Wietse Venema wrote:
Jan P. Kessler:
1. Will check_sender_mx_access lookup an a record if there is no mx
record for a given sender domain?
It looks up MX records. As with many other Postfix features, there
is no access control on information that does not exist.
Noel Jones wrote:
If there's no MX, the sender domain's A record will be used. If
there's no A record either, then there's no lookup.
;-)
2. Is there a maximum number of mx records that will be checked by
postfix? Are there any standards requiring or recommending this? Just to
prevent trivial DoS attempts by setting up domains with hundred of mx
records.
People do occasionally set up domains with lots of records. Postfix
2.3 and later will accept DNS replies of up to 32kbytes. However,
the Postfix SMTP client will use only a limited subset of those
records.
The reason for my question is that I want to evaluate sender mx
addresses (combined with other things) in a policy daemon and I'm
looking for a reasonable number of queries to perform. Do you have any
recommendations on that?
