Hi all, We have a setup where we have a relay server which in turn sends all received mails through to another relay server (from a known anti-spam vendor). We use Postfix 3.4.5 on Debian 10.
The important parts about our setup: smtpd_sender_restrictions = reject_unknown_sender_domain reject_unverified_sender permit_mynetworks relayhost = [smtp.antispamcloud.com]:587 Since smtp.antispamcloud.com has a very strict sender verification process we want to reject the same mails. Hence we enabled reject_unverified_sender. It looks like our Postfix server accepts mail which has a sender www-data@hostname while smtp.antispamcloud.com reject the same mail for a specific hostname. That specific hostname (a FQDN) is behind a CloudFlare DNS proxy so I understand why smtp.antispamcloud.com can't verify the sender. What I don't understand is why Postfix accepts the mail. The hostname does not have MX records assigned (the parent domain does and the parent domain has a catch-all account). I think Postfix checks the parent domain or POstfix just connects back to the connecting mailserver to do the check (which would pass). My questions: 1. How do I debug this? 2. Does Postfix check the parent domain when doing sender verification? If yes, how do I stop that behaviour? 3. Does Postfix check the connecting mailserver when doing sender verification? If yes, how do I stop that behaviour? Thanks! -- Met vriendelijke groet, Yavuz Aydın Snel.com
