> On Mar 13, 2018, at 8:54 AM, L.P.H. van Belle <be...@bazuin.nl> wrote: > > Feb 7 00:00:16 hostname postfix/smtpd[31726]: NOQUEUE: reject: RCPT from > smtp1.xxxxxxxx.nl[x.xx.xxx.xx]]: 450 4.1.8 <MAILER-DAEMON@apmcsqa01.poort>: > Sender address rejected: Domain not found; > from=<MAILER-DAEMON@apmcsqa01.poort> > > about this: > envelope-from="MAILER-DAEMON@apmcsqa01.poort" > > Im looking for the correct rfc where its described that the part > @apmcsqa01.poort should be @thesendingdomain.tld > where thesendingdomain.tld is also a resolvable domain, because not it does > not make sence because the now mailer-daemon wil never be accepted because > its non resolveable
In addition to not being resolvable, the envelope sender address here is also problematic because "MAILER-DAEMON@" should only ever appear in the message headers and NEVER as the envelope sender. The correct envelope sender for bounces is the empty (or null) sender: MAIL FROM:<> not MAIL FROM:<mailer-dae...@example.net> Sure, some domain could in theory have an actual user mailbox named "mailer-daemon", but that is most unlikely. It is rather clear that the server in question is generating backscatter with a non-empty envelope sender address, thus potentially leading to mail loops. It is good that your server is rejecting this traffic. Finally, it seems you may be requesting client certificates on port 25, (incoming TLS status is "Untrusted" rather than "Anonymous") I wonder why... http://www.postfix.org/FORWARD_SECRECY_README.html#status do you have "smtpd_tls_ask_ccert = yes"? -- Viktor.