On Wed, 27 Jul 2016 12:50:59 PM Viktor Dukhovni wrote:
> On Tue, Jul 26, 2016 at 05:34:34PM -0700, Mike Kadin wrote:
> > help.uber.com is a CNAME to frontends.uber.com which is a CNAME to
> > frontends-sjc1.uber.com which has an MX record of mx.sendgrid.net.
> > Sendgrid is our inbound SMTP provider:
> > ...
> > help.uber.com. 60 IN CNAME frontends.uber.com.
> > frontends.uber.com. 60 IN CNAME frontends-sjc1.uber.com.
> > frontends-sjc1.uber.com. 300 IN MX 0 mx.sendgrid.net.
> > ```
> > Delivery Host: mx.sendgrid.net
> > Delivery IP: 167.89.125.4
> > Size: 39.83 KB
> > Result: 25: SMTP error from remote mail server after RCPT TO:<
> > test123@???>: 454 4.7.1 <test123@???>: Relay
> > access denied
> > ```
>
> Note that the DSN code is "4.7.1", which is:
>
> https://tools.ietf.org/html/rfc3463
>
> X.7.1 Delivery not authorized, message refused
>
> The sender is not authorized to send to the destination. This
> can be the result of per-host or per-recipient filtering. This
> memo does not discuss the merits of any such filtering, but
> provides a mechanism to report such. This is useful only as a
> permanent error.
>
> When I send a probe to <postmaster@???>, I get:
>
> Reporting-MTA: dns; mournblade.imrryr.org
> X-Postfix-Queue-ID: 23C8D284F25
> X-Postfix-Sender: rfc822; exim-users@???
> Arrival-Date: Wed, 27 Jul 2016 12:46:05 +0000 (UTC)
>
> Final-Recipient: rfc822; postmaster@???
> Original-Recipient: rfc822;postmaster@???
> Action: deliverable
> Status: 2.1.5
> Remote-MTA: dns; mx.sendgrid.net
> Diagnostic-Code: smtp; 250 2.1.5 Ok
>
> So the issue sure looks like sendgrid is blocking the sending host,
> envelope sender domain, or specific recipient address.
This is because postfix and exim differ on where the mail should be sent.
http://cr.yp.to/im/cname.html explains the problem: sendmail accepts a domain
with a CNAME record. It replaces the domain with the CNAME value before using
it in RCPT, unless it is acting as a dumb client. Similar comments apply to
qmail and other mailers.
