|
I'm running my mailserver using a recent version of PostFix SMTP. It is configured to reject mail from sender domains which have no A or MX records by using the reject_unknown_sender_domain directive in smtpd_sender_restrictions. This directive is configured to respond with the response code configured at unknown_address_reject_code (default: 450). All these options are described at http://www.postfix.org/postconf.5.html The problem with this setup is that SendLabs Gateway does no such filtering, so it accepts mail from those invalid domains if it is directed at an existing mailbox. When it then attempts delivery, my PostFix server rejects it with "450 4.1.8 address@nonexistent.tld: Sender address rejected: Domain not found". As I understand it, it is desirable to reject this kind of message with a 550 response code to prevent subsequent delivery attempts. I could change unknown_address_reject_code to 550, but the documentation for PostFix on this option contains the warning "Do not change this unless you have a complete understanding of RFC 2821.", which, I must admit, I probably do not. Changing this directive would influence not only the reject_unknown_sender_domain, but also the reject_unknown_recipient_domain directive. My question is, is this a safe change to make, will it not have any unexpected and undesirable effects, and will it indeed stop SendLabs Gateway from attempting redelivery of these mails? And should the domain come into existence later (because of late DNS propagation), will SendLabs Gateway accept the mail, or will it reject based on the old reply? Thanks in advance. |
|
As per the RFC, 4xx series errors are transient and means that the sender should retry later. Switching to a 5xx series error code will mean that there will be no further retry. The reason for the warning in the PostFix manual will be that if you suffer a temporary DNS problem you will then reject all incoming email. If you are confident of your setup then there should be no significant risk. I would also suggest that you raise this with DynDNS and ask them to add such basic filtering to the service.
Yes, their normal support form is probably the best approach. So if I suffer a temporary DNS problem I might reject all incoming mail. I'm reasonably sure of my setup, but I checked anyway; according to http://www.postfix.org/postconf.5.html#unknown\_address\_tempfail\_action such a temporary error (which I suppose PostFix will detect, since they explicitly name DNS errors) will lead to a 450. So I think there will be no problems, based on their documentation and your answer. Thank you very much. As an aside, how would you suggest contacting DynDNS? Through their normal e-mail support form, or should feature requests follow a different route?
Jun 10 at 07:38 PM
MacGyverNL
|
