Loading ...
Sorry, an error occurred while loading the content.

Re: compensating for cellphone company's misconfigurations

Expand Messages
  • Postfix Mail System
    Hey thanks for the BIND idea.. That was a good outside-the-box solution that is working great for now, until I get in touch with them.
    Message 1 of 4 , Jun 1, 2008
    • 0 Attachment
      Hey thanks for the BIND idea.. That was a good outside-the-box solution
      that is working great for now, until I get in touch with them.


      On Sat, 31 May 2008, Victor Duchovni wrote:

      > On Sat, May 31, 2008 at 10:50:53AM -0400, Postfix Mail System wrote:
      >
      >> May 31 09:39:26 helix postfix/smtpd[16252]: NOQUEUE: reject: RCPT from
      >> atlmtaow01.cingularme.com[66.102.165.6]: 450 <5185551234@...>:
      >> Sender address rejected: Domain not found; from=<5185551234@...>
      >> to=<baby@...> proto=ESMTP helo=<atlmtaow01.cingularme.com>
      >>
      >> If I am interpreting the logs correctly, postfix is properly rejecting due
      >> to the hostname mm.att.net not resolving:
      >
      > Yes, mm.att.com exists, but mm.att.net does not. Perhaps they meant mm.att.com,
      > but botched the extension.
      >
      >> I would like to compensate for this by whitelisting them on some level or
      >> another. I am looking for some thoughts on the best method/strategy to do
      >> this...
      >
      > If you are running a local BIND caching dns server on your system, you
      > could help them out by creating a private authoritative mm.att.net zone,
      > and setting its MX records to point at those of mm.att.com...
      >
      > But, it may be better to reach out to their postmaster...
      >
      >> smtpd_recipient_restrictions =
      >> reject_non_fqdn_sender,
      >> reject_non_fqdn_recipient,
      >> reject_unknown_sender_domain,
      >> reject_unknown_recipient_domain,
      >> permit_mynetworks,
      >> # check_client_access hash:/usr/local/etc/postfix/pop-before-smtp,
      >> # permit_sasl_authenticated,
      >> reject_unauth_destination,
      >
      > Start with:
      >
      > reject_non_fqdn_sender,
      > reject_non_fqdn_recipient,
      > permit_mynetworks,
      > reject_unauth_destination,
      >
      > Only then add
      >
      > reject_unknown_sender_domain,
      >
      > and directly above it add a "check_sender_access ..." that handles
      > exceptions, note you will whitelist these sender domains from all other
      > checks that follow unless you resolve to a restriction class that does
      > all the other checks, except unknown sender domain. THis is complex. I
      > reject unknown sender domains in the *data* restrictions. The BIND
      > solution is actually cleaner in some ways, but resolving the issue with
      > their postmaster is better still.
      >
      >
      > --
      > Viktor.
      >
      > Disclaimer: off-list followups get on-list replies or get ignored.
      > Please do not ignore the "Reply-To" header.
      >
      > To unsubscribe from the postfix-users list, visit
      > http://www.postfix.org/lists.html or click the link below:
      > <mailto:majordomo@...?body=unsubscribe%20postfix-users>
      >
      > If my response solves your problem, the best way to thank me is to not
      > send an "it worked, thanks" follow-up. If you must respond, please put
      > "It worked, thanks" in the "Subject" so I can delete these quickly.
      >
    • Victor Duchovni
      ... I sent a note to their DNS whois contact. Have not yet spotted a response in my inbox, most likely they have not yet replied. We are also seeing a low rate
      Message 2 of 4 , Jun 2, 2008
      • 0 Attachment
        On Sun, Jun 01, 2008 at 09:54:14PM -0400, Postfix Mail System wrote:

        > Hey thanks for the BIND idea.. That was a good outside-the-box solution
        > that is working great for now, until I get in touch with them.

        I sent a note to their DNS whois contact. Have not yet spotted a response
        in my inbox, most likely they have not yet replied. We are also seeing a
        low rate of similar rejected messages.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      Your message has been successfully submitted and would be delivered to recipients shortly.