Hello - I’ve been wondering - I’ve always deleted from main.cf smtp_sender_restrictions “reject_non_fqdn_sender,reject_unknown_sender_domain” since when my wife was looking for work the unemployment mail server was using an incorrect (incomplete) domain name, rejecting work offers. Wondering if a toggle could be added so that each upgrade I don’t have to manually do this?
I’m not sure what changing this exposes me too, other than it resolved the delivery of those emails.
I would think that spam will often be send from a server without a fully qualified domain name. This setting would reject this e-mail. This means spamassassin doesn’t even have to process the e-mail as it doesn’t arrive. On heavy traffic server this could result in less CPU power required to run the server.
I see no benefit in adding this. You could better send an e-mail to the hoster with the information the their server is configured incorrectly.
The benefit, as @ncl2fth listed, is that some people’s legitimate mail would be blocked. That’s always worth considering.
That said, I don’t want to put too much effort into accommodating improperly configured mail servers. There are lots of ways a mail server could be improperly configured, and we can’t create options for all of them.
I agree with you that MIAB should always look for ways to allow people’s legitimate mail to arrive on the server. But I don’t think we are following a best-practice if we make the mail server more vulnerable to spam because of configuration errors made on sending server. I think time and effort can be better spend.
Sending an informal e-mail to the hosting party helps the hoster who could accidentally make a configuration error and probably other people not receiving e-mail. I’ve done this 1 time in the 2 years I’m running a MIAB and it was quickly resolved by the hoster.