Currently I block email with
smtpd_sender_restrictions =
reject_unknown_sender_domain
check_sender_access hash:/etc/postfix/access
smtpd_data_restrictions =
reject_multi_recipient_bounce
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
permit_mynetworks
permit_sasl_authenticated
check_client_access hash:/etc/postfix/agencies
reject_unauth_destination
check_client_access hash:/etc/postfix/access
check_helo_access pcre:/etc/postfix/helo_checks
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client cbl.abuseat.org
I've got a customer who has their Mailer-Daemon address configured
to respond with an invalid domain so they get rejected:
Apr 9 16:53:44 agencymail postfix/smtpd[1703]: NOQUEUE: reject: RCPT
from theirotherbutvalid.example.com [x.x.x.x]: 450 4.1.8
<mailer-dae...@their.example.com>: Sender address rejected: Domain
not found; from=<mailer-dae...@their.example.com>
to=<u...@my.example.com> proto=ESMTP helo=<theirotherbutvalid.example.com>
I'd like to be able to whitelist their.example.com so it won't reject
(trying to convince them to fix it, but you know how it goes). With
the above config, I think I would need to update /etc/postfix/access,
but also change the order to:
smtpd_sender_restrictions =
check_sender_access
hash:/etc/postfix/access reject_unknown_sender_domain
would I also need to do something with reject_non_fqdn_sender ?
Thx.
Rick
Rick Steeves
http://www.sinister.net
"Life is like a sausage: The more you pack into it, the longer it gets"
