Postfix: allow unlisted sender only for a specific IP/Application

Question

To avoid backscatter emails, on Postfix I set:

smtpd_reject_unlisted_sender = true

But this prevents the Odoo from sending some particular emails, since it uses some custom aliases as sender:

SMTPRecipientsRefused: {'myuser@mydomain.com': (550, b'5.1.0 <bounce+92-account.invoice-40@@mydomain.com>: Sender address rejected: @mydomain.com')}

How can I whitelist the Odoo server/app?

score 1 · Accepted Answer · answered Jun 29 '20 at 15:57

1

Instead of making this a global directive, place reject_unlisted_sender in smtpd_sender_restrictions (it must appear after permit_mynetworks and permit_sasl_authenticated, if you used that).

Now you can add the sender's IP address to mynetworks = to whitelist it and cause it to bypass this check.

An example from my live mail server:

smtpd_sender_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unlisted_sender,
        reject_unauthenticated_sender_login_mismatch,
        permit

answered Jun 29 '20 at 15:57

Michael Hampton

237,123
42
477
940

I spent a lot on this ... Thank you so much. – orsomannaro Jun 29 '20 at 18:53
Trying to tuning the solution I discovered that I have to set this sequence: _permit_mynetworks_, _reject_unlisted_sender_, _permit_sasl_authenticated_ otherwise, if _permit_sasl_authenticated_ precedes the other rules, I can send e-mails without adding the IP of the Odoo server to _mynetworks_. – orsomannaro Jun 29 '20 at 19:08
Well that's a policy decision you can make. I have authenticated users able to send email from any address. – Michael Hampton Jun 29 '20 at 19:11

Postfix: allow unlisted sender only for a specific IP/Application

1 Answers1