1 (edited by agroshong 2016-04-20 07:14:17)

Topic: Whitelist Problems

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: CentOS release 6.7 (Final)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySql
- Web server (Apache or Nginx):    Apache
- Manage mail accounts with iRedAdmin-Pro?  (Free Version)   
- Related log if you're reporting an issue:
====

I am unable to add a email address to the whitelist, One of my customers gets there utilities bill via email, and that company uses a mailing service.


In the postfix logs I am getting the following error
===============================================
Apr 19 19:00:03 sv2 postfix/smtpd[4472]: NOQUEUE: reject: RCPT from mail4.directenergy.com[66.241.136.132]: 450 4.1.8 <bills@debpo.com>: Sender address rejected: Domain not found; from=<bills@debpo.com>


I have tried the following command to try and rectify this.
=====================================================
# python wblist_admin.py --add --whitelist 66.241.136.132 bills@debpo.com
* Establishing SQL connection.
* Manage (inbound) wblist for account: @.
* Operation: add (--add).
* wblist type: whitelist (--whitelist).
Continue? [y|N] y
* Add senders: 66.241.136.132, bills@debpo.com
* Done.

However I am still receiving the error messages after restarting the iredapd, and postfix service, as a temporary work around I removed the "reject_unknown_sender_domain" from postfix main.cf file. I would rather keep this setting and just whitelist the one email address for security reasons.

Any help is appreciated.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Whitelist Problems

agroshong wrote:

Apr 19 19:00:03 sv2 postfix/smtpd[4472]: NOQUEUE: reject: RCPT from mail4.directenergy.com[66.241.136.132]: 450 4.1.8 <bills@debpo.com>: Sender address rejected: Domain not found; from=<bills@debpo.com>

It says the sender domain name (debpo.com) is not resolvable by DNS query. The easiest and CORRECT way to fix this is asking your customer to send from a valid mail domain name. Your client will have same issue if he/she sends email to others.

3

Re: Whitelist Problems

ZhangHuangbin wrote:
agroshong wrote:

Apr 19 19:00:03 sv2 postfix/smtpd[4472]: NOQUEUE: reject: RCPT from mail4.directenergy.com[66.241.136.132]: 450 4.1.8 <bills@debpo.com>: Sender address rejected: Domain not found; from=<bills@debpo.com>

It says the sender domain name (debpo.com) is not resolvable by DNS query. The easiest and CORRECT way to fix this is asking your customer to send from a valid mail domain name. Your client will have same issue if he/she sends email to others.

I agree that that would be the best and CORRECT way to fix this, but sometimes it is not always possible to do things the correct way. In this case the billing company is not going to rework there process for one user(My Customer). Is there a way to bypass this sender check for this one domain or user?

Andrew

4

Re: Whitelist Problems

Here's solution:

*) Find in postfix config file /etc/postfix/main.cf:

smtpd_sender_restrictions =
    reject_unknown_sender_domain
    reject_non_fqdn_sender
    reject_unlisted_sender
    permit_mynetworks
    reject_sender_login_mismatch
    permit_sasl_authenticated
    check_sender_access pcre:/etc/postfix/...

*) ADD one more "check_sender_access" rule in "smtpd_sender_restrictions =" like this:

smtpd_sender_restrictions =
    check_sender_access pcre:/etc/postfix/whitelist_invalid_domains
    reject_unknown_sender_domain
    ...

*) Create file /etc/postfix/whitelist_invalid_domains with content:

debpo.com OK

*) Reload (or restart) postfix service.

let me know whether or not it works for you.

Note: the restriction rule "reject_unknown_sender_domain" causes this "issue", but it's not recommended to remove it, because it helps reject spams from other invalid domain names.

5

Re: Whitelist Problems

ZhangHuangbin wrote:

Here's solution:

*) Find in postfix config file /etc/postfix/main.cf:

smtpd_sender_restrictions =
    reject_unknown_sender_domain
    reject_non_fqdn_sender
    reject_unlisted_sender
    permit_mynetworks
    reject_sender_login_mismatch
    permit_sasl_authenticated
    check_sender_access pcre:/etc/postfix/...

*) ADD one more "check_sender_access" rule in "smtpd_sender_restrictions =" like this:

smtpd_sender_restrictions =
    check_sender_access pcre:/etc/postfix/whitelist_invalid_domains
    reject_unknown_sender_domain
    ...

*) Create file /etc/postfix/whitelist_invalid_domains with content:

debpo.com OK

*) Reload (or restart) postfix service.

let me know whether or not it works for you.

Note: the restriction rule "reject_unknown_sender_domain" causes this "issue", but it's not recommended to remove it, because it helps reject spams from other invalid domain names.


Thank you, I have made the changes you suggested.  Unfortunately I will need to wait until next month to see if it works sad

6

Re: Whitelist Problems

agroshong wrote:

Thank you, I have made the changes you suggested.  Unfortunately I will need to wait until next month to see if it works

You can try to add other domains for testing purpose, then send email from the testing domains to verify whether or not it works for you.

WARNING: As mentioned in my previous reply, this "check_sender_access" should not be used as normal whitelisting.

7

Re: Whitelist Problems

ZhangHuangbin wrote:
agroshong wrote:

Thank you, I have made the changes you suggested.  Unfortunately I will need to wait until next month to see if it works

You can try to add other domains for testing purpose, then send email from the testing domains to verify whether or not it works for you.

WARNING: As mentioned in my previous reply, this "check_sender_access" should not be used as normal whitelisting.

I completely agree that this is a special case, and will not be used as the norm. I can confirm through testing that this did work with a small modification to your instructions

I modified the postfix main.cf as below to add the ".pcre"

smtpd_sender_restrictions =
    check_sender_access pcre:/etc/postfix/whitelist_invalid_domains.pcre
    reject_unknown_sender_domain

The check_sender_access pcre:/etc/postfix/whitelist_invalid_domain.pcre had the following content

/debpo.com/ OK

I believe this topic can be marked as resolved.