On 2022-04-21 at 18:31:56 UTC-0400 (Thu, 21 Apr 2022 18:31:56 -0400)
Ian Evans <[email protected]>
is rumored to have said:
[...]
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/valid_senders,
reject_unknown_sender_domain
So, you're already set up for exempting senders listed in
/etc/postfix/valid_senders mapped to PERMIT. So if you needed to exempt
someone, you would just need to add an entry there.
Noel's suggestion of doing it by client IP (check_client_access) is
arguably a better choice, as the gap that opens would be much harder for
miscreants to sneak through.
[...]
As the world loves a good joke, the email just came through. Could it
have
initially been postscreen?
No. If it were, the log line would be written by a postscreen process,
not postfix/smtpd
The bounce:
Apr 21 14:54:12 carson postfix/smtpd[15379]: NOQUEUE: reject: RCPT
from
unknown[167.89.45.252]: 450 4.1.8 <bounces+919631-7aff-ianevans=
[email protected]>: Sender address rejected: Domain not
found;
from=bounces+919631-7aff-ianevans=digitalhit....@email.screener.ly
[email protected] proto=ESMTP helo=<o1.email.screener.ly>
The fact that this is a temporary failure (450) instead of an outright
rejection (550) indicates that the DNS failure was possibly temporary,
i.e. a DNS query timeout or SERVFAIL reply, and Postfix recognizes that
distinction. The sender domain couldn't be resolved then and there, but
it resolves for me here now and presumably resolved for your Postfix
machine when the message was retried successfully.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
