Loading ...
Sorry, an error occurred while loading the content.

Exception to sender address restrictions

Expand Messages
  • Jason Bailey, Sun Advocate Webmaster
    Hello all, I have postfix working pretty well... efficiently blocking a very large amount of spam (very happy with Postfix). But I have a problem... Postfix
    Message 1 of 2 , Apr 3, 2009
    • 0 Attachment
      Hello all,

      I have postfix working pretty well... efficiently blocking a very large
      amount of spam (very happy with Postfix). But I have a problem...
      Postfix isn't receiving mail from a specific mail system, and it's
      critical that it does.

      The problem really isn't Postfix. Postfix is doing exactly what it is
      supposed to do. The mail system in question doesn't always report with
      the same hostname (it's a web server that sends notification emails, but
      does not receive email), which means HELO communication and email
      addresses are seen as bogus. I'm trying to get them to change their
      setup, but in the mean time, I'm losing email messages that I
      desperately need. So I'm trying to find a temporary workaround.

      Example:
      Apr 3 22:52:06 fs2 postfix/smtpd[32221]: NOQUEUE: reject: RCPT from
      unknown[x.x.x.x]: 450 <uber@...>: Sender address
      rejected: Domain not found; from=<uber@...>
      to=<me@...> proto=ESMTP helo=<212453-app4.domain.com>

      To be clear, domain.com exists, but 212453-app4.domain.com does not. It
      contains no host (A) or mail exchanger (MX) record. The IP addresses
      vary as well (I saw no consistent correlation between the hostname and
      IP address).

      In just a few portions of my mail log I see the following hostnames:
      212453-app4.domain.com
      207113-app1.domain.com
      205107-app3.domain.com
      207186-app2.domain.com

      I know, it's goofy...

      Now, as you can see, my server isn't letting them through (as one would
      expect). But I need them to be. But I don't want to disable the checks
      for all mail just so I can receive mail from this remote system. So, my
      question is... is there a way to let mail from this domain through
      without turning off the checks (smtpd_sender_restrictions, for example)
      completely?

      I tried setting up a pcre lookup table early in the sender restrictions
      list, but it didn't seem to work (with an "OK" action). Either I did
      something wrong, or I don't entirely understand how Postfix behaves.

      Do any of you have any suggestions short of rejecting mail from this
      mail system?
    • Victor Duchovni
      ... This assumes you have PCRE tables, adjusting to ordinary regexps is not difficult: unknown_sender_domain.pcre: /^ d+-app d .example .com$/ DUNNO /^/
      Message 2 of 2 , Apr 3, 2009
      • 0 Attachment
        On Fri, Apr 03, 2009 at 11:45:17PM -0600, Jason Bailey, Sun Advocate Webmaster wrote:

        > In just a few portions of my mail log I see the following hostnames:
        > 212453-app4.domain.com
        > 207113-app1.domain.com
        > 205107-app3.domain.com
        > 207186-app2.domain.com
        >

        This assumes you have PCRE tables, adjusting to ordinary regexps is not
        difficult:

        unknown_sender_domain.pcre:
        /^\d+-app\d\.example\.com$/ DUNNO
        /^/ reject_unknown_sender_domain

        main.cf:
        smtpd_restriction_classes =
        reject_most_unknown_sender_domains

        pcre = pcre:${config_directory}/
        reject_most_unknown_sender_domains =
        check_sender_access ${pcre}unknown_sender_domain.pcre

        smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_most_unknown_sender_domains,
        ...

        The more selective "restriction class" can be used safely anywhere you
        can safely use the underlying "reject_unknown_sender_domain". You can
        adjust the exception pattern or add more exceptions.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      Your message has been successfully submitted and would be delivered to recipients shortly.