Loading ...
Sorry, an error occurred while loading the content.

Reject email

Expand Messages
  • Héctor Moreno Blanco
    Hello everybody, I would like to reject an email if the MX does not exist. We have enable the setting reject_unknown_sender_domain and
    Message 1 of 12 , May 9, 2013
    • 0 Attachment

      Hello everybody,

       

      I would like to reject an email if the MX does not exist. We have enable the setting reject_unknown_sender_domain and reject_unknown_recipient_domain. However, if the domain has DNS and resolves it, the message is sent, and we don’t want that.

       

      I have also tried with the reject_unverified_sender unsuccessfully… 

       

      Any help would be appreciate.

       

      Thank you very much in advanced.

      Kind regards.

       

      Héctor Moreno Blanco

       

       

       


      P Please consider the environment before printing this e-mail.


      This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it.
      Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener información clasificada por su emisor como confidencial en el marco de su Sistema de Gestión de Seguridad de la Información siendo para uso exclusivo del destinatario, quedando prohibida su divulgación copia o distribución a terceros sin la autorización expresa del remitente. Si Vd. ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y proceda a su borrado.
      Gracias por su colaboración.
      Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informação confidencial, de acordo com nosso Sistema de Gestão de Segurança da Informação, sendo para uso exclusivo do destinatário e estando proibida a sua divulgação, cópia ou distribuição a terceiros sem autorização expressa do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise de imediato o remetente e apague-a.
      Obrigado pela sua colaboração.

    • Reindl Harald
      ... this is a completly broken idea no RFC at this world says that a domain must have a MX record and many do not - your idea would result in drop a lot of
      Message 2 of 12 , May 9, 2013
      • 0 Attachment
        Am 09.05.2013 12:24, schrieb Héctor Moreno Blanco:
        > I would like to reject an email if the MX does not exist. We have enable the setting /reject_unknown_sender_domain/
        > and /reject_unknown_recipient_domain/. However, if the domain has DNS and resolves it, the message is sent, and we
        > don’t want that

        this is a completly broken idea

        no RFC at this world says that a domain must have a MX record and many
        do not - your idea would result in drop a lot of legit email
      • Héctor Moreno Blanco
        Hello Reindl, Thanks for the tip. I will consider your advice. Thank you very much. Kind regards. Héctor Moreno Blanco ... De: owner-postfix-users@postfix.org
        Message 3 of 12 , May 9, 2013
        • 0 Attachment
          Hello Reindl,

          Thanks for the tip. I will consider your advice.

          Thank you very much.
          Kind regards.


          Héctor Moreno Blanco



          -----Mensaje original-----
          De: owner-postfix-users@... [mailto:owner-postfix-users@...] En nombre de Reindl Harald
          Enviado el: jueves, 09 de mayo de 2013 12:29
          Para: postfix-users@...
          Asunto: Re: Reject email



          Am 09.05.2013 12:24, schrieb Héctor Moreno Blanco:
          > I would like to reject an email if the MX does not exist. We have
          > enable the setting /reject_unknown_sender_domain/ and
          > /reject_unknown_recipient_domain/. However, if the domain has DNS and
          > resolves it, the message is sent, and we don't want that

          this is a completly broken idea

          no RFC at this world says that a domain must have a MX record and many do not - your idea would result in drop a lot of legit email


          P Please consider the environment before printing this e-mail.

          ______________________
          This message including any attachments may contain confidential
          information, according to our Information Security Management System,
          and intended solely for a specific individual to whom they are addressed.
          Any unauthorised copy, disclosure or distribution of this message
          is strictly forbidden. If you have received this transmission in error,
          please notify the sender immediately and delete it.

          ______________________
          Este mensaje, y en su caso, cualquier fichero anexo al mismo,
          puede contener informacion clasificada por su emisor como confidencial
          en el marco de su Sistema de Gestion de Seguridad de la
          Informacion siendo para uso exclusivo del destinatario, quedando
          prohibida su divulgacion copia o distribucion a terceros sin la
          autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
          erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
          Gracias por su colaboracion.

