Wietse Venema:
> Bill Cole:
> > ; <<>> DiG 9.9.1-P3 <<>> dfleur.com mx
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41183
Net::DNS::Nameserver to the rescue, with a trivial reply handler of:
sub reply_handler
{
my ($qname, $qclass, $qtype, $peerhost,$query,$conn) = @_;
print "[$peerhost: $qname $qtype?]\n" if $opt_v;
return ("SERVFAIL", );
}
Verified that "dig mx example.com", "dig a example.com", "dig aaaa
example.com" fail with SERVFAIL. Output omitted for brevity.
Postfix configuration:
# postconf -f smtpd_recipient_restrictions unknown_address_tempfail_action
reject_tempfail_action
smtpd_recipient_restrictions = reject_unknown_sender_domain, permit,
reject_unauth_destination
unknown_address_tempfail_action = $reject_tempfail_action
reject_tempfail_action = defer_if_permit
Telnet session:
# telnet 127.0.0.1 smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hostname.watson.ibm.com ESMTP Postfix
mail from:<u...@example.com>
250 2.1.0 Ok
rcpt to:<wietse@localhost>
450 4.1.8 <u...@example.com>: Sender address rejected: Domain not found
quit
221 2.0.0 Bye
Connection closed by foreign host.
As expected, Postfix logging confirms that MX, A and AAAA lookups
for example.com fail with a "try again" error. Logging omitted
for brevity.
reject_unknown_sender_domain then returns defer_if_permit. This
result overrides the effect of the subsequent "permit" action,
causing the RCPT TO to be deferred with "450 ... Sender address
rejected"
There is nothing magical about "permit" here; any other action that
accepts the RCPT TO will have the same effect.
Wietse
