> On Mar 13, 2018, at 8:54 AM, L.P.H. van Belle <be...@bazuin.nl> wrote:
>
> Feb 7 00:00:16 hostname postfix/smtpd[31726]: NOQUEUE: reject: RCPT from
> smtp1.xxxxxxxx.nl[x.xx.xxx.xx]]: 450 4.1.8 <MAILER-DAEMON@apmcsqa01.poort>:
> Sender address rejected: Domain not found;
> from=<MAILER-DAEMON@apmcsqa01.poort>
>
> about this:
> envelope-from="MAILER-DAEMON@apmcsqa01.poort"
>
> Im looking for the correct rfc where its described that the part
> @apmcsqa01.poort should be @thesendingdomain.tld
> where thesendingdomain.tld is also a resolvable domain, because not it does
> not make sence because the now mailer-daemon wil never be accepted because
> its non resolveable
In addition to not being resolvable, the envelope sender address here is also
problematic because "MAILER-DAEMON@" should only ever appear in the message
headers and NEVER as the envelope sender. The correct envelope sender for
bounces is the empty (or null) sender:
MAIL FROM:<>
not
MAIL FROM:<mailer-dae...@example.net>
Sure, some domain could in theory have an actual user mailbox named
"mailer-daemon", but that is most unlikely. It is rather clear that
the server in question is generating backscatter with a non-empty
envelope sender address, thus potentially leading to mail loops.
It is good that your server is rejecting this traffic.
Finally, it seems you may be requesting client certificates on port 25,
(incoming TLS status is "Untrusted" rather than "Anonymous") I wonder
why...
http://www.postfix.org/FORWARD_SECRECY_README.html#status
do you have "smtpd_tls_ask_ccert = yes"?
--
Viktor.
