Re: check_sender_mx_access question

From: mouss (no email)
Date: Tue Feb 13 2007 - 18:09:59 EST

  • Next message: mouss: "Re: fetchmail to postfix (a point in the right direction?)"

    MrC wrote:
    >>> One of my users with domain "example.com" has an external webmail
    >>> account, that when it sends email on his behalf, it
    >>>
    >> connects with MAIL
    >>
    >>> FROM envelopes as .
    >>>
    >>> I have check_sender_mx_access checks rejecting mail from
    >>>
    >> RFC1918 addresses.
    >>
    >>> When he CC's himself, postfix is dutifully rejecting those messages
    >>> due to hitting the RFC1918 checks. The server's interface
    >>>
    >> is in the
    >>
    >>> RFC1918 space (of course, only non-private A and MX records are
    >>> visible externally), and my DNS server provides an internal
    >>>
    >> A record for the server in that space.
    >>
    >>> My question - what's the best way to avoid bouncing his
    >>>
    >> mail? Should
    >>
    >>> I simply DUNNO my postfix server's private IP in the
    >>> check_sender_mx_access access list?
    >>>
    >>>
    >> Tell him to fix his sender address. the sender address should
    >> be one that anybody can reply to. his webmail is probably
    >> misconfigured.
    >>
    >> if he can't, then either keep rejecting him or remove the
    >> check that rejects him. only you can take the decision.
    >>
    >>
    >
    > Mouss thanks,
    >
    > I've taken care of the problem.
    >
    > I don't believe I explained myself very clearly; the sender's address is
    > fine - I host his domains. The reject occurred because his domain is hosted
    > by my server and it was mx-checking itself, finding it lives in
    > private-land. Cure: a simple DUNNO for the mail server's own private IP in
    > my check_sender_mx_access list. That scenario simply escaped my notice when
    > I enabled the sender mx checks.
    >
    > MrC
    >
    >
    >

    I see now. but if it's so, only exclude your own domains from that check
    (with a check_sender_access).
    just because you use 10.* doesn't mean you want mail from
    @spammer.example which sets its MX to a 10.* IP.

    it may be easier to have this under smtpd_sender_restrictions
    (otherwise, you probably need pcre checks).

    smtpd_sender_restrictions =
        ...
        check_sender_access hash:/etc/whitelist_my_domains
        check_sender_mx_access ...
        ...


  • Next message: mouss: "Re: fetchmail to postfix (a point in the right direction?)"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD