This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Order of Antispam checks

I have noticed domains that use Google mail servers in their MX records will always get rejected due to the fact the RDNS is not correct. There are a number of articles available that mention if you are using google mail servers you should create a SPF record so mail doesn't get blocked.

I get rejection of these type of domains when I have RDNS checking enabled but the domain does have a valid SPF.

I am guessing if any check is bad it gets marked as spam. Should a valid SPF allow a email to go through in this situation? Currently I white list these as I run into them. Usually if I see RDNS issues with a domain that is being rejected I send the offending party info on how to fix it. When using Google mail there is nothing a affected domain can do since they have no control over RDNS for the Google mail servers.

Advanced Antispam Features I have enabled:
Reject invalid HELO or missing RDNS
Do strict RDNS checks
Use BATV
Perform SPF check

This thread was automatically locked due to age.

0 BAlfson over 9 years ago

Jim, can you give me an example of a googlemail server that fails RDNS?

I think that black/whitelists are first, then Exceptions, then RBLs, then Recipient, then rDNS, then BATV, then SPF, then the SMTP-time spam check, then the spam check after the complete email has been received.

The SPF test is not applied if an email was rejected for rDNS. Unfortunately, there still are a lot of sending servers that don't yet have "strict" (Forward Confirmed) rDNS, so I recommend making an Exception for rDNS only and adding new *.senderdomain.com entries when you discover them.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel