> -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of /dev/rob0 > Sent: Monday, November 05, 2012 11:47 AM > To: postfix-users@postfix.org > Subject: Re: sender address rejected > > On Mon, Nov 05, 2012 at 11:14:43AM -0500, James Chase wrote: > [attribution reconstructed] > > > > James: > > > rob0: > > > and another > > > > > > > check_recipient_access > > > > pcre:/etc/postfix/MISC_CHECKS/ascii.pcre, check_sender_mx_access > > > > cidr:/etc/postfix/NETWORK_CHECKS/drop.cidr, check_policy_service > > > > inet:127.0.0.1:10023, check_helo_access > > > > pcre:/etc/postfix/NETWORK_CHECKS/helo_hostnames.pcre, > > > > pcre:/etc/postfix/EMAIL_ADDRESS_CHECKS/to_recipients_bw.regexp > > > > reject_non_fqdn_helo_hostname reject_invalid_helo_hostname > > > > > > See "man postmap" and the -q option to query your maps: > > > > > > postmap -q unmunged@sender.address maptype:mapname > > FWIW I do appreciate those who take the time to trim excess quotes from > list posts, but you trimmed out the relevant stuff and left not-so-relevant > stuff.
True. I was thinking in terms of people looking at the thread in an archived threaded view and not you needing the info to help me here. Apologies. > > I did say it would have been easier if you had shared the contents of your > check_sender_access maps. For that matter, you might have found the entry > yourself, just by looking in the file. > The files are thousands of lines long so I was hesitant to include it here. I'm happy to in the future if that isn't some violation of etiquette. I'm not sure if you are allowed to attach files to messages on this list. > > > I tried this on all the areas you pointed out but nothing came back as > > being a REJECT. Is this possible? > > It's probable that you munged the log line you showed, and it is certain that if > you cannot figure it out yourself, you should not be munging domain names, > and you should disclose the contents of your check_sender_access maps. I did find the rule that was rejecting my message! It was a misunderstanding of the query feature that led to the false negative -- I was searching for u...@domain.com while the rule was just blocking domain.com. So it did not come up in the query. I had tested removing this rule before but the message still got blocked -- however I just noticed the second attempt was blocked with a reject + label message. So I was able to track that one down. Thanks for your help in narrowing down this rejection! > > > I did find one rule that looked suspicious just in a manual review but > > changing it and running postmap again didn't make a different in terms > > of the reject message. > > > > Most of our reject rules are labeled except where we are blocking > > because of an e-mail address pattern, so I would think it was obvious > > if it was a rule we were using that was NOT an e-mail address block. > > Why the exception? Why not label them all? You can even give a rejected > client an informative message, visible to them and also recorded in your logs. It's a good point.
