Reject Unknown Senders (reject_unknown_sender_domain) - Whitelist

[AechoOne1]

Good day,

we use PMG as a mail security gateway for our email systems. To improve spam filtering, we have enabled “Reject Unknown Senders.” The problem is that we receive various messages from our servers (e.g., Proxmox Backup Notification) that are sent from addresses such as servername.domain.com. Naturally, these are now being blocked because the domain is unknown. How can we whitelist these? We have a mail filter rule with the highest priority that allows our domains as well as all our IP networks. Additionally, our domain is listed as a regex under Mail Proxy => Welcome List. Unfortunately, the Postfix policy seems to take precedence over both of these. How can we resolve this?

Best regards

 

[Stoiko Ivanov]

please share the logs of such a mail being rejected.

 

[AechoOne1]

Good day,

nevermind. Domain Whitelist seems to work - my testserver sent with 2 different Domains, one whitelisted, anotherone not.

mx1 postfix/smtpd[2085161]: NOQUEUE: reject: RCPT from unknown[x.x.x.x]: 450 4.1.8 <root@servername.local>: Sender address rejected: Domain not found; from=<root@servername.local> to=<our@maildomain.com> proto=ESMTP helo=<servername.domain.com>

But one Question stays:

Can we configure the system so that IP addresses whitelisted in the MailFilter Rules can always send emails, regardless of the domain? We cannot put all our IPs in Mail Proxy => Whitelist, because the Mail Filter Rule has an Recipient.

 

[ronsrussell]

We have similar problem where we want to allow emails from specific ip addresses and/or invalid domain names / email addresses. We have placed the domain name, email address & ip address in the 'mail filter/who objects/white list' but they still get blocked with 'Client host rejected: cannot find your hostname'. This issue did not happen prior to upgrading to version 9.

 

[ivenae]

Reject unknown senders ("domain not found") or reject unknown client ("cannot find your hostname") is a postfix/postscreen feature and the decision to reject is made long before the SA filter and the Mail Filter -> Who Object -> Welcomelist.

You have to put it in a Welcomelist, which is used in postfix/postscreen.
You'll find this welcomelist in PMG via Configuration -> Mail Proxy -> Welcomelist
Adresses you put in this welcomelist will be written into /etc/postfix/senderaccess and evaluated in postfix/postscreen.

I haven’t tested whether this welcomelist will actually solve your problem, but that’s the direction you’ll need to look into further.


P.S: I generally don’t recommend enabling “reject unknown client”, because misconfigured rDNS / PTR records are relatively common—so common that you end up dealing with more hassle from whitelisting exceptions than the amount of spam it actually prevents.

"reject unknown sender" is recommended IMHO.