Loading ...
Sorry, an error occurred while loading the content.

239215Re: compensating for cellphone company's misconfigurations

Expand Messages
  • Victor Duchovni
    May 31, 2008
    • 0 Attachment
      On Sat, May 31, 2008 at 10:50:53AM -0400, Postfix Mail System wrote:

      > May 31 09:39:26 helix postfix/smtpd[16252]: NOQUEUE: reject: RCPT from
      > atlmtaow01.cingularme.com[66.102.165.6]: 450 <5185551234@...>:
      > Sender address rejected: Domain not found; from=<5185551234@...>
      > to=<baby@...> proto=ESMTP helo=<atlmtaow01.cingularme.com>
      >
      > If I am interpreting the logs correctly, postfix is properly rejecting due
      > to the hostname mm.att.net not resolving:

      Yes, mm.att.com exists, but mm.att.net does not. Perhaps they meant mm.att.com,
      but botched the extension.

      > I would like to compensate for this by whitelisting them on some level or
      > another. I am looking for some thoughts on the best method/strategy to do
      > this...

      If you are running a local BIND caching dns server on your system, you
      could help them out by creating a private authoritative mm.att.net zone,
      and setting its MX records to point at those of mm.att.com...

      But, it may be better to reach out to their postmaster...

      > smtpd_recipient_restrictions =
      > reject_non_fqdn_sender,
      > reject_non_fqdn_recipient,
      > reject_unknown_sender_domain,
      > reject_unknown_recipient_domain,
      > permit_mynetworks,
      > # check_client_access hash:/usr/local/etc/postfix/pop-before-smtp,
      > # permit_sasl_authenticated,
      > reject_unauth_destination,

      Start with:

      reject_non_fqdn_sender,
      reject_non_fqdn_recipient,
      permit_mynetworks,
      reject_unauth_destination,

      Only then add

      reject_unknown_sender_domain,

      and directly above it add a "check_sender_access ..." that handles
      exceptions, note you will whitelist these sender domains from all other
      checks that follow unless you resolve to a restriction class that does
      all the other checks, except unknown sender domain. THis is complex. I
      reject unknown sender domains in the *data* restrictions. The BIND
      solution is actually cleaner in some ways, but resolving the issue with
      their postmaster is better still.


      --
      Viktor.

      Disclaimer: off-list followups get on-list replies or get ignored.
      Please do not ignore the "Reply-To" header.

      To unsubscribe from the postfix-users list, visit
      http://www.postfix.org/lists.html or click the link below:
      <mailto:majordomo@...?body=unsubscribe%20postfix-users>

      If my response solves your problem, the best way to thank me is to not
      send an "it worked, thanks" follow-up. If you must respond, please put
      "It worked, thanks" in the "Subject" so I can delete these quickly.
    • Show all 4 messages in this topic