RE: Undefined MX record for a sender domain
Thank you Mark, > On 16/02/2012 16:07, Scappatura Rocco wrote: > > >> > >> What do your logs say when your server tries to deliver the DSN? > > > > status=deferred (connect to domain.tld[xxx.yyy.uuu.vvv]:25: Connection > timed out) > > Which proves that the problem is not lack of DNS, since your server is > finding an IP address to deliver to. > > Your customer has probably got some kind of misconfiguration, but that > isn't really your problem. > It's ok for the case above, but in a case like the following: ;; QUESTION SECTION: ;cubemaxltd.com.IN MX and ;; QUESTION SECTION: ;cubemaxltd.com.IN A Where: Feb 27 04:05:19 av10 postfix/smtpd[23776]: 9B82034051: client=cubemaxltd.cubemaxltd.com[174.142.214.20], sasl_method=login, sasl_username=catia_rimondi_vantigroup_it Feb 27 04:05:20 av10 postfix/cleanup[23801]: 9B82034051: message-id=<00b801ccf4fc$95427c00$01000...@cubemaxltd.cubemaxltd.com> Feb 27 04:05:20 av10 postfix/qmgr[13455]: 9B82034051: from=, size=772, nrcpt=1 (queue active) Feb 27 04:05:20 av10 postfix/smtp[23811]: 9B82034051: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1, delays=0.61/0/0/0.44, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=22526-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6D35334052) Feb 27 04:05:20 av10 postfix/qmgr[13455]: 9B82034051: removed . . . Feb 27 04:05:20 av10 postfix/cleanup[23557]: 6D35334052: message-id=<00b801ccf4fc$95427c00$01000...@cubemaxltd.cubemaxltd.com> Feb 27 04:05:20 av10 postfix/qmgr[13455]: 6D35334052: from=, size=1218, nrcpt=1 (queue active) Feb 27 04:05:20 av10 amavis[22526]: (22526-10) Passed CLEAN, [174.142.214.20] [174.142.214.20] -> , Message-ID: <00b801ccf4fc$95427c00$01000...@cubemaxltd.cubemaxltd.com>, mail_id: t-ukdRvE+xFZ, Hits: 3.139, size: 772, queued_as: 6D35334052, 419 ms . . . Feb 29 02:50:50 av10 postfix/qmgr[13455]: 6D35334052: from=, size=1218, nrcpt=1 (queue active) Feb 29 02:50:54 av10 postfix/smtp[8288]: 6D35334052: host mail1.qlc.co.in[213.175.201.46] said: 450 4.1.8 : Sender address rejected: Domain not found (in reply to RCPT TO command) Feb 29 02:50:58 av10 postfix/smtp[8288]: 6D35334052: to=, relay=mail2.qlc.co.in[213.175.201.46]:25, delay=168338, delays=168330/0.03/4.5/3.3, dsn=4.1.8, status=deferred (host mail2.qlc.co.in[213.175.201.46] said: 450 4.1.8 : Sender address rejected: Domain not found (in reply to RCPT TO command)) My server should have to reject the message, whereas - as you can see - it is accepted and sent to the destination mail host. I think that there is a trouble in my my recipient restriction configuration: permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unlisted_sender reject_unlisted_recipient reject_unknown_sender_domain reject_invalid_hostname reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net Maybe should I put: reject_unknown_sender_domain before: permit_sasl_authenticated ? And if so, is there an way to do so all messages in deferred queue will be reject in they have not a valid sender domain? Regards, rocsca
Re: Undefined MX record for a sender domain
On 16/02/2012 16:07, Scappatura Rocco wrote: What do your logs say when your server tries to deliver the DSN? status=deferred (connect to domain.tld[xxx.yyy.uuu.vvv]:25: Connection timed out) Which proves that the problem is not lack of DNS, since your server is finding an IP address to deliver to. Your customer has probably got some kind of misconfiguration, but that isn't really your problem. Mark -- Sent from my Babbage Difference Engine 2 http://mark.goodge.co.uk
RE: Undefined MX record for a sender domain
> On 16/02/2012 15:26, Scappatura Rocco wrote: > >> Scappatura Rocco: > >>> I would like that sender domain names for which is not > >>> configured any MX record are not relayed from my MTA. I have > >>> tried to use the > >> > >> That would be a mistake. There is no RFC REQUIREMENT that a domain > >> has an MX record. > >> > > > > I have no doubt about the correctness of what you stated above, but > > whenever a customer of mine sends a message through my MTA, > > specifying a sender with a domain that has not a valid sender (and, > > in particular, a domain sender with no MX defined and the message for > > some reason is not delivered), I receive a DSN for the customer that > > remain in deferred queue, just because it is destined to a recipient > > for which the domain has no MX defined. :-( > > For that to happen, the sending domain must be missing not only MX > records but also A records. In which case, > 'reject_unknown_sender_domain' will block it. Ah ok.. > If you have reject_unknown_sender_domain already configured and that > isn't blocking the mail, then missing MX records are not the reason why > you are unable to deliver the DSN to your customer. > > What do your logs say when your server tries to deliver the DSN? status=deferred (connect to domain.tld[xxx.yyy.uuu.vvv]:25: Connection timed out) > Mark rocsca
