Dear postfix users, admins and guru's. Today I was alerted to a new 'problem'. As I was unable to find any information on it online, I decided to present it to you......
An important application we run has, unfortunately, an internal mail-queuing system that is, to say the least, sub-optimal. A transient error (450) for an unknown domain will keep the message on top of the queue resulting, in practice, in a shutdown of the system that can send out tens of thousands of e-mails per day. To circumvent this problem, the application delivers the mail to a local postfix instance with the following settings: > # JUNK MAIL CONTROLS > unknown_address_reject_code = 550 > unknown_address_tempfail_action = defer > smtpd_recipient_restrictions = reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > permit_mynetworks, > reject Being a work-around, it does exactly what is is supposed to do. However, today problems arose as a misspelled e-mail address once again 'stopped' the processing. The 'original' address returned a 450: > Oct 28 09:43:19 pelona postfix/smtpd[93730]: 3A3FA2C01E0: reject: RCPT > from localhost[127.0.0.1]: 450 4.1.2 <someon...@hotmail.co>: Recipient > address rejected: Domain not found; from=<m...@ru.nl> > to=<someon...@hotmial.co> proto=SMTP helo=<pelona> And an almost identical one returned the expected 550:: > Oct 28 09:44:37 pelona postfix/smtpd[93730]: 3A3FA2C01E0: reject: RCPT > from localhost[127.0.0.1]: 550 5.1.2 <someon...@schotmail.co>: > Recipient address rejected: Domain not found; from=<m...@ru.nl> > to=<someon...@schotmail.co> proto=SMTP helo=<pelona> After some (literal) digging I found out that Microsoft has started to mark domains as 'Non-Mail' bu actively using an 'deny all' SPF record: > dig any hotmail.co > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> any hotmail.co > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23310 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;hotmail.co. IN ANY > > ;; ANSWER SECTION: > hotmail.co. 7200 IN NS ns2.msft.net. > hotmail.co. 7200 IN NS ns3.msft.net. > hotmail.co. 7200 IN NS ns4.msft.net. > hotmail.co. 7200 IN NS ns1.msft.net. > hotmail.co. 3600 IN TXT "v=spf1 -all" This usage of a single SPF record results in an existing domain from Postfix's perspective. There is no MX record, there is no A record, so mail can not be delivered. And Microsoft tops it off by explicitely claiming no e-mail will be send from this domain So now, Postfix does no longer mark this as a "unknown_recipient_domain". It is technically correct in (not) doing so, but it breaks the purpose it is being used for in many cases. Does any one have any bright ideas how to deal with this situation? Ydo Ehlers
