On Wed, Dec 04, 2013 at 11:54:11PM +0530, Nilesh Govindrajan wrote:
> I have a postfix server configured with following restrictions -
>
> smtpd_reject_unlisted_sender = yes
You'll have implement this control in the PHP application or submit email
via SMTP, rather than the sendmail(1) command. Submission with sendmail(1)
is asynchronous, and works even when Postfix is not running. Messages in
the "maildrop" directory are processed once Postfix is running, but it is
too late to tell the application that the message is not acceptable.
> smtpd_relay_restrictions = reject_unverified_recipient,
> permit_mynetworks, permit_sasl_authenticated, permit_auth_destination,
> reject
Why is your PHP application allowing users to send messages to
arbitrary recipients? You should not need "reject_unverified_recipient"
unless you have an open-relay web-form, fix the real problem.
> smtpd_recipient_restrictions =
> reject_rbl_client zen.spamhaus.org, reject_rbl_client
> bl.spamcop.net, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
> dbl.spamhaus.org,
> reject_unknown_recipient_domain, reject_unlisted_recipient,
> reject_unverified_recipient, permit
Your own machine is probably not on any RBL, so you won't get much help
here.
> When I try to send mail using telnet to a failing address (aka
> unverified) it properly fails.
> But when PHP sends mail (which uses sendmail -t -i), it queues the mail.
>
> What am I missing?
Don't let your PHP applications send mail to arbitrary addresses
unless they are restricted to authenticated trusted users. If the
latter, make sure you have valid sender addresses recorded for each
such user, and use these rather than webform input as the sender
address. If a submitted message from a trusted user bounces, the
right user receives the bounce.
If some of your users are spammers, solve that problem, just
filtering out messages to invalid recipients is not the right
answer.
--
Viktor.