          ______________________
        • Stan Hoeppner
          ... Not completely broken. It s not really no MX that Hector is after, but undeliverable sender addresses in snowshoe spam. No MX would fall under this
          Message 4 of 12 , May 9, 2013
          • 0 Attachment
            On 5/9/2013 5:28 AM, Reindl Harald wrote:
            >
            >
            > Am 09.05.2013 12:24, schrieb Héctor Moreno Blanco:
            >> I would like to reject an email if the MX does not exist. We have enable the setting /reject_unknown_sender_domain/
            >> and /reject_unknown_recipient_domain/. However, if the domain has DNS and resolves it, the message is sent, and we
            >> don’t want that
            >
            > this is a completly broken idea

            Not completely broken. It's not really "no MX" that Hector is after,
            but undeliverable sender addresses in snowshoe spam. "No MX" would fall
            under this umbrella.

            Hector, I think what you're looking for is Sender Address Verification,
            or SAV. This is implemented in Postfix as reject_unverified_sender. See:

            http://www.postfix.org/postconf.5.html#reject_unverified_sender
            http://www.postfix.org/ADDRESS_VERIFICATION_README.html

            Read the ADDRESS_VERIFICATION_README at least twice, or more times,
            until you fully understand it. There are serious caveats to using SAV.

            --
            Stan
          • Reindl Harald
            ... if you have a A-record for example.com and you incoming mail-server is on this IP you do not need any MX record and postfix will happily use the A-record
            Message 5 of 12 , May 9, 2013
            • 0 Attachment
              Am 09.05.2013 14:14, schrieb Stan Hoeppner:
              > On 5/9/2013 5:28 AM, Reindl Harald wrote:
              >>
              >> Am 09.05.2013 12:24, schrieb Héctor Moreno Blanco:
              >>> I would like to reject an email if the MX does not exist. We have enable the setting /reject_unknown_sender_domain/
              >>> and /reject_unknown_recipient_domain/. However, if the domain has DNS and resolves it, the message is sent, and we
              >>> don’t want that
              >>
              >> this is a completly broken idea
              >
              > Not completely broken. It's not really "no MX" that Hector is after,
              > but undeliverable sender addresses in snowshoe spam. "No MX" would fall
              > under this umbrella

              if you have a A-record for "example.com" and you incoming
              mail-server is on this IP you do not need any MX record
              and postfix will happily use the A-record to deliver mail

              another story is if there is a MX-Record but the listed
              hostname does not resolve and at least for me the intention
              of "if the MX does not exist" is not clear enough if it means

              a) no MX record for the domain
              b) a MX record with a non-resloving hostname

              reject b) would be fine
              reject a) would be stupid
            • Héctor Moreno Blanco
              Thanks for all the answers! They helped me quite a lot :) Regards. Héctor Moreno Blanco ... De: owner-postfix-users@postfix.org
              Message 6 of 12 , May 9, 2013
              • 0 Attachment
                Thanks for all the answers!

                They helped me quite a lot :)

                Regards.

                Héctor Moreno Blanco



                -----Mensaje original-----
                De: owner-postfix-users@... [mailto:owner-postfix-users@...] En nombre de Reindl Harald
                Enviado el: jueves, 09 de mayo de 2013 14:27
                Para: postfix-users@...
                Asunto: Re: Reject email



                Am 09.05.2013 14:14, schrieb Stan Hoeppner:
                > On 5/9/2013 5:28 AM, Reindl Harald wrote:
                >>
                >> Am 09.05.2013 12:24, schrieb Héctor Moreno Blanco:
                >>> I would like to reject an email if the MX does not exist. We have
                >>> enable the setting /reject_unknown_sender_domain/ and
                >>> /reject_unknown_recipient_domain/. However, if the domain has DNS
                >>> and resolves it, the message is sent, and we don't want that
                >>
                >> this is a completly broken idea
                >
                > Not completely broken. It's not really "no MX" that Hector is after,
                > but undeliverable sender addresses in snowshoe spam. "No MX" would
                > fall under this umbrella

                if you have a A-record for "example.com" and you incoming mail-server is on this IP you do not need any MX record and postfix will happily use the A-record to deliver mail

                another story is if there is a MX-Record but the listed hostname does not resolve and at least for me the intention of "if the MX does not exist" is not clear enough if it means

                a) no MX record for the domain
                b) a MX record with a non-resloving hostname

                reject b) would be fine
                reject a) would be stupid



                P Please consider the environment before printing this e-mail.

