Hello,
I'm getting the following log msg for a user (u...@example.com),
Mar 26 13:22:19 bigben postfix/ps2/smtpd[32481]: NOQUEUE: reject: RCPT
from chrelay.taleo.net[68.233.76.14]: 450 4.1.8
<jpmorgan_ch...@jpmcstaffing.com>: Sender address rejected: Domain not found;
from=<jpmorgan_ch...@jpmcstaffing.com> to=<u...@example.com> proto=ESMTP
helo=<chrelay11.taleo.net>
in my Postfix 3.2 logs.
I note that JPMCStaffing.com has no legit A/MX record.
dig ANY JPMCStaffing.com
;; ANSWER SECTION:
JPMCStaffing.com. 1883 IN SOA
ns1.jpmorganchase.com. hostmaster.jpmchase.com. 478475997 10800 1800 1209600
3600
JPMCStaffing.com. 1883 IN TXT "v=spf1
include:taleo.net -all"
JPMCStaffing.com. 1883 IN NS
ns1.jpmorganchase.com.
JPMCStaffing.com. 1883 IN NS
ns05.jpmorganchase.com.
JPMCStaffing.com. 1883 IN NS
ns06.jpmorganchase.com.
JPMCStaffing.com. 1883 IN NS
ns2.jpmorganchase.com.
Since
(a) it's a legit email
(b) it's a legit sender
(c) they're too $&^$& big to be able to get anyone to respond, let
alone fix their end (Working on it ...)
I just want to whitelist past them.
My main.cf has
ps2 pass - - n - - smtpd
-o syslog_name=postfix/ps2
-o
smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination,permit
-o smtpd_proxy_filter=127.0.0.1:10001
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
my master.cf includes
smtpd_client_restrictions =
permit_mynetworks
check_client_access lmdb:/etc/postfix/client_whitelist
reject_unknown_reverse_client_hostname
reject_unauth_pipelining
smtpd_sender_restrictions =
permit_mynetworks
permit_tls_clientcerts
reject_non_fqdn_sender
reject_unknown_sender_domain
permit
and
cat /etc/postfix/client_whitelist
68.233.76.0/24 OK
68.233.76.14 OK
Iiuc, SMTPD 'MUMBLE' RESTRICTIONS get checked in this order
client, helo, sender, relay, recipient, data, or end-of-data
So I was hoping that my whitelist would prevent that reject.
Clearly, not working like I thought :-(
What do I need to configure to get Postfix/Postscreen to PASS this sender?
Bill
