Hello.
Full picture: i am still at the 9fans mailing-list, which over
time has been migrated to topicbox.com, and this is handled via
messagingengine.com (it is saddening to do configuration via
policy server as the two domains are distinct, sigh).
Well, there started a lot of noise on these lists recently, for
the first time since the new setup is active i think, and today
i again stumbled over the fact that postfix receives many
successive mails from these servers, then creates / refreshes the
verify_sender DB, but seems to have "no state machine" regarding
sender verification, but simply "brute force verifies", for
example here:
Jan 14 15:16:16 postfix/smtp[892]: 4013616065:
to=<bounce.mmf69fb7a2ec786bdd37fc8981.rf5167a6a-eb83-11e9-92f5-7ab8f5b1d...@9fans.bounce.topicbox.com>,
relay=mx1.topicbox.com[103.168.172.233]:25, delay=1.6,
delays=0.02/0.17/1.3/0.14, dsn=2.1.5, status=deliverable (250 2.1.5 Ok)
..
Jan 14 15:16:16 postfix/smtp[893]: 8D64D16067:
to=<bounce.mm1d0608a97b91ed0ef138d2f7.rf5167a6a-eb83-11e9-92f5-7ab8f5b1d...@9fans.bounce.topicbox.com>,
relay=mx1.topicbox.com[103.168.172.232]:25, delay=1.6,
delays=0.01/0.23/1.2/0.19, dsn=2.1.5, status=deliverable (250 2.1.5 Ok)
...
Jan 14 15:16:16 postfix/smtp[891]: 586AF16066:
to=<bounce.mm0295fcc211a103059818efab.rf5167a6a-eb83-11e9-92f5-7ab8f5b1d...@9fans.bounce.topicbox.com>,
relay=mx1.topicbox.com[103.168.172.233]:25, delay=1.7,
delays=0.01/0.1/1.4/0.13, dsn=2.1.5, status=deliverable (250 2.1.5 Ok)
today two in parallel, but it can be more even, it seems unbound
(by itself).
Could anything be done about that, aka synchronization be
enforced? I also seem to remember being fooled by nonsense mails
which then cause sender verification to kick in to unrelated
things, but i have forgotten about the details, actually.
I am also totally rusty regarding DNS, off-topic.., but if i do
"dig topicbox.com" i get "103.168.172.5" for another 178 seconds,
but if i do "dig -x 103.168.172.5" i get NXDOMAIN by
messagingengine.com, which is what one gets when asking for MX of
topicbox.com. It seems no good.. whatever. Maybe someone reads
that..
Relevant config is
# MAIL FROM Checks
smtpd_sender_restrictions =
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY reject_authenticated_sender_login_mismatch,
permit_tls_clientcerts,
#[RELAY] permit_sasl_authenticated,
reject_non_fqdn_sender,
check_sender_access inline:{$mydomain=reject},
# Total no-goes database, eg: qq.com reject
#check_sender_access lmdb:$meta_directory/sender_restrict,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
#GRAY: with --focus-sender only! And --msg-allow=permit
check_policy_service unix:private/postgray,
reject_unverified_sender,
permit
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
|
|In Fall and Winter, feel "The Dropbear Bard"s pint(er).
|
|The banded bear
|without a care,
|Banged on himself for e'er and e'er
|
|Farewell, dear collar bear
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