                ______________________
                This message including any attachments may contain confidential
                information, according to our Information Security Management System,
                and intended solely for a specific individual to whom they are addressed.
                Any unauthorised copy, disclosure or distribution of this message
                is strictly forbidden. If you have received this transmission in error,
                please notify the sender immediately and delete it.

                ______________________
                Este mensaje, y en su caso, cualquier fichero anexo al mismo,
                puede contener informacion clasificada por su emisor como confidencial
                en el marco de su Sistema de Gestion de Seguridad de la
                Informacion siendo para uso exclusivo del destinatario, quedando
                prohibida su divulgacion copia o distribucion a terceros sin la
                autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
                erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
                Gracias por su colaboracion.

                ______________________
              • Stan Hoeppner
                Normally I d avoid arguing with your Reindl as it simply clutters the list. However you made some invalid points that need to be corrected for those who may
                Message 7 of 12 , May 9, 2013
                • 0 Attachment
                  Normally I'd avoid arguing with your Reindl as it simply clutters the
                  list. However you made some invalid points that need to be corrected
                  for those who may browse the archives in the future.

                  On 5/9/2013 7:26 AM, Reindl Harald wrote:

                  > if you have a A-record for "example.com" and you incoming
                  > mail-server is on this IP you do not need any MX record
                  > and postfix will happily use the A-record to deliver mail

                  When did you last come across a domain configured strictly for fallback
                  to A? While RFC may require it, and some used it in the 70s and 80s, no
                  receivers rely on fallback to A in 2013. Anyone versed sufficiently in
                  SMTP to know of the existence of fallback to A isn't going to rely on
                  it. They'll have proper MX records.

                  > another story is if there is a MX-Record but the listed
                  > hostname does not resolve and at least for me the intention
                  > of "if the MX does not exist" is not clear enough if it means
                  >
                  > a) no MX record for the domain
                  > b) a MX record with a non-resloving hostname
                  >
                  > reject b) would be fine

                  Only if the response is 4xx. People fat finger records all the time.

                  > reject a) would be stupid

                  If generic and not selective then yes, but not because of fallback to A.
                  The real problem here is legitimate send-only domains, such as some
                  mailing lists, bulk mail campaigns, emergency alert and other
                  notification systems, etc.

                  --
                  Stan
                • Reindl Harald
                  ... keep this bullshit for you ... NOT SO LONG AGO a few years ago i was so naive and stupid to implement a DNS check in the verify-function of my
                  Message 8 of 12 , May 9, 2013
                  • 0 Attachment
                    Am 09.05.2013 16:44, schrieb Stan Hoeppner:
                    > Normally I'd avoid arguing with your Reindl as it simply
                    > clutters the list

                    keep this bullshit for you

                    > On 5/9/2013 7:26 AM, Reindl Harald wrote:
                    >
                    >> if you have a A-record for "example.com" and you incoming
                    >> mail-server is on this IP you do not need any MX record
                    >> and postfix will happily use the A-record to deliver mail
                    >
                    > When did you last come across a domain configured strictly for fallback
                    > to A? While RFC may require it

                    NOT SO LONG AGO

                    a few years ago i was so naive and stupid to implement
                    a DNS check in the verify-function of my php-framework
                    to prevent import / subscribe to newsletter lists with
                    undeliverable domains

                    i had it to learn the hard way that RFC's are
                    not only for fun

