reject_unknown_sender_domain and TXT record

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

reject_unknown_sender_domain and TXT record

Brett @Google
Hello,

Recently noticed some "domain not found" errors by reject_unknown_sender_domain in sender_recipient_checks. Following up I noticed :

The domain in the From: address has a SPF record (ONLY) :

nslookup -q=ANY kent676.kent.gov.uk
kent676.kent.gov.uk     text = "v=spf1 ip4:194.80.130.18 ip4:212.219.86.147 ~all"

The ip's do match the MX's for the main domain (kent.gov.au) though.

But no A or MX records, as you might suspect (so the error is valid) :

nslookup -q=A kent676.kent.gov.uk
*** Can't find kent676.kent.gov.uk: No answer

nslookup -q=MX kent676.kent.gov.uk
*** Can't find kent676.kent.gov.uk: No answer

I guess this is just "wrong" in that there should be an A or MX record.

Are the allowed DNS record types for reject_unknown_sender_domain configurable ?

Should they be ? I guess in this case the servers generate mail only.

Cheers
Brett
Reply | Threaded
Open this post in threaded view
|

Re: reject_unknown_sender_domain and TXT record

Matus UHLAR - fantomas
On 17.08.17 14:00, Brett @Google wrote:
>Recently noticed some "domain not found" errors by
>reject_unknown_sender_domain in sender_recipient_checks. Following up I
>noticed :
>
>The domain in the From: address has a SPF record (ONLY) :
[deleted]
>I guess this is just "wrong" in that there should be an A or MX record.

precisely. The mail to kent676.kent.gov.uk is undeliverable, thus there's no
need to accept mail from the address.

>Are the allowed DNS record types for reject_unknown_sender_domain
>configurable ?
>
>Should they be ? I guess in this case the servers generate mail only.

no. if servers generate mail, their from: domain has to exist.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows.   -- Matthew D. Fuller
Reply | Threaded
Open this post in threaded view
|

Re: reject_unknown_sender_domain and TXT record

Benny Pedersen-2
Matus UHLAR - fantomas skrev den 2017-08-17 12:04:
> On 17.08.17 14:00, Brett @Google wrote:
>> Should they be ? I guess in this case the servers generate mail only.
> no. if servers generate mail, their from: domain has to exist.

mta does not care of from:

postfix only care of return-path: header

possible problems come from signing dkim with a non existense domain, if
that needs to be resolved its no key found in dns
Reply | Threaded
Open this post in threaded view
|

Re: reject_unknown_sender_domain and TXT record

Matus UHLAR - fantomas
>>On 17.08.17 14:00, Brett @Google wrote:
>>>Should they be ? I guess in this case the servers generate mail only.

>Matus UHLAR - fantomas skrev den 2017-08-17 12:04:
>>no. if servers generate mail, their from: domain has to exist.

On 17.08.17 16:27, Benny Pedersen wrote:
>mta does not care of from:

Read that as envelope from a.k.a. "mail from:" - the one visible in logs.
That one can be validated in early SMTP stages which is what I recommend to
check.

>postfix only care of return-path: header

no, it does not - see above.

>possible problems come from signing dkim with a non existense domain,
>if that needs to be resolved its no key found in dns

this is problem at completely different level.

One former poster complained about all mail from domains pointed to a
hostnames in blacklists. I encountered multiple domains pointing at the same
IP.

That's why I recommended checking that.
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson.  -- Daffy Duck & Porky Pig