Oops, knew I forgot something, Noel. This is a (soft) bounce for a recipient that does exist on the destination system, but not on the postfix system, as the following telnet shows:
Mar 22 22:32:32 miniserv postfix/smtpd[70673]: NOQUEUE: reject: RCPT from pmta1.delivery8.ore.mailhop.org[54.191.158.99]: 450 4.1.1 <t...@pointyears.net>: Recipient address rejected: User unknown in local recipient table; from=<rze...@gmail.com> to=<t...@pointyears.net> proto=ESMTP helo=<pmta1.delivery8.ore.mailhop.org> ******** $ telnet 192.168.1.5 587 Trying 192.168.1.5... Connected to 192.168.1.5. Escape character is '^]'. 220 nw6.pointyears.net ehlo gmail.com 250-nw6.pointyears.net 250-AUTH LOGIN 250-8BITMIME 250-SIZE 250-DSN 250 STARTTLS mail from:<rze...@gmail.com> 250 Ok rcpt to:<t...@pointyears.net> 250 Ok Data 354 Enter mail, end with "." on a line by itself This will be accepted. . 250 Ok This is accepted. ********* This is a successful delivery: Mar 22 22:55:23 miniserv postfix/smtpd[71355]: connect from pmta1.delivery7.ore.mailhop.org[54.186.27.61] Mar 22 22:55:24 miniserv postfix/smtpd[71355]: Anonymous TLS connection established from pmta1.delivery7.ore.mailhop.org[54.186.27.61]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Mar 22 22:55:24 miniserv postfix/smtpd[71355]: 8BA43278ED90: client=pmta1.delivery7.ore.mailhop.org[54.186.27.61] Mar 22 22:55:24 miniserv postfix/cleanup[71361]: 8BA43278ED90: message-id=<CAN1dBq075WKYYv7f5U4+wGY+Yby-3Ng=xmgpgx-ni8ereyw...@mail.gmail.com> Mar 22 22:55:24 miniserv postfix/qmgr[68145]: 8BA43278ED90: from=<rze...@gmail.com>, size=2582, nrcpt=1 (queue active) Mar 22 22:55:24 miniserv postfix/smtpd[71355]: disconnect from pmta1.delivery7.ore.mailhop.org[54.186.27.61] Mar 22 22:55:25 miniserv postfix/smtpd[71365]: connect from localhost[127.0.0.1] Mar 22 22:55:25 miniserv postfix/smtpd[71365]: 48C83278ED96: client=localhost[127.0.0.1] Mar 22 22:55:25 miniserv postfix/cleanup[71361]: 48C83278ED96: message-id=<CAN1dBq075WKYYv7f5U4+wGY+Yby-3Ng=xmgpgx-ni8ereyw...@mail.gmail.com> Mar 22 22:55:25 miniserv postfix/smtpd[71365]: disconnect from localhost[127.0.0.1] Mar 22 22:55:25 miniserv postfix/qmgr[68145]: 48C83278ED96: from=<rze...@gmail.com>, size=3046, nrcpt=1 (queue active) Mar 22 22:55:25 miniserv postfix/smtp[71362]: 8BA43278ED90: to=<rze...@pointyears.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.92, delays=0.5/0.09/0/0.33, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 48C83278ED96) Mar 22 22:55:25 miniserv postfix/qmgr[68145]: 8BA43278ED90: removed Mar 22 22:55:25 miniserv postfix/smtp[71366]: Untrusted TLS connection established to 192.168.1.5[192.168.1.5]:587: TLSv1 with cipher AES256-SHA (256/256 bits) Mar 22 22:55:25 miniserv postfix/smtp[71366]: 48C83278ED96: to=<rze...@pointyears.net>, relay=192.168.1.5[192.168.1.5]:587, delay=0.59, delays=0.01/0.03/0.54/0, dsn=2.0.0, status=sent (250 Ok) Mar 22 22:55:25 miniserv postfix/qmgr[68145]: 48C83278ED96: removed On Tue, Mar 22, 2016 at 10:17 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 3/22/2016 8:54 PM, Rick Zeman wrote: >> OS X Postfix system rebuilt as a relay with no local mailboxes, but >> we're not passing inbound mail to the final destination except for the >> few people who have local accounts on the postfix server. Soft bounce >> is on....luckily (great safety net, Wietse). I have something that's >> negating reject_unverified_recipient and I don't see what it is. Can >> another set of eyes help? Thanks! >> > > What do you mean by negating? Do you have postfix logs (NOT debug > logs) demonstrating the unexpected behavior? > > >> mydestination = > > No local domains. OK. > >> mydomain = pointyears.net >> myhostname = miniserv.pointyears.net >> mynetworks = 127.0.0.0/8, [::1]/128 , 192.168.1.0/24 > >> relay_domains = pointyears.net pointyears.org > > relay_domains with no relay_recipient_maps, so any user should be > accepted, subject to later reject_unverified_recipient. > >> relayhost = smtp.comcast.net:587 >> smtp_generic_maps = regexp:/Library/Server/Mail/Config/postfix/generic.regexp > >> smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated >> permit > > The above is basically a no-op; permit anything. That's OK, you can > simplify by removing the line. > >> smtpd_recipient_restrictions = permit_sasl_authenticated >> permit_mynetworks reject_unauth_destination >> reject_unverified_recipient > > This looks reasonable. Addresses to a domain handled by postfix > will trigger a recipient probe, unless from mynetworks or SASL AUTH. > You testing from inside your network? > > >> soft_bounce = yes > > And any reject will be turned into a 4xx defer. > >> >> transport: >> pointyears.net smtp:[192.168.1.5]:587 >> pointyears.org smtp:[192.168.1.5]:587 >> > > > So what problem are you having? > > > > > -- Noel Jones
