2008/9/24 Sahil Tandon <[EMAIL PROTECTED]>: > Juan Miscaro <[EMAIL PROTECTED]> wrote: > >> So I have the following lines in main.cf: > >> smtpd_recipient_restrictions = >> reject_non_fqdn_recipient >> reject_non_fqdn_sender >> reject_unknown_sender_domain >> permit_mynetworks >> permit_sasl_authenticated >> reject_unauth_destination >> reject_unknown_reverse_client_hostname >> check_helo_access regexp:/etc/postfix/helo_checks >> check_sender_mx_access cidr:/etc/postfix/bogus_mx >> reject_rbl_client zen.spamhaus.org >> permit > > This "permit" is unnecessary. > >> Contents of 'bogus_mx': >> >> # bogus networks >> 0.0.0.0/8 550 Mail server in broadcast network >> 10.0.0.0/8 550 No route to your RFC 1918 network >> 127.0.0.0/8 550 Mail server in loopback network >> 224.0.0.0/4 550 Mail server in class D multicast network >> 192.168.0.0/16 550 No route to your RFC 1918 network >> >> Now I see in my logs: >> >> postfix/smtpd[10896]: connect from toq1-srv.bellnexxia.net[209.226.175.120] >> postfix/smtpd[10896]: NOQUEUE: reject: RCPT from >> toq1-srv.bellnexxia.net[209.226.175.120]: 550 5.7.1 >> <[EMAIL PROTECTED]>: Sender address rejected: Mail server in loopback >> network; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP >> helo=<toq1-srv.bellnexxia.net> >> postfix/smtpd[10896]: disconnect from >> toq1-srv.bellnexxia.net[209.226.175.120] >> postfix/smtpd[10896]: connect from toq1-srv.bellnexxia.net[209.226.175.120] >> postfix/smtpd[10896]: 0CA7F20EEE15: >> client=toq1-srv.bellnexxia.net[209.226.175.120] >> postfix/cleanup[4433]: 0CA7F20EEE15: >> message-id=<[EMAIL PROTECTED]> >> >> So here we have a user sending mail to another user in the same >> domain. It makes sense that the mailserver uses its loopback address. >> I just thought that what I'm doing is standard but obviously it >> breaks in such a common scenario. Comments? > > What is 'example.com' really?
'example.com' is a domain for which my mailserver accepts mail for. > The way I understand it, > check_sender_mx_access checks whether the MX host(s) for the MAIL FROM > address match whatever you may have in your access table. Just because > one user is sending to another in the same domain, that does not mean > the domain itself should have an MX record that points to loopback. The floor is open. /juan