Ubuntu
postfix package

MX and NS Sender Access Checks - Unreliable

Bug #1883584 reported by Technical Support
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postfix (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Postfix 3.4.10-1ubuntu1
Xubuntu 20.04

smtpd_sender_restrictions = check_sender_mx_access
smtpd_sender_restrictions = check_sender_ns_access

Rules - tried hash and regexp - sometimes work, but usually not. Related to this, mail from nonexistent domains or with missing MX and/or A records usually, but not always, rejected (despite placement of reject_unknown_sender_domain or rules in check_sender_mx_access).

The same rules work as expected when applied to the A record using:

smtpd_sender_restrictions = check_sender_access

Revision history for this message
Technical Support (5-ubuntuone-ok) wrote :

Correction. . . .

Host name and IP rules that are unreliable in:

smtpd_sender_restrictions = check_sender_mx_access
smtpd_sender_restrictions = check_sender_ns_access

Appear to be reliable when used in:

smtpd_client_restrictions = check_client_access
smtpd_client_restrictions = check_reverse_client_hostname_access
smtpd_client_restrictions = check_reverse_client_hostname_a_access

Only host name rules appear to be reliable in:

smtpd_sender_restrictions = check_sender_access

IP rules applied to sender A record also appear to behave inconsistently.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thank you for taking the time to file a bug report.

Could you please provide more information on how to reproduce the problem? Something like the configuration file you're using, or a step-by-step procedure would be really helpful.

Since there is not enough information in your report to begin triage or to
differentiate between a local configuration problem and a bug in Ubuntu, I
am marking this bug as "Incomplete". We would be grateful if you would:
provide a more complete description of the problem, explain why you
believe this is a bug in Ubuntu rather than a problem specific to your
system, and then change the bug status back to "New".

For local configuration issues, you can find assistance here:
http://www.ubuntu.com/support/community

Changed in postfix (Ubuntu):
status: New → Incomplete
Revision history for this message
Technical Support (5-ubuntuone-ok) wrote :

The difficulty reproducing this problem is that the commands sometimes seem to work. I discovered it on a production server that was delivering mail it shouldn't have - though it correctly rejected other mail from the same senders.

I'll see what I can do.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for postfix (Ubuntu) because there has been no activity for 60 days.]

Changed in postfix (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.