The host is unable to resolve the domain as well.

There is a firewall, but outbound DNS is open. If I try to query the nameserver directly I get a time-out, but can see the traffic passing successfully in the firewall logs

    • esackbauer

      • Community Hero
      Moolevel 347
    • Edited

    sidkipper outbound DNS is open

    port 53 UDP and TCP?

      • DocFraggle

        • Community Hero
        Moolevel 244

      While running

      dig mx national-lottery.co.uk +trace

      you can see that the guys at national-lottery.co.uk seem to have fckd up their DNS servers… you can’t resolve anything using i.e. ns7.national-lottery.biz or
      ns6.national-lottery.biz due to a timeout.

      Maybe that’s the reason

      Thanks - can I workaround it through postfix config as I was attempting to, or not possible without them fixing their DNS setup?

      • DocFraggle

        • Community Hero
        Moolevel 244

      I would try to add the domain to your whitelist

      System -> Configuration -> Global filter maps -> RegEx maps (check the box) -> Header-From: Whitelist

      Add the line

      /.+national-lottery\.co\.uk/i

      I already have that set

      • DocFraggle

        • Community Hero
        Moolevel 244

      Ah ok, you didn’t write that in your posts above

      Sorry - I tried previously that but came to conclusion that postfix was probably taking action before rspamd.

      a month later

      Think you’d only want to do that for networks you completely trust. Any network you add to mynetworks will be able to use your mailserver to relay/send mail. If they send spam etc it’ll completely ruin your reputation and you’ll not be able to send email anywhere.

      I don’t trust the domain thats having the issue enough to want to allow them to relay email out of my server, but do want to be able to receive email destined only to my users from them.

        sidkipper
        Did you tried removing reject_unknown_sender_domain from line 8 of master.cf?
        I’ve found the problem:
        1.settings in master.cf will overwrite setting in main.cf, comment out smtpd_sender_restrictions on specific service(or all of them);
        2.use regexp:/opt/postfix/conf/sender_access, instead of check_sender_access regexp:/opt/postfix/conf/sender_access, otherwise postfix will report some thing like unknown smtpd restriction: "check_sender_access"

          Rasping6015

          Perfect - that seemed to be working as wanted now. Many thanks!

          No one is typing