I have been using

smtpd_relay_restrictions =
  warn_if_reject reject_unknown_client_hostname

for a long while in my configuration, where the warn_if_reject is there
because I thought that the more strict check could have blocked some
legitimate email.  This has only blocked unsolicited email so far, but
the other day I placed an order online and the confirmation email was
blocked by the first of those rules.

I solved adding an

  check_sender_access hash:/etc/postfix/sender-access

and a specific rule for the specific MAIL FROM domain, and the mail came
through at the next retry (sending server is well behaved).  Grepping
through the logs I found a few instances of seemingly legitimate mail
delivery attempts with (source and destination addresses are related to
services I use) but the sending server never retried after receiving the
first 450 answer (email delivery service identifies itself with
helo=<engage-mailer.com>). I probably don't want their emails.

The question is: am I rejecting legitimate email with those settings?  I
thought that having correct reverse DNS settings is the only way to
deliver mail to the usual suspects big email providers, and thus that
all legitimate senders would adhere to the policy.  Am I wrong in this

Thanks for sharing your wisdom.


Reply via email to