From: mouss (no email)
Date: Tue Feb 13 2007 - 18:09:59 EST
MrC wrote:
>>> One of my users with domain "example.com" has an external webmail
>>> account, that when it sends email on his behalf, it
>>>
>> connects with MAIL
>>
>>> FROM envelopes as .
>>>
>>> I have check_sender_mx_access checks rejecting mail from
>>>
>> RFC1918 addresses.
>>
>>> When he CC's himself, postfix is dutifully rejecting those messages
>>> due to hitting the RFC1918 checks. The server's interface
>>>
>> is in the
>>
>>> RFC1918 space (of course, only non-private A and MX records are
>>> visible externally), and my DNS server provides an internal
>>>
>> A record for the server in that space.
>>
>>> My question - what's the best way to avoid bouncing his
>>>
>> mail? Should
>>
>>> I simply DUNNO my postfix server's private IP in the
>>> check_sender_mx_access access list?
>>>
>>>
>> Tell him to fix his sender address. the sender address should
>> be one that anybody can reply to. his webmail is probably
>> misconfigured.
>>
>> if he can't, then either keep rejecting him or remove the
>> check that rejects him. only you can take the decision.
>>
>>
>
> Mouss thanks,
>
> I've taken care of the problem.
>
> I don't believe I explained myself very clearly; the sender's address is
> fine - I host his domains. The reject occurred because his domain is hosted
> by my server and it was mx-checking itself, finding it lives in
> private-land. Cure: a simple DUNNO for the mail server's own private IP in
> my check_sender_mx_access list. That scenario simply escaped my notice when
> I enabled the sender mx checks.
>
> MrC
>
>
>
I see now. but if it's so, only exclude your own domains from that check
(with a check_sender_access).
just because you use 10.* doesn't mean you want mail from
@spammer.example which sets its MX to a 10.* IP.
it may be easier to have this under smtpd_sender_restrictions
(otherwise, you probably need pcre checks).
smtpd_sender_restrictions =
...
check_sender_access hash:/etc/whitelist_my_domains
check_sender_mx_access ...
...
|
|
|