Re: Undefined MX record for a sender domain
On 16/02/2012 15:26, Scappatura Rocco wrote: Scappatura Rocco: I would like that sender domain names for which is not configured any MX record are not relayed from my MTA. I have tried to use the That would be a mistake. There is no RFC REQUIREMENT that a domain has an MX record. I have no doubt about the correctness of what you stated above, but whenever a customer of mine sends a message through my MTA, specifying a sender with a domain that has not a valid sender (and, in particular, a domain sender with no MX defined and the message for some reason is not delivered), I receive a DSN for the customer that remain in deferred queue, just because it is destined to a recipient for which the domain has no MX defined. :-( For that to happen, the sending domain must be missing not only MX records but also A records. In which case, 'reject_unknown_sender_domain' will block it. If you have reject_unknown_sender_domain already configured and that isn't blocking the mail, then missing MX records are not the reason why you are unable to deliver the DSN to your customer. What do your logs say when your server tries to deliver the DSN? Mark -- Sent from my Babbage Difference Engine 2 http://mark.goodge.co.uk
Re: Undefined MX record for a sender domain
On Thu, Feb 16, 2012 at 04:26:58PM +0100, Scappatura Rocco wrote: > > Scappatura Rocco: > > > I would like that sender domain names for which is not configured > > > any MX record are not relayed from my MTA. I have tried to use the > > > > That would be a mistake. There is no RFC REQUIREMENT that a > > domain has an MX record. > > I have no doubt about the correctness of what you stated above, ... > However, if no MX record exists, an "A" record MUST exist (some day an "" may also be sufficient, for now most MTAs don't do IPv6). -- Viktor.
RE: Undefined MX record for a sender domain
> Scappatura Rocco: > > I would like that sender domain names for which is not configured > > any MX record are not relayed from my MTA. I have tried to use the > > That would be a mistake. There is no RFC REQUIREMENT that a > domain has an MX record. > I have no doubt about the correctness of what you stated above, but whenever a customer of mine sends a message through my MTA, specifying a sender with a domain that has not a valid sender (and, in particular, a domain sender with no MX defined and the message for some reason is not delivered), I receive a DSN for the customer that remain in deferred queue, just because it is destined to a recipient for which the domain has no MX defined. :-( What it could be the solution? Thanks in advance, rocsca
Re: Undefined MX record for a sender domain
On 16/02/2012 14:35, Scappatura Rocco wrote: I would like that sender domain names for which is not configured any MX record are not relayed from my MTA. Why? MX records are not required for receiving mail. Nor are they required for sending mail. So there is no reason to reject mail which lacks them. Also, a lot of entirely legitimate messages will have the sender domain set to something like 'mail.example.com', but there will only be MX records for 'example.com'. Rejecting on lack of senderMX will, therefore, cause you to lose all of these. I saw also the restriction 'reject_unverified_sender' that it could be worth. Could some one explain me better the difference between the two restrictions? 'reject_unverified_sender' uses sender address verification (SAV) to attempt to check that the sending address will itself receive mail. This is not a reliable check, since some servers won't reject at RCPT TO time but instead defer rejection until the end of the DATA phase. Also, excessive use of SAV is itself considered abusive (since it's a form of backscatter), and will get your mail server blocked by many other mail servers (including Hotmail). If you are considering using sender verification, you should read the online documentation and only use it if you fully understand what you are doing and the potential consequences: http://www.postfix.org/ADDRESS_VERIFICATION_README.html and Mark -- Sent from my Babbage Difference Engine 2 http://mark.goodge.co.uk
Re: Undefined MX record for a sender domain
Scappatura Rocco: > I would like that sender domain names for which is not configured > any MX record are not relayed from my MTA. I have tried to use the That would be a mistake. There is no RFC REQUIREMENT that a domain has an MX record. Wietse