Re: Mail server in loopback network (fairly common?)

Wed, 24 Sep 2008 20:23:00 -0700 

2008/9/24 Sahil Tandon <[EMAIL PROTECTED]>:
> Juan Miscaro <[EMAIL PROTECTED]> wrote:
>
>> So I have the following lines in main.cf:
>
>> smtpd_recipient_restrictions =
>>         reject_non_fqdn_recipient
>>         reject_non_fqdn_sender
>>         reject_unknown_sender_domain
>>         permit_mynetworks
>>         permit_sasl_authenticated
>>         reject_unauth_destination
>>         reject_unknown_reverse_client_hostname
>>         check_helo_access regexp:/etc/postfix/helo_checks
>>         check_sender_mx_access cidr:/etc/postfix/bogus_mx
>>         reject_rbl_client zen.spamhaus.org
>>         permit
>
> This "permit" is unnecessary.
>
>> Contents of 'bogus_mx':
>>
>> # bogus networks
>> 0.0.0.0/8               550 Mail server in broadcast network
>> 10.0.0.0/8              550 No route to your RFC 1918 network
>> 127.0.0.0/8             550 Mail server in loopback network
>> 224.0.0.0/4             550 Mail server in class D multicast network
>> 192.168.0.0/16          550 No route to your RFC 1918 network
>>
>> Now I see in my logs:
>>
>> postfix/smtpd[10896]: connect from toq1-srv.bellnexxia.net[209.226.175.120]
>> postfix/smtpd[10896]: NOQUEUE: reject: RCPT from
>> toq1-srv.bellnexxia.net[209.226.175.120]: 550 5.7.1
>> <[EMAIL PROTECTED]>: Sender address rejected: Mail server in loopback
>> network; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
>> helo=<toq1-srv.bellnexxia.net>
>> postfix/smtpd[10896]: disconnect from 
>> toq1-srv.bellnexxia.net[209.226.175.120]
>> postfix/smtpd[10896]: connect from toq1-srv.bellnexxia.net[209.226.175.120]
>> postfix/smtpd[10896]: 0CA7F20EEE15:
>> client=toq1-srv.bellnexxia.net[209.226.175.120]
>> postfix/cleanup[4433]: 0CA7F20EEE15:
>> message-id=<[EMAIL PROTECTED]>
>>
>> So here we have a user sending mail to another user in the same
>> domain.  It makes sense that the mailserver uses its loopback address.
>>  I just thought that what I'm doing is standard but obviously it
>> breaks in such a common scenario.  Comments?
>
> What is 'example.com' really?


'example.com' is a domain for which my mailserver accepts mail for.


> The way I understand it,
> check_sender_mx_access checks whether the MX host(s) for the MAIL FROM
> address match whatever you may have in your access table.  Just because
> one user is sending to another in the same domain, that does not mean
> the domain itself should have an MX record that points to loopback.


The floor is open.

/juan

Reply via email to