|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Adam Jacob Muller (lists-postfix
adam.gs)
Date: Mon Jul 23 2007 - 22:05:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jul 23, 2007, at 6:09 PM, Magnus Bäck wrote:
> On Monday, July 23, 2007 at 23:59 CEST,
> Dave McGuire <mcguireneurotica.com> wrote:
>
>> On Jul 23, 2007, at 5:26 PM, Magnus Bäck wrote:
>>
>>> Sure. A suitably placed permit_mynetworks can probably solve it,
>>> but that depends on your exact configuration.
>>
>> Thank you for responding so quickly! I've set up sender address
>> verification in the standard way:
>>
>> smtpd_sender_restrictions = hash:/etc/postfix/sender_access,
>> reject_unknown_sender_domain
>>
>> ...with "<domainname> reject_unverified_sender" lines in /etc/
>> postfix/sender_access. I've thought about this a bit more...if my
>> understanding is correct, it should be enough to simply add "<sender
>> address> OK" lines to the sender_access file. Does that sound like
>> a reasonable approach?
>
> Yes, but less reasonable than using a correct sender address in the
> first place. I don't understand why you have SAV enabled for your own
> domain in the first place. SAV is typically used on foreign domains.
>
>>> The clean solution is of course to use proper sender addresses or,
>>> if no bounces are desired at all, to use the null sender address
>>> (<>).
>>
>> I'd like to not have the sending machine (a webserver in this
>> case)
>> answer on port 25, which would seem to be a requirement for the use
>> of proper (verifiable) sender addresses.
>
> Not at all. You can specify any sender address you want. That's
> completely up to the sending application, and if you can't teach the
> application to use a sane address you could use generic rewriting
> on the webserver Postfix to rewrite the bad address into a good one.
>
> [...]
>
> --
> Magnus Bäck
> magnusdsek.lth.se
You have two problems really, neither one is that postfix is
rejecting your special local mail with invalid sender addresses.
#1) Your web forms are sending out mail with an invalid sender
address, that's a Bad Thing(tm) so fix that. It's pretty simple to do
so, with PHP mail() function, add '-f somethingvalidsomewhere.com'
as the additional_parameters value.
#2) your using sender address verification, lots of programmatically-
generated mail that you really do want is going to get bounced, or
endlessly deferred. Lets not even get into the SAV loops that have
been discussed here (I won't admit the address is valid I check
yours, and you won't until you check mine, and viola mail stops -- if
everyone used SAV, no one would ever get any mail, that's not the
definition of a scalable service).
SAV WILL reject valid mail, of all possible spam-fighting techniques
it has quite possibly the highest false-positive rate of any I have
tried, I do not in fact even enable it anymore with a warn_if_reject
(lots of RBLs I never will use are set that way, simply for
statistics gathering).
-Adam
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]