From: Olaf (no email)
Date: Sun Jan 02 2005 - 08:16:11 EST
Craig Sanders schrieb:
>>Hmm... but then the name check_sender_mx_access is misleading if it
>>checks A records also.
>
> it's not misleading. it's USEFUL to be able to block mail from domains where
> the MX record resolves to, e.g., an RFC-1618 private address, or 127.0.0.1.
Yes, I agree. It is great, and I already filter on RFC1918 addresses in
a cidr map. I still do not know why check_sender_mx_access does look at
the HELO also, but that is another problem.
The point is: when I install a secondary regexp map, postfix complains
about *every* email that is coming in, although the MX record is ok. So
it looks as if check_sender_mx_access does a check on A records also.
When I activate this rule in check_sender_mx_access=regexp:badmx.regexp
/^([0-9]{1,3}\.){3}[0-9]{1,3}$/i REJECT numerical MX record
every email is rejected. Why? Did I do something wrong? I am no regexp guru.
> you can't list every possible bogus domain that resolves to a private IP
> address (because there is potentially an infinite number of them)
OK, but I don't care on my little private postfix box. I would not do
this at our corporate systems.
Olaf
|
|
|