The host is unable to resolve the domain as well.
There is a firewall, but outbound DNS is open. If I try to query the nameserver directly I get a time-out, but can see the traffic passing successfully in the firewall logs
EnglishUnable to override Domain not found
- Edited
sidkipper outbound DNS is open
port 53 UDP and TCP?
esackbauer Yes - outbound is open on both TCP and UDP
While running
dig mx national-lottery.co.uk +trace
you can see that the guys at national-lottery.co.uk seem to have fckd up their DNS servers… you can’t resolve anything using i.e. ns7.national-lottery.biz or
ns6.national-lottery.biz due to a timeout.
Maybe that’s the reason
Thanks - can I workaround it through postfix config as I was attempting to, or not possible without them fixing their DNS setup?
I would try to add the domain to your whitelist
System -> Configuration -> Global filter maps -> RegEx maps (check the box) -> Header-From: Whitelist
Add the line
/.+national-lottery\.co\.uk/i
I already have that set
Ah ok, you didn’t write that in your posts above
Sorry - I tried previously that but came to conclusion that postfix was probably taking action before rspamd.
a month later
I’ve found a way to whitelist subnet to skip this check (not domain).
I’ve set the “mynetworks” in postfix settings according 
user manual to whitelisting subnet that I trusted, but keep rspamd setting as default so I can still do some spam filtering. docs.mailcow.email
Think you’d only want to do that for networks you completely trust. Any network you add to mynetworks will be able to use your mailserver to relay/send mail. If they send spam etc it’ll completely ruin your reputation and you’ll not be able to send email anywhere.
I don’t trust the domain thats having the issue enough to want to allow them to relay email out of my server, but do want to be able to receive email destined only to my users from them.
- Edited
- Best Answerset by sidkipper
sidkipper
Did you tried removing reject_unknown_sender_domain from line 8 of master.cf?
I’ve found the problem:
1.settings in master.cf will overwrite setting in main.cf, comment out smtpd_sender_restrictions on specific service(or all of them);
2.use regexp:/opt/postfix/conf/sender_access, instead of check_sender_access regexp:/opt/postfix/conf/sender_access, otherwise postfix will report some thing like unknown smtpd restriction: "check_sender_access"
Perfect - that seemed to be working as wanted now. Many thanks!
No one is typing