So I have the following lines in main.cf:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unknown_reverse_client_hostname
check_helo_access regexp:/etc/postfix/helo_checks
check_sender_mx_access cidr:/etc/postfix/bogus_mx
reject_rbl_client zen.spamhaus.org
permit
I hope that block is OK.
However, this post is about the 'check_sender_mx_access' line.
Contents of 'bogus_mx':
# bogus networks
0.0.0.0/8 550 Mail server in broadcast network
10.0.0.0/8 550 No route to your RFC 1918 network
127.0.0.0/8 550 Mail server in loopback network
224.0.0.0/4 550 Mail server in class D multicast network
192.168.0.0/16 550 No route to your RFC 1918 network
Now I see in my logs:
postfix/smtpd[10896]: connect from toq1-srv.bellnexxia.net[209.226.175.120]
postfix/smtpd[10896]: NOQUEUE: reject: RCPT from
toq1-srv.bellnexxia.net[209.226.175.120]: 550 5.7.1
<[EMAIL PROTECTED]>: Sender address rejected: Mail server in loopback
network; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
helo=<toq1-srv.bellnexxia.net>
postfix/smtpd[10896]: disconnect from toq1-srv.bellnexxia.net[209.226.175.120]
postfix/smtpd[10896]: connect from toq1-srv.bellnexxia.net[209.226.175.120]
postfix/smtpd[10896]: 0CA7F20EEE15:
client=toq1-srv.bellnexxia.net[209.226.175.120]
postfix/cleanup[4433]: 0CA7F20EEE15:
message-id=<[EMAIL PROTECTED]>
So here we have a user sending mail to another user in the same
domain. It makes sense that the mailserver uses its loopback address.
I just thought that what I'm doing is standard but obviously it
breaks in such a common scenario. Comments?
/juan
