[pfx] reject mails from domains whose MX records don't have any A/AAAA records

Tue, 21 Oct 2025 00:17:46 -0700 

Hello,

Is there any way to reject mails from domains with useless MX records?
I want to reject cases where the MX records themselves are syntactically valid, but the name they point to doesn't have any A or AAAA records.
I kinda expected reject_unknown_sender_domain to already do that, but the docs actually say:
Reject the request when Postfix is not the final destination for the sender address, and the MAIL FROM domain has 1) no DNS MX and no DNS A record, or 2) a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later).
So I suppose since the MX record itself is fine, although useless, reject_unknown_sender_domain is happy with it. 


See this log line for example:
2025-10-20T00:27:12.626227+02:00 mail postfix/mx/smtpd[226824]: warning: Unable to look up MX host irondelle.o2switch.net for Sender address [email protected]: Name or service not known 

So the domain has an MX record:

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> easydoli.fr in mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49146
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;easydoli.fr.                   IN      MX

;; ANSWER SECTION:
easydoli.fr.            3255    IN      MX      1 irondelle.o2switch.net.


But that MX doesn't have any A records:

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> irondelle.o2switch.net. in a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41049
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;irondelle.o2switch.net.                IN      A

And for completeness sake, let's test AAAA as well:

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> irondelle.o2switch.net. in aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15116
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;irondelle.o2switch.net.                IN      AAAA


Thanks!

Antonin
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to