Open Relay Checker before Opening MTA

Matthew Hawkins matthew at
Mon Feb 11 10:13:40 EST 2002

On Sun, 10 Feb 2002, Neil Pickford wrote:
> I hope the speed of their database is better than the 5 minute
> response time their web site replies at.  I suspect you would
> need a local copy of the blacklist. has the potential
> to be a big bottleneck in such a MTA system.

Depends on your MTA.  Assuming you use multiple RBL-style services (and
who doesn't?), Postfix for example will take whatever service replies
first.  And note that it's cached by your own DNS servers, hence you
don't quite suffer a per-email performance hit for doing so.  That's one
benefit of DNS-based blacklists.

> Also don't assume that all real IP addresses have reverse lookup
> entries associated with them.  
> My ISP (Optusnet) will not enter a reverse DNS entry for my static IP.  
> Does that mean I cannot send mail under this system?
> I suspect there are many others in such a situation.

Well you could, but you're violating the internet standard which says
the MX must be a FQDN (STD13 off the top of my head, RFC2821)

Dialup accounts should not relay mail directly for two reasons.  First
off, dynamic ip hosts usually will have invalid return paths.  Secondly,
even with static ip hosts, its a bit rude to expect someone else's
server to hold mail and keep retrying to send it until such time as you
decide to dial back into the internet again.  Remember outside the USA
(and sometimes even inside) people have to pay for internet traffic, and
you can't put a guarantee on when a dialup service will be available.
The only exception to this is your ISP, where its usually part of your
service agreement that they will hold email for you while you're


More information about the linux mailing list