On 12/31/2014 10:20 AM, Wietse Venema wrote: > James B. Byrne: >> One of our staff has requested that their United Parcel Service (UPS) account >> password be changed. They have not received the expected email providing the >> necessary ephemeral link to accomplish this. Checking the maillog I see these >> entries from yesterday and today: >> >> grep '@ups' /var/log/maillog >> >> Dec 30 14:27:55 inet08 postfix-p25/smtpd[24854]: NOQUEUE: reject: RCPT from >> upsmailer.acsbps.com[216.115.165.7]: 450 4.7.1 <SUASMTP.upsdiv.com>: Helo >> command rejected: Host not found; from=<ica.servi...@upsdocs.com> >> to=<foste...@harte-lyne.ca> proto=ESMTP helo=<SUASMTP.upsdiv.com> > > upsdocs.com has no MX, A, or AAAA record. Thus, they fail > the reject_unknown_sender_domain test. > > They do have an NS record, though, and You could put check_sender_ns_access > before reject_unknown_sender_domain, and "permit" all domains with > an ups.com DNS server... > > /etc/postfix/main.cf: > smtpd_sender_restrictions = > check_sender_ns_access hash:/etc/postfix/ns_access > reject_unknown_sender_domain > > /etc/postfix/ns_access: > ups.com permit > > Wietse >
Sadly, check_sender_ns_access does not allow permit or OK. The OP will need to use check_sender_access or check_client_access. -- Noel Jones