                    >> another story is if there is a MX-Record but the listed
                    >> hostname does not resolve and at least for me the intention
                    >> of "if the MX does not exist" is not clear enough if it means
                    >>
                    >> a) no MX record for the domain
                    >> b) a MX record with a non-resloving hostname
                    >>
                    >> reject b) would be fine
                    >
                    > Only if the response is 4xx. People fat finger records all the time

                    that's their problem
                    after fixing this the next mails would go through

                    nobody expect that if he make mistakes in his DNS configs and is too
                    lazy to verify what he configured that others configure their servers
                    to help him

                    with this attitude you would needto reject all with 4xx because
                    someone could have make a mistake - this is a bad attitude in
                    context of e-mail
                  • Stan Hoeppner
                    ... Nice etiquette... ... You missed the point entirely. I think this is because you are predisposed to argue with anyone who disagrees with you, even when
                    Message 9 of 12 , May 9, 2013
                    • 0 Attachment
                      On 5/9/2013 9:55 AM, Reindl Harald wrote:
                      >
                      > Am 09.05.2013 16:44, schrieb Stan Hoeppner:
                      >> Normally I'd avoid arguing with your Reindl as it simply
                      >> clutters the list
                      >
                      > keep this bullshit for you

                      Nice etiquette...

                      >> On 5/9/2013 7:26 AM, Reindl Harald wrote:
                      >>
                      >>> if you have a A-record for "example.com" and you incoming
                      >>> mail-server is on this IP you do not need any MX record
                      >>> and postfix will happily use the A-record to deliver mail
                      >>
                      >> When did you last come across a domain configured strictly for fallback
                      >> to A? While RFC may require it
                      >
                      > NOT SO LONG AGO
                      >
                      > a few years ago i was so naive and stupid to implement
                      > a DNS check in the verify-function of my php-framework
                      > to prevent import / subscribe to newsletter lists with
                      > undeliverable domains
                      >
                      > i had it to learn the hard way that RFC's are
                      > not only for fun

                      You missed the point entirely. I think this is because you are
                      predisposed to argue with anyone who disagrees with you, even when they
                      are correct and you are incorrect. Hence the preface in my previous reply.

                      >>> another story is if there is a MX-Record but the listed
                      >>> hostname does not resolve and at least for me the intention
                      >>> of "if the MX does not exist" is not clear enough if it means
                      >>>
                      >>> a) no MX record for the domain
                      >>> b) a MX record with a non-resloving hostname
                      >>>
                      >>> reject b) would be fine
                      >>
                      >> Only if the response is 4xx. People fat finger records all the time
                      >
                      > that's their problem
                      > after fixing this the next mails would go through
                      >
                      > nobody expect that if he make mistakes in his DNS configs and is too
                      > lazy to verify what he configured that others configure their servers
                      > to help him

                      Again you miss the point. The reason for a 4xx here is so the mail gets
                      queued and can simply be flushed after the DNS or other error is
                      corrected. Thus the message isn't needlessly returned to the sender.
                      Most of such errors are found and corrected pretty quickly. Using a 4xx
                      in this case keeps things more transparent to users, whether mine,
                      yours, or the guy at the remote SMTP site.

                      > with this attitude you would needto reject all with 4xx because
                      > someone could have make a mistake - this is a bad attitude in
                      > context of e-mail

                      No, Reindl, this is called courtesy to fellow network operators. The
                      only bad attitude here is yours. You display it both here and on the
                      Dovecot list regularly. Being brash and arrogant is one thing. Most
                      people dislike that but tolerate it. But the constant cursing and
                      berating anyone who disagrees with you crosses the line.

                      Frankly I'm surprised that Wietse and Victor have let you get away with
                      this behavior for so long. I guess they're leaving it up to members to
                      add you to local kill files...

                      --
                      Stan
                    • Reindl Harald
                      ... and what was your quoted line clown ? ... but your problem is that you are not correct
                      Message 10 of 12 , May 10, 2013
                      • 0 Attachment
                        Am 10.05.2013 08:26, schrieb Stan Hoeppner:
                        > On 5/9/2013 9:55 AM, Reindl Harald wrote:
                        >>
                        >> Am 09.05.2013 16:44, schrieb Stan Hoeppner:
                        >>> Normally I'd avoid arguing with your Reindl as it simply
                        >>> clutters the list
                        >>
                        >> keep this bullshit for you
                        >
                        > Nice etiquette...

