Bill Cole:
> On 3 Oct 2012, at 16:26, Wietse Venema wrote:
>
> > Bill Cole:
> >> ; <<>> DiG 9.9.1-P3 <<>> dfleur.com mx
> >> ;; global options: +cmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41183
> >
> > How will I reproduce this quickly?
>
> I am not sure. If your resolver is BIND you can make dfleur.com (and as
> far as I can tell, nothing else but other spammer domains) yield
> SERVFAIL by adding this to the options section of named.conf:
>
> blackhole {
> 108.161.130.187;
> };
This produces the same result as in my Net::DNS example with a
forced SERVFAIL response.
# telnet hostname smtp
Trying 9.2.193.248...
Connected to hostname.watson.ibm.com.
Escape character is '^]'.
220 hostname.watson.ibm.com ESMTP Postfix
mail from:<u...@dfleur.com>
250 2.1.0 Ok
rcpt to:<wietse@localhost>
450 4.1.8 <u...@dfleur.com>: Sender address rejected: Domain not found
quit
221 2.0.0 Bye
Connection closed by foreign host.
Parameters:
reject_tempfail_action = defer_if_permit
unknown_address_tempfail_action = $reject_tempfail_action
smtpd_recipient_restrictions = reject_unknown_sender_domain, permit,
reject_unauth_destination
The only way to make Postfix accept the recipient is that you have
something before reject_unknown_sender_domain that accepts the
recipient.
Wietse
