Nick Howitt wrote:

RFC's say that any sending MTA must have a valid PTR record **but** there is no requirement for the PTR record to resolve back to the sending IP. In this case there is a PTR record pointing to loj2.1915.life, but there is no DNS record for loj2.1915.life. It looks like postfix is correctly rejecting the mail. Enabling the jail should pick up the bad messages. Setting maxretry is just a bit more aggressive, but will probably be OK. There is a risk, however. 5xx failure codes are temporary DNS failure codes and there are some of them in the filter. There is a risk you could block valid e-mails which fail because of a temporary DNS issue.

Hi Nick,

Thanks for your reply.
Good to hear that Postfix is correclty rejecting these kind of mail.
I've tried this setup and see fail2ban is picking up the config:

FAIL2BAN.LOG


MAIL.LOG


i'll try this for the next few days and check the log frequently