Re: Mail server in loopback network (fairly common?)

Wed, 24 Sep 2008 20:16:21 -0700 

Juan Miscaro <[EMAIL PROTECTED]> wrote:

> So I have the following lines in main.cf:

Please read the DEBUG_README; instead of posting snippets of your
main.cf, please paste the output of 'postconf -n'.

> smtpd_recipient_restrictions =
>         reject_non_fqdn_recipient
>         reject_non_fqdn_sender
>         reject_unknown_sender_domain
>         permit_mynetworks
>         permit_sasl_authenticated
>         reject_unauth_destination
>         reject_unknown_reverse_client_hostname
>         check_helo_access regexp:/etc/postfix/helo_checks
>         check_sender_mx_access cidr:/etc/postfix/bogus_mx
>         reject_rbl_client zen.spamhaus.org
>         permit

This "permit" is unnecessary.

> Contents of 'bogus_mx':
> 
> # bogus networks
> 0.0.0.0/8               550 Mail server in broadcast network
> 10.0.0.0/8              550 No route to your RFC 1918 network
> 127.0.0.0/8             550 Mail server in loopback network
> 224.0.0.0/4             550 Mail server in class D multicast network
> 192.168.0.0/16          550 No route to your RFC 1918 network
> 
> Now I see in my logs:
> 
> postfix/smtpd[10896]: connect from toq1-srv.bellnexxia.net[209.226.175.120]
> postfix/smtpd[10896]: NOQUEUE: reject: RCPT from
> toq1-srv.bellnexxia.net[209.226.175.120]: 550 5.7.1
> <[EMAIL PROTECTED]>: Sender address rejected: Mail server in loopback
> network; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
> helo=<toq1-srv.bellnexxia.net>
> postfix/smtpd[10896]: disconnect from toq1-srv.bellnexxia.net[209.226.175.120]
> postfix/smtpd[10896]: connect from toq1-srv.bellnexxia.net[209.226.175.120]
> postfix/smtpd[10896]: 0CA7F20EEE15:
> client=toq1-srv.bellnexxia.net[209.226.175.120]
> postfix/cleanup[4433]: 0CA7F20EEE15:
> message-id=<[EMAIL PROTECTED]>
> 
> So here we have a user sending mail to another user in the same
> domain.  It makes sense that the mailserver uses its loopback address.
>  I just thought that what I'm doing is standard but obviously it
> breaks in such a common scenario.  Comments?

What is 'example.com' really?  The way I understand it,
check_sender_mx_access checks whether the MX host(s) for the MAIL FROM
address match whatever you may have in your access table.  Just because
one user is sending to another in the same domain, that does not mean
the domain itself should have an MX record that points to loopback.

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Reply via email to