A while ago I turned up as much spam and junk mail protection stuff as I could find in my Postfix configuration. Specifically, I had the following options set:
smtpd_helo_restrictions = reject_invalid_hostname reject_non_fqdn_hostname reject_unknown_hostname
Last week, Amy was contacted by somebody who had tried to send her an email but the email was rejected by my mail server. We hadn't yet got back in touch with him to try to find out what the problem was. I started to pay more attention to my spam rejection logs just in case something was amiss. Today, I noticed that my mail server rejected some sort of newsletter from Google. Upon further investigation, it seems that the Google server that sent the mail was using a HELO name that wasn't resolvable. This condition is checked by Postfix on the reject_unknown_hostname restriction.
I decided that if even Google can't always get it right, then I should probably stop rejecting email for an unresolvable HELO name. So I turned off the three restrictions listed above.
Later today, we got a phone call from the company here in New Zealand who is handling the import of our household goods. Apparently, they had tried to email me earlier but the mail had been bounced back, rejected. I looked through the mail server log and found that they, too, had sent from a server with a misconfigured HELO name (it even ended in .local). The mail had come through on a retry after I had removed the HELO name restriction.
That pretty much does it for that filter. If companies as small as a local goods importer and as big as Google can't get it exactly right, I run the risk of rejecting all kinds of legitimate incoming email. As much as I dislike getting spam, I dislike losing real email even more.
decibel45 keeps telling me I should be using one of those scoring filters that doesn't outright block a message for just one SMTP transactional failure. It might take a while for me to get motivated enough to mess with my Postfix configuration again.