check_sender_access and pattern matching

Mon, 21 Dec 2015 09:39:53 -0800 

Hi,
I have a postfix-2.10 fedora22 system and having trouble with my
sender checks. I have a domain that is sending mail with an invalid
hostname. The temporary solution is to add a check_sender_access
entry, but I must be doing something wrong.

Dec 21 12:30:16 mail02 postfix/smtpd[1560]: NOQUEUE: reject: RCPT from
mailout.example.com[64.123.123.200]: 450 4.1.8
<u...@invalid.example.com>: Sender address rejected: Domain not found;
from=<u...@invalid.example.com> to=<notificat...@mydomain.com>
proto=ESMTP helo=<mailout.example.com>

I had previously had the following:

*@invalid.example.com     OK

and I thought it was working, but apparently not. Is it not okay to
wildcard like that? I then added the specific user, and it's also
rejecting it.

Checking with postmap works successfully, though:

# postmap -q 'u...@invalid.example.com' hash:/etc/postfix/sender_checks
OK

Perhaps the ordering of restrictions is not correct?

smtpd_client_restrictions = permit_mynetworks,
    check_client_access hash:/etc/postfix/client_checks,
    check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns-042715a.pcre,
    check_reverse_client_hostname_access
pcre:/etc/postfix/reverse_client_hostname_access.pcre,
    check_client_access cidr:/etc/postfix/client_access_blocklist

smtpd_recipient_restrictions = reject_non_fqdn_recipient,
    reject_non_fqdn_sender,
    reject_unlisted_recipient,
    reject_unknown_recipient_domain,
    permit_mynetworks,
    reject_unauth_destination,
    reject_unknown_sender_domain,
    reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
    reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
    reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
    check_helo_access pcre:/etc/postfix/helo_checks.pcre,
    check_helo_access hash:/etc/postfix/helo_checks,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    check_policy_service inet:127.0.0.1:2501,
    check_recipient_access pcre:/etc/postfix/relay_recips_access,
    permit

smtpd_sender_restrictions = permit_mynetworks,
    check_sender_access hash:/etc/postfix/sender_checks,
    check_sender_ns_access hash:/etc/postfix/blacklist_ns.cf
    reject_unknown_sender_domain

Thanks,
Alex

Reply via email to