How to strictly reject email without MX

[smileluo]

reject_unknown_sender_domain
Will reject email if mail from domain has neither mx record nor a record,for some spammer,they will sending forged emails that has A record but no MX record,in that case,if the IP is clean,postfix is accepted by default.
If there any way to direct block those without MX record?

 

[treloskilo]

To reject email when the HELO/EHLO hostname has neither DNS A record nor MX record, use

reject_unknown_helo_hostname

 

[smileluo]

The spammer will use HELO that has A record,so reject_unknown_helo_hostname not working to block it

 

[treloskilo]

Add the following lines in smtpd_sender_restrictions. It will reject email if the domain name of the address supplied with the MAIL FROM command has neither MX record nor A record.

smtpd_sender_restrictions =
   permit_mynetworks
   reject_unknown_sender_domain
   reject_unknown_reverse_client_hostname
   reject_unknown_client_hostname

 

[smileluo]

I show you some example

HELO=m13215.mail.163.com
MAIL FROM=XXXXX@m13215.mail.163.com

HELO=mail115-204.sinamail.sina.com.cn
MAIL FROM=XXXX@mail115-204.sinamail.sina.com.cn

 

[smileluo]

reject_unknown_reverse_client_hostname will block normal emails

 

[Stoiko Ivanov]

reject_unknown_sender_domain
Will reject email if mail from domain has neither mx record nor a record,for some spammer,they will sending forged emails that has A record but no MX record,in that case,if the IP is clean,postfix is accepted by default.
If there any way to direct block those without MX record?

Not that I know of - also I would not do that - having a domain without MX record sending mail is not uncommon (and perfectly fine according to the relevant RFCs)

I hope this helps!

 

[smileluo]

As found some spammers use this method to sending spams. Most of case,the envelope from without MX is spams!

 

[smileluo]

I am thinking a method to block all of such and make a list to whitelist some,if really good company without MX