To send emails with Postfix, a few things have to be considered. These are either defined in RFCs or generally useful.
1. matching reverse DNS
RFC1912 requires that the PTR record and the A record in DNS match. On the one hand it shows that the administrator understands the RFCs, secondly, it helps to prevent spam.
The records are always valid for the IP, the the mail server uses for outbound. This is only relevant if the server has multiple IP addresses or is behind a NAT firewall. Use
smtp_bind_address in the main.cf or master.cf to set the IP or use
inet_interfaces= to bind postfix to a defined network-interface..
You can check the rDNS-Record here. You can also use dig.:
$dig +short mail.schaal-24.de
$dig +short -x 18.104.22.168
And for IPv6:
$dig +short AAAA mail.schaal-24.de
$dig +short -x 2a01:4f8:121:18b:1::3
2. The HELO-String must match the rDNS record
If the rDNS record is set up properly, the mailserver displays it´s name (
myhostname in der main.cf) in the HELO or EHLO-command.
You can test this with a simple telnet using port 25:
$telnet mail.schaal-24.de 25
Connected to mail.schaal-24.de.
Escape character is '^]'.
220 mail.schaal-24.de ESMTP Postfix (Debian/GNU)
221 2.0.0 Bye
Connection closed by foreign host.
3. Never use Sender Address Verification
At first glance, a Sender Address Verification looks quite useful. The sender is asked whether he would accept the sender mails.
Against spam brings nothing, since most spammers use valid sender addresses.
When spammers use a invalid sender address, the Sender Address Verification may look as if the own mail server tries to attack the server of the sender.
If we, for example, receive 1,000 messages from a spammer, then our server verifies the address at the server of the sender (spammer) 1,000 times. Such requests fall guarantees in attack patterns and lead to appropriate defense measures.