To send emails with Postfix, a few things have to be considered. These are either defined in RFCs or generally useful.
1. matching reverse DNS
RFC1912 requires that the PTR record and the A record in DNS match. On the one hand it shows that the administrator understands the RFCs, secondly, it helps to prevent spam.
The records are always valid for the IP, the the mail server uses for outbound. This is only relevant if the server has multiple IP addresses or is behind a NAT firewall. Use smtp_bind_address
in the main.cf or master.cf to set the IP or use inet_interfaces=
to bind postfix to a defined network-interface..
You can check the rDNS-Record here. You can also use dig.:
$dig +short mail.schaal-24.de
78.46.101.89
$dig +short -x 78.46.101.89
mail.schaal-24.de.
And for IPv6:
$dig +short AAAA mail.schaal-24.de
2a01:4f8:121:18b:1::3
$dig +short -x 2a01:4f8:121:18b:1::3
mail.schaal-24.de.
2. The HELO-String must match the rDNS record
If the rDNS record is set up properly, the mailserver displays it´s name (myhostname
in der main.cf) in the HELO or EHLO-command.
You can test this with a simple telnet using port 25:
$telnet mail.schaal-24.de 25
Trying 78.46.101.89...
Connected to mail.schaal-24.de.
Escape character is '^]'.
220 mail.schaal-24.de ESMTP Postfix (Debian/GNU)
quit
221 2.0.0 Bye
Connection closed by foreign host.
3. Never use Sender Address Verification
At first glance, a Sender Address Verification looks quite useful. The sender is asked whether he would accept the sender mails.
Against spam brings nothing, since most spammers use valid sender addresses.
When spammers use a invalid sender address, the Sender Address Verification may look as if the own mail server tries to attack the server of the sender.
If we, for example, receive 1,000 messages from a spammer, then our server verifies the address at the server of the sender (spammer) 1,000 times. Such requests fall guarantees in attack patterns and lead to appropriate defense measures.