2008/9/25 Brian Evans - Postfix List <[EMAIL PROTECTED]>: > mouss wrote: >> Henrik K wrote: >>> On Thu, Sep 25, 2008 at 03:30:18PM +0200, mouss wrote: >>>>> However, since there will be many more domains hosted on this server >>>>> is there not a better way? >>>> yes, there is: remove your check_sender_mx_access. did it ever >>>> catch spam on your server? it never caught anything here. >>> >>> I don't use it purely for spam prevention. Checking that that sender and >>> recipient MX's arent pointing to places such as localhost prevents >>> all sorts >>> of funny things. What's the point of receiving mail if you can't >>> reply to it >>> anyway? >> >> I agree on the principle of "reachable senders", but I have used it >> for so long and it never caught any spam. so why query dns for every >> email when it catches nothing. and given that the sender may be >> forged, you'll be hitting an innocent dns server. not a serious issue, >> but if the benefit is 0 hit, ... >> >> note also that a wrong envelope sender doesn't mean you can't reply. >> The From: header may still be ok. >> >> The only times I've seen an "unreachable" sender (not blocked by zen >> and other checks) was with legitimate mail. the most noticeable was >> very important mail (financial!) caused by an upgrade of the remote >> application server. >> >>> >>> The REAL solution is not to check mx access for local mail. If sender >>> and >>> recipient are on same domain, then mostly likely you should use >>> permit_mynetworks or such before the check. >>> >> >> He already has permit_mynetworks and so on. so his problem is >> different (and probably rare). He needs to exclude his domains from >> check_mx_access. If he puts check_mx_access at the end of his >> restrictions, he can use permit_auth_destination. but again, is all >> this worth the pain? > > The Problem the OP appears to fall into is that mail coming from outside > the mynetworks is being trapped to do a "local" DNS MX/A record. > It is probably pointing mail to the "example.com" as 127.0.0.1 (not > uncommon).
It points mail for the domain to the local server's FQDN. And that translates to localhost because of entries in /etc/hosts. I thought all this was clear. My apologies. ~juan
