info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
whitelist an ip causing reject_unknown_sender_domain
52 views
Skip to first unread message
Peter N. Steinmetz
Oct 4, 2022, 2:48:19 PM10/4/22
to
I belong to an association which runs its owner email server and dns name servers. I am running a Ubuntu postfix email server to receive emails.
The emails from this association keep being rejected thusly:
Oct 3 19:10:24 mail postfix/smtpd[27034]: connect from unknown[204.93.193.115]
Oct 3 19:10:25 mail postfix/smtpd[27034]: NOQUEUE: reject: RCPT from unknown[204.93.193.115]: 450 4.1.8 <assoc...@vps.126association.org>:\
Sender address rejected: Domain not found; from=<assoc...@vps.126association.org> to=<redacted> proto=ESMTP helo=<unknown.scnet\
.net> Oct 3 19:10:25 mail postfix/smtpd[27034]: disconnect from unknown[204.93.193.115] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=\
I have tried to get the association to fix this, but no luck so far. I gather their other members are not complaining.
Is there a way for me to configure my postfix server to skip the reject_unknown_sender_domain for this ip and association in particular?
My main.cf presently contains:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 204.93.193.115
...
smtpd_relay_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_\
sasl_authenticated, reject_unauth_destination,check_recipient_access hash:/etc/postfix/recipient_access
So I have tried adding the specific ip to mynetworks but that does not seem to resolve the issue.
thanks,
Peter
The emails from this association keep being rejected thusly:
Oct 3 19:10:24 mail postfix/smtpd[27034]: connect from unknown[204.93.193.115]
Oct 3 19:10:25 mail postfix/smtpd[27034]: NOQUEUE: reject: RCPT from unknown[204.93.193.115]: 450 4.1.8 <assoc...@vps.126association.org>:\
Sender address rejected: Domain not found; from=<assoc...@vps.126association.org> to=<redacted> proto=ESMTP helo=<unknown.scnet\
.net> Oct 3 19:10:25 mail postfix/smtpd[27034]: disconnect from unknown[204.93.193.115] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=\
I have tried to get the association to fix this, but no luck so far. I gather their other members are not complaining.
Is there a way for me to configure my postfix server to skip the reject_unknown_sender_domain for this ip and association in particular?
My main.cf presently contains:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 204.93.193.115
...
smtpd_relay_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_\
sasl_authenticated, reject_unauth_destination,check_recipient_access hash:/etc/postfix/recipient_access
So I have tried adding the specific ip to mynetworks but that does not seem to resolve the issue.
thanks,
Peter
Peter N. Steinmetz
Nov 23, 2022, 9:38:42 PM11/23/22
to
On Tuesday, October 4, 2022 at 11:48:19 AM UTC-7, Peter N. Steinmetz wrote:
>> Is there a way for me to configure my postfix server to skip the reject_unknown_sender_domain for this ip and association in particular?
I figured this out. The basic considerations are:
>> Is there a way for me to configure my postfix server to skip the reject_unknown_sender_domain for this ip and association in particular?
Basically there are 8 restriction access lists that can apply when receiving mail. See https://www.postfix.org/SMTPD_ACCESS_README.html .
For each one which has an entry, you need to have a permit rule before any others that which allows the ip address you want whitelisted. The easy one to use is to add the ip to whitelist to the mynetworks setting and then add the permit_mynetworks rule at the start of each restriction.
All of these restrictions are empty by default, except for smtpd_relay_restrictions, which has a permit_mynetworks as the first rule. So if there are not other restrictions in place, one can simply add the address to the mynetworks setting and that should whitelist it.
One can also do this by adding a map as described for restriction in question, such as check_helo_access for the smtpd_helo_restrictions . This solution is perhaps a bit cleaner by not including outside ip in one's mynetworks setting.
0 new messages