On 7/9/2010 11:35 AM, Phil Howard wrote:
On Fri, Jul 9, 2010 at 12:09, Stéphane MERLE
<stephane.me...@distrigame.com> wrote:
I would have 2 questions :
- 1 what is the procedure for postfix when it try to send email to a
domain with no MX record ?
like : dig mx elv.enic.fr
- 2 would that be an offense to refuse to send to domain with no MX
record ? (I don't know if there's a lot of them)
-2+ : how can I do that with postfix ?
Thanks for your help ...
Stéphane
It doesn't matter. It is valid for domains to have or not have an MX
record. It will need an A record if no MX record.
Based on your tcpdump output in your private reply to me, some other
domain is answering an A query (whether after an MX or not) with
169.254.140.241. So it's not a Postfix issue, and probably not even
your server issue, unless your own DNS server has that configured.
For the list ... it's a case of some DNS answering with the LL address
... case closed with respect to Postfix.
To bring this back to postfix, you can reject domains with
bogus IPs like this by using check_sender_mx_access.
http://www.postfix.org/postconf.5.html#check_sender_mx_access
(if there's no MX, the A record will be used)
Something like...
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
... other local stuff ...
check_sender_mx_access cidr:/etc/postfix/bogus_mx.cidr
# /etc/postfix/bogus_mx.cidr
169.254.0.0/16 REJECT rfc3927 address
... other IPs you consider bogus ...
Note: there is a slight risk of false positives from legit but
misconfigured domains.
-- Noel Jones
