Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 22931 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow/Exclude Non-Existent Domain

AndrewDorre

We have an email that is sent by one of our parent groups using a mainframe batch job. The email domain does not exist, and so it is being discarded on arrival.

Is there a way to do this without turning off the "Block mail from non-existent domains" option in the SMTP Options area? That would be way too broad and probably a huge security risk.

I'm including a screenshot of the message log, from one of the blocked emails.

And here is the "View log details" info. I removed the email addresses and IP's because they're not relevant:

2017-02-07 09:37:54 mx3 postfix/smtpd[1682]: NOQUEUE: reject: RCPT from mail-dm2gcc01on0061.outbound.protection.outlook.com[--.---.---.--]: 450 4.1.8 <-----@------.--->: Sender address rejected: Domain not found; from=<-----@---------.---> to=<-------@-----------.---> proto=ESMTP helo=<gcc01-dm2-obe.outbound.protection.outlook.com>



This thread was automatically locked due to age.
Parents
  • +1

    Unfortunately DNS is really an RFC issue.. doping mail from domains/mta's with no dns is very common with mail devices.  In this case that check box is a postfix feature.. so the connection is been dropped at connection level before any message is received.   Hence creating a policy would not work.  The feature its self is "all or nothing" and I defiantly do not recommend disabling it. 

    really there are two choices.

    #1 - add a mx/a record for the mta sending the mail so that it resolves properly. (this is the "best" solution)

    #2 - add the ip of the mta the mail to the internal mail hosts.  This will allow your notification server to "relay" mail .. the appliance will think mail coming from this host is from internal > external .. but will still work fine for you.  (so if you were to make a data control rule, it would be on the outbound tab vs the inbound) 

     

    on a side note:

    The appliance will blindly accept and relay all mail from ip's listed as "internal mail hosts" to the internet ... so adding the ip or a cidar range could be a potential issue and is why I recommend option 1

     

  • 0 in reply to Red_Warrior

    Ok, thank you for the response!

Reply Children
No Data
Unfiltered HTML