The Saturday 2004-11-27 at 18:48 -0500, Ken Schneider wrote:
Perhaps the problem could be that postfix is not checking the sender address for existence :-?
That would be:
smtpd_sender_restrictions = hash:/etc/postfix/access,reject_unknown_sender_domain
But that would cause a dns check for every mail, I suppose. What about reject_non_fqdn_sender?
I believe it would but the side effect would be rejecting email from people using dyndns sites wouldn't it? I mean a reverse lookup would not show the registered domain the same as the dyn domain.
Eummm... good question. :-? I believe reject_unknown_sender_domain shouldn't do a reverse check, but a direct one. For example, if I send as "noname@doesnotexist.com", postfix should do a query, like the command "host doesnotexist.com". If it comes out as non existing, the domain was invented, not real. I think dyndns should work, because the name should resolve. The postfix doc says: | reject_unknown_sender_domain | Reject the request when the sender mail address has no DNS A or MX | record. The unknown_address_reject_code parameter specifies the | response code for rejected requests (default: 450). The response is | always 450 in case of a temporary DNS error. | It should work, but there would be a delay, I use a modem... and this list is high traffic. At least, I think it only checks the envelope from, and that one is suse.com. Also, I'm not sure what would happen if the dns server fails. Is 450 a temporary or a definitive error? Thus, I'm considering 'reject_non_fqdn_sender' instead - as a matter of fact, I have it enabled right now: I'm waiting for a "mixmail" mail to see if it gets rejected or not. | reject_non_fqdn_sender | Reject the request when the address in the client MAIL FROM command | is not in fully-qualified domain form. The non_fqdn_reject_code | specifies the response code to rejected requests (default: 504). -- Cheers, Carlos Robinson