On Thu, Apr 21, 2022 at 5:19 PM Noel Jones <njo...@megan.vbhcs.org> wrote:
> > On 4/21/2022 3:34 PM, Ian Evans wrote: > > I've seen this a few times with some companies. I'm expecting an > > email from, say, example.com <http://example.com> > > > > They say it's bouncing. I check the logs and there's a RCPT 450 > > Sender address rejected: domain not found. The email is being sent > > from email.example.com <http://email.example.com>, but that > > subdomain doesn't exist, can't be pinged. This is a trusted sender, > > can I somehow whitelist this domain? > > > > > > > You're probably using the reject_unknown_sender_domain restriction. > Just above that, add something like > check_client_access inline:{192.0.2.1=permit_auth_destination} > using the IP of the offending client > > For more complete examples and how to integrate this in your setup, > share your "postconf -nf" and the actual log entry. > > > > > Hi Noel, Sorry for the lack of extra detail. Was quickly asking the initial question on my phone and the ssh app I have sucks for cut'n'paste. As mentioned, it's happening with this sender and a few other businesses. postconf -nf alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 home_mailbox = Maildir/ inet_interfaces = all inet_protocols = ipv4 mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}" mailbox_size_limit = 0 message_size_limit = 104857600 milter_default_action = accept milter_protocol = 6 myhostname = carson.digitalhit.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname non_smtpd_milters = inet:localhost:12345,inet:localhost:54321 policy-spf_time_limit = 3600s postscreen_access_list = permit_mynetworks,cidr:/etc/postfix/postscreen_access.cidr,cidr:/etc/postfix/postscreen_spf_whitelist.cidr postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org*3,b.barracudacentral.org=127.0.0.[2..11]*2, bl.spameatingmonkey.net*2,bl.spamcop.net,dnsbl.sorbs.net,swl.spamhaus.org *-4,list.dnswl.org=127.[0..255].[0..255].0*-2,list.dnswl.org =127.[0..255].[0..255].1*-4,list.dnswl.org=127.[0..255].[0..255].[2..3]*-6 postscreen_dnsbl_threshold = 3 postscreen_dnsbl_ttl = 1d postscreen_dnsbl_whitelist_threshold = -1 postscreen_greet_action = enforce postscreen_whitelist_interfaces = static:all readme_directory = no recipient_bcc_maps = hash:/etc/postfix/recipient_bcc recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = carson.digitalhit.com ESMTP $mail_name (Ubuntu) smtpd_milters = inet:localhost:12345,inet:localhost:54321 smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policy-spf smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/valid_senders, reject_unknown_sender_domain smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/digitalhit.com/fullchain.pem smtpd_tls_ciphers = high smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem smtpd_tls_exclude_ciphers = EXPORT smtpd_tls_key_file = /etc/letsencrypt/live/digitalhit.com/privkey.pem smtpd_tls_loglevel = 1 smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport virtual_alias_maps = hash:/etc/postfix/virtual virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = digitalhit.com virtual_mailbox_limit = 0 virtual_mailbox_maps = hash:/etc/postfix/vmaps virtual_minimum_uid = 1000 virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_uid_maps = static:5000 As the world loves a good joke, the email just came through. Could it have initially been postscreen? The bounce: Apr 21 14:54:12 carson postfix/smtpd[15379]: NOQUEUE: reject: RCPT from unknown[167.89.45.252]: 450 4.1.8 <bounces+919631-7aff-ianevans= digitalhit....@email.screener.ly>: Sender address rejected: Domain not found; from=<bounces+919631-7aff-ianevans=digitalhit....@email.screener.ly> to=<ianev...@digitalhit.com> proto=ESMTP helo=<o1.email.screener.ly>
