Rainer Daeschler via mailop skrev den 2025-10-11 10:41:
Hi Ken,
Please reply to <Postmaster@ {mx.internal}>
if you feel this message to be in error.
The original message has been removed from the bounce message.
Reporting-MTA: dns; altprdfep009. {mx.internal}
Arrival-Date: Thu, 9 Oct 2025 08:02:03 -0400
Received-From-MTA: dns; altprdrgi011.altice.prod.cloud.openwave.ai
[1] ( {10.33.66.227})
Content-Transfer-Encoding: 7bit
…
Diagnostic-Code: smtp; 550 5.7.1 Spam detected by content scanner.
Message rejected
{mx.internal} = none existent domain
{10.33.66.227} = private IP address, not the IP from
altprdrgi011.altice.prod.cloud.openwave.ai.
No wonder it's considered spam.
:-)
postfix can reject rfc 1918 mx hosts via cidr maps
# cat main.cf
smtpd_sender_restrictions = ... check_sender_mx_access
cidr:/etc/postfix/rfc1918.cidr
# cat rfc1918.cidr
Here are some other things you can do with check_*_mx_access (this is
a "cidr:" map type):
0.0.0.0/8 REJECT Domain MX in broadcast network
10.0.0.0/8 REJECT Domain MX in RFC 1918 private network
127.0.0.0/8 REJECT Domain MX in loopback network
169.254.0.0/16 REJECT Domain MX in link local network
172.16.0.0/12 REJECT Domain MX in RFC 1918 private network
192.0.2.0/24 REJECT Domain MX in TEST-NET network
192.168.0/16 REJECT Domain MX in RFC 1918 private network
224.0.0.0/4 REJECT Domain MX in class D multicast network
240.0.0.0/5 REJECT Domain MX in class E reserved network
248.0.0.0/5 REJECT Domain MX in reserved network
pretty safe if remote is ipv6 :)
in that case add ipv6 to cidr map
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
