On 5/23/2013 10:23 AM, Wietse Venema wrote: > Deeztek Support: >> On another topic, I had an issue the other day where an outside >> sender was trying to send e-mail to an internal recipient and their >> e-mail was getting delayed due to a DNS issue on their end. The >> exact error was: >> >> (Host or domain name not found. Name service error for name=rotary.org >> type=MX: Host not found, try again) >> >> I'm assuming this was happenning due to the reject_unknown_sender_domain >> in my smtpd_recipient_restrictions. It eventually got fixed and >> the e-mail was able to get delivered however in the meantime what >> would be the best way to bypass that person's e-mail address so >> that e-mail will still get delivered even though their server is >> misconfigured? > > Manual whitelisting. > > /etc/postfix/main.cf: > smtpd_recipient_restrictions = > ... > reject_unauth_destination > check_sender_access hash:/etc/postfix/sender_access > reject_unknown_sender_domain > > /etc/postfix/sender_access: > rotary.org OK > > Postfix currently does not remember the result of previous > reject_unknown_sender_domain tests, so it cannot automatically > permit a site to send mail based on previous results. > > Wietse
You may also want to look into automatic whitelisting. IIRC a daemon exists for this. You'll have to look around. Some time ago Viktor and I knocked out a basic shell script that does this. It scans the mail log file for successful deliveries and adds the recipient address to a whiltelist. Once your Postix has delivered to an address it will always accept mail from that address, assuming you check this table before other restrictions. The script with basic instructions is here: http://www.hardwarefreak.com/whtlst_gen.sh.txt Depending on your mail flow and other factors, you may want to cron it more frequently than suggested. I've been using this on Debian for a couple of years now and it works great. This is designed for use on an MX that also does all outbound delivery. It's easily adaptable for split setups or farms. I described one way of doing so previously. It should be in the list archives somewhere. -- Stan
