J David:
> Hello,
>
> We know that a certain IP range contains no MTA's, but hosts websites
> for a lot of domains that have no email service, i.e., those domains
> have A records in that range but no MX records at all.
One alternative is to set reject_unverified_recipient
on the MSA service.
/etc/postfix/main.cf:
mua_recipient_restrictions =
reject_unverified_recipient, permit_sasl_authenticated, ...
/etc/postfix/master.cf:
submission
....
-o smtpd_sender_restrictions=$mua_recipient_restrictions
...
Ditto for the smtps service.
This will reach out to the MX or A address and if there is no
mail service, the probe will fail. Eventually.
Alternatively, if the IP address range is known, check_sender_mx_access
will control access by MX record (or A record if the domain has no
MX record).
/etc/postfix/main.cf:
mua_sender_restrictions =
check_sender_mx_access cidr:/etc/postfix/mx_access.cidr
/etc/postfix/mx_access.cidr:
1.2.3.4/16 reject bla blah
/etc/postfix/master.cf:
submission
....
-o smtpd_sender_restrictions=$mua_sender_restrictions
...
Ditto for the smtps service.
-- Wietse
> Our Postfix server regularly receives messages over MSA where the
> sender and recipient addresses are the same, and in one of those
> domains.
>
> Because the domain has a valid A record, there's nothing wrong with
> those messages that Postfix can detect, so the messages get accepted.
> Then because there is no MTA running at that IP address, they sit in
> the outbound queue for five days, bounce, and the bounce sits in the
> outbound queue for five more days.
>
> Is there a way to:
> A) Selectively identify a message based on the IP address of the MTA
> it would be delivered to.
> B) Reject such messages in the MSA connection or, at a minimum, keep
> them from building up in the outbound queue?
>
> Thanks for any suggestions!
>
