scoring)
Required: no

Reimplements reject_non_fqdn_recipient: Recipient address is not FDQN (eg: “user” without domain or anything or “user@localhost” but not “user@localhost.tld”).

weight_non_fqdn_sender^

Default: 0
Allowed values: Integer (negative scoring)
Required: no

Reimplements reject_non_fqdn_sender: Same as above but for sender address.

weight_unknown_helo_hostname^

Default: 0
Allowed values: Integer (negative scoring)
Required: no

Reimplements reject_unknown_helo_hostname: If the syntax is correct and in FQDN form but NOT an existing domain (has no A or MX record).

weight_unknown_recipient_domain^

Default: 0
Allowed values: Integer (negative scoring)
Required: no

Reimplements reject_unknown_recipient_domain: Recipient is in correct FQDN but recipient domain does not have an A or MX record.

weight_unknown_sender_domain^

Default: 0
Allowed values: Integer (negative scoring)
Required: no

Reimplements reject_unknown_sender_domain: Same as above, but for sender.

weight_unknown_client_hostname^

Default: 0
Allowed values: Integer (negative scoring)
Required: no

Reimplements reject_unknown_client_hostname: This matches if any of the following is true

1. the client IP address->name mapping fails
2. the name->address mapping fails
3. the name->address mapping does not match the client IP address

weight_unknown_reverse_client_hostname^

Reimplementsreject_unknown_reverse_client_hostname: Same as above, but matches only 1), thus weaker then above. However, many people argue even this is to harsh. Decide yourself.

You cannot use weight_unknown_reverse_client_hostname AND weight_unknown_client_hostname the same time.

Example^

---

disable: 0

weight_invalid_helo_hostname: -100

weight_non_fqdn_helo_hostname: -100
weight_non_fqdn_recipient: -100
weight_non_fqdn_sender: -100

weight_unknown_helo_hostname: -50
weight_unknown_recipient_domain: -50
weight_unknown_sender_domain: -50

#weight_unknown_client_hostname: -50
weight_unknown_reverse_client_hostname: -25