Hi, On Mon, Dec 21, 2015 at 12:48 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 12/21/2015 11:38 AM, Alex wrote: >> Hi, >> I have a postfix-2.10 fedora22 system and having trouble with my >> sender checks. I have a domain that is sending mail with an invalid >> hostname. The temporary solution is to add a check_sender_access >> entry, but I must be doing something wrong. >> >> Dec 21 12:30:16 mail02 postfix/smtpd[1560]: NOQUEUE: reject: RCPT from >> mailout.example.com[64.123.123.200]: 450 4.1.8 >> <u...@invalid.example.com>: Sender address rejected: Domain not found; >> from=<u...@invalid.example.com> to=<notificat...@mydomain.com> >> proto=ESMTP helo=<mailout.example.com> >> > > First, sending mail with an invalid envelope sender is a very bad idea. > > Much better to either fix the domain name or fix the sender.
Yes, absolutely. Understood. I've reiterated that to them. >> I had previously had the following: >> >> *@invalid.example.com OK > > For hash: access tables, the correct line is (assuming the default > value of parent_domain_matches_subdomains): > > invalid.example.com OK > > See the access table documentation, pattern search order section for > details. > http://www.postfix.org/access.5.html I've been confused by that man page in the past, but I'm not sure that's the problem here. I actually had that in the file already, and it just stopped working about a week ago. I just added the sender_access file to smtpd_recipient_access and now it's working: smtpd_recipient_restrictions = reject_non_fqdn_recipient, check_sender_access hash:/etc/postfix/sender_checks, reject_non_fqdn_sender, reject_unlisted_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, I can't imagine that's the right way to do it, but don't understand why recipient_restrictions is consulted and generally why it's now working with the same pattern. Thanks, Alex
