Client validity checks are tests performed on a connecting mail server. These options are:
- Require reverse DNS on client IP - A DNS lookup will be performed on the client server's IP address. The connecting server will fail this check if a PTR record is not found (i.e. no DNS name can be found from the IP address).
- HELO must resolve to any IP - A DNS lookup is performed on the HELO or EHLO given by the client. If there is no IP address associated with it, this check will fail. The IP address does not have to match the connecting IP for this test.
- HELO must resolve to client IP - A DNS lookup is performed on the HELO or EHLO given by the client. The IP address from the DNS lookup must match the connecting IP address otherwise this check will fail.
- HELO must not be numeric - When enabled, this test matches if the connecting client sends an IP address literal for HELO or EHLO instead of a host name.
- Check for "<domain>" in HELO - This option will reject a client if its HELO or EHLO contains the same domain name as any recipient email address. A "strict" option is available to match only the literal domain name. The non-strict test will match subdomains as well.
- Check sender domain for MX records - The domain name for the MAIL FROM address must have MX records in DNS, otherwise this check will fail. This test only checks to see if the MX records are present.
- Reject dynamic client name patterns - Check for some common dynamic DNS naming patterns. There are two options: basic and advanced. See below for pattern details.
Note for HELO checks: It is not uncommon for a valid mail server to send a misconfigured or invalid HELO/EHLO command. This phenomenon is frequent with Microsoft Exchange installations or mail servers behind a commodity router performing network address translation. These tests are effective, however, you may have to whitelist sources that can't or won't fix their HELO/EHLO settings.
Warning: Do not enable these options without fully understanding their effect. Enabling all of the client validity options will result in an extremely strict DNS policy for your mail domain. In other words, don't enable them just because they are here. Some of these options are for advanced configurations only. Contact technical support if you have questions about these settings.
Client validity checks are available on all paid accounts.
These patterns are interpreted as Perl regular expressions for IP address a.b.c.d .
- $a.$b.$c.$d
- $d.$c.$b.$a
- $a$b$c$d
- $d$c$b$a
- $b.$d
- $d.$b
- $d.$c.$b
- $a.$b.$c
- $d.$c
- $c.$d
- $b.$c.$d
- $a.$b
