Discussion in 'ISPConfig 3 Priority Support' started by misterm, Apr 20, 2017 at 12:52 PM.
Is it possible to disable unknown (spam) connections via the DNS zone?
DNS is more or less like a phonebook, it translates domains to IP numbers plus it allows to store some domain specific data in records like the TXT record. So you can not disable connections to the mail system (postfix) by using DNS.
What you can do is that you use techniques like Dkim to sign mails digitally, Dkim stores it's public keys in the DNS system. But that's not forbidding something, it is just a technology, together with things like SPD records, to digitally verify that an email is sent by a server that is allowed to send email for this domain and to ensure email integrity. More details on Dkim can be found here: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
Is this kind of problem how one can eject it, without touching the false positive?
You can add these settings to reject invalid, unknown or non-fqdn sender and recipients in the smtp_recipient_restrictions line in postfix main.cf:
But of course, no setting to prevent spam is without false positives. In case that a valid sender has not setup his mail server correctly, then his emails will be rejected as well.
Separate names with a comma.