I see the following syslog entries for a message from the local public library system when I have reject_unknown_sender_domain in smtpd_recipient_restrictions:
Nov 25 14:06:23 gob postfix/smtpd[19293]: connect from unknown[12.229.68.221] Nov 25 14:06:23 gob postfix/smtpd[19293]: warning: 221.68.229.12.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=221.68.229.12.zen.spamhaus.org type=A: Host not found, try again Nov 25 14:06:23 gob postfix/smtpd[19293]: NOQUEUE: reject: RCPT from unknown[12.229.68.221]: 450 4.1.8 <circ...@lcplin.org>: Sender address rejected: Domain not found; from=<circ...@lcplin.org> to=<[REDACTED]@ BERGMANS.US> proto=ESMTP helo=<sangria.lcplin.org> Nov 25 14:06:23 gob postfix/smtpd[19293]: disconnect from unknown[12.229.68.221] Their A and MX records for the sending domain and the A record for the host in HELO look typical and sane to me, but they have a setup for "reverse" DNS I don't believe I've seen before: $ dig -x 12.229.68.221 ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x 12.229.68.221 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19095 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;221.68.229.12.in-addr.arpa. IN PTR ;; ANSWER SECTION: 221.68.229.12.in-addr.arpa. 85298 IN CNAME 221.128/25.68.229.12.in-addr.arpa. 221.128/25.68.229.12.in-addr.arpa. 9698 IN PTR sangria.lcplin.org. ;; AUTHORITY SECTION: 128/25.68.229.12.in-addr.arpa. 85298 IN NS donuts1.lcplin.org. ;; ADDITIONAL SECTION: donuts1.lcplin.org. 85214 IN A 12.229.68.200 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Nov 26 19:21:26 2013 ;; MSG SIZE rcvd: 139 So my questions are: 1. Is this actually what's causing the rejection? 2. If the answer to (1) is yes, then is this a Postfix bug or a feature? I'm happy to write the administrators of lcplin.org and ask them to fix their zone, but I can't really cite chapter and verse as to why it's wrong. In fact, I'm not convinced it is. Best, -- Lucas
