selective 550 Reject for missing sender PTRs?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

selective 550 Reject for missing sender PTRs?

PGNet Dev
I've got a legitimate sender, FedEx, sending expected, automated emails, that's got a missing RDNS PTR record on their sending host.  For my config, Postfix currently rejects is with a 450:

        Apr  1 16:22:11 mx postfix/postscreen-internal/smtpd[4947]: NOQUEUE: reject: RCPT from pvma00055.prod.fedex.com[204.135.8.96]: 450 4.1.8 <prvs=799449d577=[hidden email]>: Sender address rejected: Domain not found; from=<prvs=799449d577=[hidden email]> to=<[hidden email]> proto=ESMTP helo=<mx26.infosec.fedex.com>

I'd like to reject instead with a 550 (or whatever's the appropriate, but 'permanent' smtp code) -- but _only_ for FedEx servers in their '*.prod.cloud.fedex.com' subdomains; other errant senders/domains should still use the 450 default.

I know it's possible; what's the recommended approach here?
A map of some sort, I'm guessing -- what's the correct restriction to use, and syntax for spec'ing the 550 usage?
Reply | Threaded
Open this post in threaded view
|

Re: selective 550 Reject for missing sender PTRs?

Wietse Venema
PGNet Dev:
> I've got a legitimate sender, FedEx, sending expected, automated emails, that's got a missing RDNS PTR record on their sending host.  For my config, Postfix currently rejects is with a 450:
>
> Apr  1 16:22:11 mx postfix/postscreen-internal/smtpd[4947]: NOQUEUE: reject: RCPT from pvma00055.prod.fedex.com[204.135.8.96]: 450 4.1.8 <prvs=799449d577=[hidden email]>: Sender address rejected: Domain not found; from=<prvs=799449d577=[hidden email]> to=<[hidden email]> proto=ESMTP helo=<mx26.infosec.fedex.com>
>
> I'd like to reject instead with a 550 (or whatever's the appropriate, but 'permanent' smtp code) -- but _only_ for FedEx servers in their '*.prod.cloud.fedex.com' subdomains; other errant senders/domains should still use the 450 default.
>
> I know it's possible; what's the recommended approach here?
> A map of some sort, I'm guessing -- what's the correct restriction to use, and syntax for spec'ing the 550 usage?
>

smtpd_mumble_restrictions =
... reject_unauth_destination inline:{fedex.com=OK} reject_unknown_sender_domain ...

        Wietse