Hi, >> Mar 12 13:54:28 mail02 postfix/smtpd[24053]: NOQUEUE: reject: RCPT >> from unknown[64.68.76.15]: 450 4.1.8 <appl...@tank.sub1.domain.com>: >> Sender address rejected: Domain not found; >> from=<appl...@tank.sub1.domain.com> to=<s...@mydomain.com> proto=ESMTP >> helo=<mx02.example.com> > > this is being rejected by the reject_unknown_sender_domain > restriction. The 450 suggests it's a temporary failure of some > sort, but that doesn't mean it will correct itself without action by > the remote sysadmin. > >> >> In my check_sender_access file I have the following: >> >> 64.68.76.15 OK
You have provided me with some great information that I will have to review and be sure I understand properly. I even removed the reject_unknown_sender_domain restriction and the mail still bounced. It probably has to do with the ordering suggestions you've made below, but I added the IP to my_networks, and now it's working. Could that mean that it was a different restriction that was rejecting this mail, or is it still related to the unresolvable appl...@tank.sub1.domain.com host as I initially thought? Thanks, Alex > > IPs are always a client property, only checked with > check_client_access. In addition to the client IP, > check_client_access also checks the verified remote client hostname, > logged as "unknown" in your example above. > >> appl...@tank.sub1.domain.com OK > > OK, that appears to match what postfix logs as the sender address. > Postfix only logs and only uses the envelope sender. The From: > header is never logged nor used by postfix; it's for end-user > display only. > > That's the correct address to use for a check_sender_access map. > check_sender_access is always the envelope sender email address, or > the domain part of the email address. > > >> .sub1.domain.com OK > > The "proceeding dot" form will be ignored unless your non-default > parent_domain_matches_subdomain setting does NOT include > smtpd_access_maps. > > >> >> My smtpd_recipient_restrictions are below. I've had to create this >> crazy sender_checks_special file that appears before the normal >> sender_checks file because I was concerned that the >> reject_unknown_sender_domain was rejecting the mail first. I don't >> know the proper way to do this. >> >> smtpd_recipient_restrictions = >> reject_non_fqdn_recipient, >> check_client_access hash:/etc/postfix/client_checks_special, >> check_sender_access hash:/etc/postfix/sender_checks_special, > > This is your special non-existent sender check? It must be AFTER > reject_unauth_destination, and BEFORE reject_unknown_sender_domain. > > You likely have another reject_unknown_sender_domain under one of > the other smtpd_*_restrictions sections; remove it. No need to use > it twice. > > >> reject_non_fqdn_sender, >> reject_unlisted_recipient, >> permit_mynetworks, >> reject_unauth_destination, > > >>> put overrides/whitelists here <<< > >> reject_unknown_sender_domain, >> reject_unknown_recipient_domain, >> reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net, >> reject_rhsbl_sender mykey.dbl.dq.spamhaus.net, >> reject_rhsbl_helo mykey.dbl.dq.spamhaus.net >> check_helo_access pcre:/etc/postfix/helo_checks.pcre, >> reject_invalid_helo_hostname, >> check_client_access hash:/etc/postfix/client_checks, >> check_sender_access hash:/etc/postfix/sender_checks, >> check_recipient_access pcre:/etc/postfix/relay_recips_access, >> permit >> >> I'd gratefully appreciate any help on the proper way to do this. I'm >> actually not even sure that the appl...@tank.sub1.domain.com is the >> "envelope from" and not the "From:", which I guess would be listed in >> client_checks. >> >> Thanks, >> Alex >> > > > > -- Noel Jones
