On Wed, Jan 21, 2009 at 03:14:09PM -0800, Todd A. Jacobs wrote: > The outbound mail is *still* not being bounced when the RCPT TO is > the secureserver.net domain: > > Jan 21 15:04:47 penguin postfix/pickup[5781]: B0CFB37CAB: uid=1000 > from=<f...@example.com> > Jan 21 15:04:47 penguin postfix/cleanup[5758]: B0CFB37CAB: > message-id=<20090121230447.gm32...@penguin.example.com> > Jan 21 15:04:47 penguin postfix/qmgr[5759]: B0CFB37CAB: > from=<f...@example.com>, size=3389, nrcpt=1 (queue active) > Jan 21 15:04:49 penguin postfix/smtp[5783]: B0CFB37CAB: > to=<postmas...@secureserver.net>, relay=smtp.charter.net[209.225.8.224]:25, > delay=2.1, delays=0.05/0.02/0.31/1.7, dsn=2.0.0, status=sent (250 Message > received: 20090121230448.wvar25639.aarprv04.charter....@penguin.example.com) > Jan 21 15:04:49 penguin postfix/qmgr[5759]: B0CFB37CAB: removed > > So, no matter where I put the check for the recipient MX record, it is > not being processed. And before anyone asks, the hash table has been > processed with postmap: > > $ sudo postmap -s /etc/postfix/mx_access > secureserver.net REJECT > smtp.secureserver.net REJECT > > so there should be no excuses for the table not to be referenced > *somewhere* in the chain.
Yeah! Finally some logging! This mail was submitted via the sendmail command, not via SMTP. Postfix smtpd_*_restrictions operate only on mail submitted via SMTP. The table will never be referenced. You have a few options... - You can use the transport table to direct the recipient domain to the error: or discard: transport. Note the transport table must list the recipient domain, not the MX, so this isn't as broad a solution as check_recipient_mx_access. - You can submit the mail using SMTP. You could use a wrapper command such as mini_sendmail to simulate the standard sendmail command. Note that some programs will respond "ungracefully" when mail submission fails. - You can use firewall rules to prevent your host from contacting smtp.secureserver.net -- Noel Jones
