efa-project.org

Lots of vendors we deal with (Dell, Cadence & others) are now using Salesforce for handing customer queries. Problem is that all such emails are rejected by EFA due to the fabricated domains that Salesforce use for sending emails. e.g.

Jan 4 15:34:55 efa postfix/smtpd[26850]: NOQUEUE: reject: RCPT from smtp15-ia2-sp4.mta.salesforce.com[13.110.14.222]: 450 4.1.8 <support_center=synopsys.com__0-5gk0ff1jsgxswk@0xanz4cus89st7.1u-tymiuae.na110.bnc.salesforce.com>: Sender address rejected: Domain not found; from=<support_center=synopsys.com__0-5gk0ff1jsgxswk@0xanz4cus89st7.1u-tymiuae.na110.bnc.salesforce.com> to=<john.kissane@xxx.xx> proto=ESMTP helo=<smtp15-ia2-sp4.mta.salesforce.com>

I know I could switch off this check but just wondering if it's possible to just switch it off for salesforce.com domains? We're using EFA v3, haven't upgraded as the powers that be are currently mulling over whether or not to move all our email to a Office365 so waiting for that decision to be made.

Thanks!

This looks like a problem with postfix not being able to handle the = inside the <email address>.

I do not see any options to allow you to override the reject_unknown_sender_domain postfix option inside postfix. The only alternative would be to turn off this function, but that would result in lots more spam.

After a morning reading about postfix config, I think I've a check now that lets this junk through from Salesforce but still blocks the spammers.

In main.cf I've modified:

smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access pcre:/etc/postfix/allow_salesforce_junk, reject_non_fqdn_sender, reject_unknown_sender_domain

and then I've got this:

cat /etc/postfix/allow_salesforce_junk
/.*salesforce.com$/ OK

So far it appears to be working.