Postfix ignoring order of smtpd_recipient_restrictions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Postfix ignoring order of smtpd_recipient_restrictions

Darren Share

Hi,

I've posted this as a serverfault question but had no bites so far.

I am receiving about 50 rejected emails per day because there is a typo in the sending email address and it's hitting reject_unknown_sender_domain:

Jul 10 12:21:31 serverb3 postfix/smtpd[6647]: NOQUEUE: reject: RCPT from smtp.correctly-spelt-domain.co.uk[X.X.X.X]: 450 4.1.8 <[hidden email]>: Sender address rejected: Domain not found; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<smtp.correctly-spelt-domain.co.uk>

I've added [hidden email] OK to /etc/postfix/sender_access, ran postmap /etc/postfix/sender_access and restarted postfix.

Despite check_sender_access hash:/etc/postfix/sender_access appearing in my smtpd_recipient_restrictions list before reject_unknown_sender_domain the emails are still being rejected for that reason. Why is this and how can I fix it?

Postfix v2.11.3

Output of postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
disable_vrfy_command = yes
home_mailbox = Mail/
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
message_size_limit = 20480000
mydestination = b3.localdomain, localhost.localdomain, localhost, /etc/postfix/bubbadomains, $myhostname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
recipient_delimiter = +
relayhost = smtp.gmail.com
sender_bcc_maps = hash:/etc/postfix/sender_bcc
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks check_sender_access hash:/etc/postfix/sender_access reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain reject_rbl_client bl.spamcop.net reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net permit
smtpd_reject_unlisted_sender = yes
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain check_sender_access hash:/etc/postfix/sender_access reject_rbl_client bl.spamcop.net reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net permit
smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550

PS. I have also tried to address the root cause by contacting the owners of the domain in question and informing them. I am not holding my breath they will fix it.

Thanks.

Darren.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix ignoring order of smtpd_recipient_restrictions

Alex JOST-2
Am 11.07.2017 um 17:21 schrieb Darren Share:

> Hi,
>
> I've posted this as a serverfault [1]question but had no bites so far.
>
> I am receiving about 50 rejected emails per day because there is a typo
> in the sending email address and it's hitting
> reject_unknown_sender_domain:
>
> Jul 10 12:21:31 serverb3 postfix/smtpd[6647]: NOQUEUE: reject: RCPT from
> smtp.correctly-spelt-domain.co.uk[X.X.X.X]: 450 4.1.8
> <[hidden email]>: Sender address rejected: Domain not
> found; from=<[hidden email]> to=<[hidden email]>
> proto=ESMTP helo=<smtp.correctly-spelt-domain.co.uk>
>
> I've added [hidden email] OK to /etc/postfix/sender_access,
> ran postmap /etc/postfix/sender_access and restarted postfix.
>
> Despite check_sender_access hash:/etc/postfix/sender_access appearing in
> my smtpd_recipient_restrictions list before reject_unknown_sender_domain
> the emails are still being rejected for that reason. Why is this and how
> can I fix it?
>
> Postfix v2.11.3
>
> Output of postconf -n:

> smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
> reject_unauth_pipelining reject_invalid_hostname reject_non_fqdn_sender
> reject_unknown_sender_domain reject_non_fqdn_recipient
> reject_unknown_recipient_domain check_sender_access
> hash:/etc/postfix/sender_access reject_rbl_client bl.spamcop.net
> reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net
> permit

You have 'reject_unknown_sender_domain' in 'smtpd_relay_restrictions'
which is evaluated before 'smtpd_recipient_restrictions'. Note that the
reject is delayed until RCPT TO.

http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
http://www.postfix.org/postconf.5.html#smtpd_delay_reject

--
Alex JOST
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix ignoring order of smtpd_recipient_restrictions

Darren Share

Thanks! I will try to reorganise that grouping as well.

 


On 11/07/2017 16:38, Alex JOST wrote:

Am 11.07.2017 um 17:21 schrieb Darren Share:
Hi,

I've posted this as a serverfault [1]question but had no bites so far.

I am receiving about 50 rejected emails per day because there is a typo
in the sending email address and it's hitting
reject_unknown_sender_domain:

Jul 10 12:21:31 serverb3 postfix/smtpd[6647]: NOQUEUE: reject: RCPT from
smtp.correctly-spelt-domain.co.uk[X.X.X.X]: 450 4.1.8
<[hidden email]>: Sender address rejected: Domain not
found; from=<[hidden email]> to=<[hidden email]>
proto=ESMTP helo=<smtp.correctly-spelt-domain.co.uk>

I've added [hidden email] OK to /etc/postfix/sender_access,
ran postmap /etc/postfix/sender_access and restarted postfix.

Despite check_sender_access hash:/etc/postfix/sender_access appearing in
my smtpd_recipient_restrictions list before reject_unknown_sender_domain
the emails are still being rejected for that reason. Why is this and how
can I fix it?

Postfix v2.11.3

Output of postconf -n:

smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
reject_unauth_pipelining reject_invalid_hostname reject_non_fqdn_sender
reject_unknown_sender_domain reject_non_fqdn_recipient
reject_unknown_recipient_domain check_sender_access
hash:/etc/postfix/sender_access reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net
permit

You have 'reject_unknown_sender_domain' in 'smtpd_relay_restrictions' which is evaluated before 'smtpd_recipient_restrictions'. Note that the reject is delayed until RCPT TO.

http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
http://www.postfix.org/postconf.5.html#smtpd_delay_reject
Loading...