Postfix reject client from domains without MX records

emailemail-serverpostfix

Machine mail.domain.com send email for domain.com through Postfix 2.11 but today reviewing mail.log file i noticed some WordPress on machines wordpress.domain.com and blog.domain.com as sending email through mail.domain.com where sender address is user@wordpress.domain.com and user@blog.domain.com. Obviously they configured WordPress to authenticate and send email to mail.domain.com.

The issue here is mail.domain.com is responsible of sending email for domain.com but not *.domain.com so the latter are not DKIM signed and obviously are not valid recipient addresses as those domains are not able to recieve email so i would like to reject clients using a from domain address which is not able to receive email like *.domain.com.

I've been looking at the docs http://www.postfix.org/postconf.5.html but i'm unable to find a neat solution. Does anyone know how can i accomplish that?

Thanks a lot

Best Answer

You can achieve it with parent_domain_matches_subdomains and smtpd_sender_restrictions. Add the following to your main.cf

#/etc/postfix/main.cf
#...
parent_domain_matches_subdomains =
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_blacklists
#...

#/etc/postfix/sender_blacklists
domain.com      OK
.domain.com     REJECT

Ref: postfix access Readme

Related Solutions

Postfix – Forcing the From Address When Relaying Over SMTP

This is how to really do it in postfix.

This config changes sender addresses from both local originated, and relayed SMTP mail traffic:

/etc/postfix/main.cf:

sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix/header_check

Rewrite envelope address from email originating from the server itself

/etc/postfix/sender_canonical_maps:

/.+/    newsender@address.com

Rewrite from address in SMTP relayed e-mail

/etc/postfix/header_check:

/From:.*/ REPLACE From: newsender@address.com

Thats very useful if you're for instance using a local relay smtp server which is used by all your multifunctionals and several applications.

If you use Office 365 SMTP server, any mail with a different sender address than the email from the authenticated user itself will simply be denied. The above config prevents this.

Linux – Postfix: Reject reject_unknown_recipient_domain and receive instant email notification

How is postfix supposed to know if the email is non existent, or the if the remote server is just unavailable (as seems to be the case with your queue stuck mail). Usually, postfix will try and send the mail, but unless it gets back a definitive answer from the remote server, usually a 550 reply (450 range ones mean temporarily unavailable), postfix has no way of determining if the email exists, or if there is some other issue which might allow the email to be delivered successfully later.

Best Answer

Related Solutions

Postfix – Forcing the From Address When Relaying Over SMTP

Linux – Postfix: Reject reject_unknown_recipient_domain and receive instant email notification

Related Topic