                        and what was your quoted line clown ?

                        >>> On 5/9/2013 7:26 AM, Reindl Harald wrote:
                        >>>
                        >>>> if you have a A-record for "example.com" and you incoming
                        >>>> mail-server is on this IP you do not need any MX record
                        >>>> and postfix will happily use the A-record to deliver mail
                        >>>
                        >>> When did you last come across a domain configured strictly for fallback
                        >>> to A? While RFC may require it
                        >>
                        >> NOT SO LONG AGO
                        >>
                        >> a few years ago i was so naive and stupid to implement
                        >> a DNS check in the verify-function of my php-framework
                        >> to prevent import / subscribe to newsletter lists with
                        >> undeliverable domains
                        >>
                        >> i had it to learn the hard way that RFC's are
                        >> not only for fun
                        >
                        > You missed the point entirely. I think this is because you are
                        > predisposed to argue with anyone who disagrees with you, even when they
                        > are correct and you are incorrect. Hence the preface in my previous reply

                        but your problem is that you are not correct
                      • Reindl Harald
                        ... most of these errors are corrected after someone complaints and with a 4xx it takes up to 5 days until this happens a wrong configuration is a wrong
                        Message 11 of 12 , May 10, 2013
                        • 0 Attachment
                          Am 10.05.2013 08:26, schrieb Stan Hoeppner:
                          >> nobody expect that if he make mistakes in his DNS configs and is too
                          >> lazy to verify what he configured that others configure their servers
                          >> to help him
                          >
                          > Again you miss the point. The reason for a 4xx here is so the mail gets
                          > queued and can simply be flushed after the DNS or other error is
                          > corrected. Thus the message isn't needlessly returned to the sender.
                          > Most of such errors are found and corrected pretty quickly. Using a 4xx
                          > in this case keeps things more transparent to users, whether mine,
                          > yours, or the guy at the remote SMTP site.

                          most of these errors are corrected after someone complaints and with
                          a 4xx it takes up to 5 days until this happens

                          a wrong configuration is a wrong configuration
                          period

                          >> with this attitude you would needto reject all with 4xx because
                          >> someone could have make a mistake - this is a bad attitude in
                          >> context of e-mail
                          >
                          > No, Reindl, this is called courtesy to fellow network operators. The
                          > only bad attitude here is yours. You display it both here and on the
                          > Dovecot list regularly. Being brash and arrogant is one thing. Most
                          > people dislike that but tolerate it. But the constant cursing and
                          > berating anyone who disagrees with you crosses the line.

                          diagree is one thing but disagree on clear technical facts is another

                          > Frankly I'm surprised that Wietse and Victor have let you get away with
                          > this behavior for so long. I guess they're leaving it up to members to
                          > add you to local kill files...

                          frankly i am surprised that you not attack Wietse sometimes after
                          he rferes to some documentation flowed by "to unsubscribe....."
                        • Wietse Venema
                          ... OK. A large portion of list traffic is now from Reindl giving rude responses to new and old members of this list. Having an active list member is good, but
                          Message 12 of 12 , May 10, 2013
                          • 0 Attachment
                            Reindl Harald:
                            > Am 10.05.2013 08:26, schrieb Stan Hoeppner:
                            > > On 5/9/2013 9:55 AM, Reindl Harald wrote:
                            > >>
                            > >> Am 09.05.2013 16:44, schrieb Stan Hoeppner:
                            > >>> Normally I'd avoid arguing with your Reindl as it simply
                            > >>> clutters the list
                            > >>
                            > >> keep this bullshit for you
                            > >
                            > > Nice etiquette...
                            >
                            > and what was your quoted line clown ?

                            OK. A large portion of list traffic is now from Reindl giving rude
                            responses to new and old members of this list.

                            Having an active list member is good, but his manners are not.

                            I unsubscribe Reindl Harald, and I encourage all Postfix list
                            moderators to do the same in the case that he returns.

                            Wietse
                          Your message has been successfully submitted and would be delivered to recipients shortly.