Bounce a particular recipient address with specified reject message
Greetings: I have what I expect is a simple question for you guys. Thanks to Ralphs book and the help here I have a many-year stable postfix configuration, love it, don't mess with it. I have a very small hobby-based mailing list I maintain manually in Outlook. Although all maillist messages I send out include a footer asking the recipients to not reply to that maillist messages, the users will reply to the maillist messages occasionally and I would prefer they only reply to my other addresses. I can change the reply to address in Outlook to an invalid one, and it will reject it back to the sender with "not in virtual user table" but I don't wan that bounce message for this particular case. Instead, I would like to setup postfix so it has a more friendly reject for mail sent to (via replys to my messages) "maill...@mydomain.com" with a particular reject message that instructs the user on what address(es) to use to better contact me. Something similar to : 550 reject The email address maill...@mydomain.com does not accept inbound mail. Please use one of these addresses for contacting us: maillist unsubsubscribe: rem...@mydomain.com, support issues: supp...@mydomain.com, other i...@mydomain.com, etc. I thought maybe adding the address maill...@mydomain.com to the recipient_checks.pcre? But I don't know how to write the re if that's the right place to do this. Can someone help and tell me where is the best place to set this up? Thanks as always, Scott postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipient mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 483886080 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 10485760 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = companypostoffice.com myhostname = tn1.companypostoffice.com mynetworks = localhost,$localdomain, xx.xx.xx.xx/32, xx.xx.xx.xx/32 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = differentdomain.com relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_limit = 1500 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_mx_access hash:/etc/postfix/mx_access, check_sender_mx_access hash:/etc/postfix/mx_access, reject_unknown_sender_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual_users
Re: Bounce a particular recipient address with specified reject message
On Tue, 24 Nov 2009, techlist06 wrote: > I would like to setup postfix so it has a more friendly reject for > mail sent to (via replys to my messages) "maill...@mydomain.com" with > a particular reject message that instructs the user on what > address(es) to use to better contact me. Something similar to : > > 550 reject The email address maill...@mydomain.com does not accept inbound > mail. Please use one of these addresses for contacting us: maillist > unsubsubscribe: rem...@mydomain.com, support issues: supp...@mydomain.com, > other i...@mydomain.com, etc. > > Can someone help and tell me where is the best place to set this up? Use an access(5) or transport(5) map: http://www.postfix.org/access.5.html http://www.postfix.org/transport.5.html -- Sahil Tandon
RE: Bounce a particular recipient address with specified reject message
Sahil, et.al: >Use an access(5) or transport(5) map: It appears that using an access map would best meet my need. I do not currently use an access map. Can you/anyone assist me with the proper placement of check_client_access hash:/etc/postfix/access in my setup? I don't want to screw up my restrictions which otherwise work properly. I *think* putting it last, after my greylisting line (see comment in postconf output below) would be appropriate. I think I'd want them to pass all other spam checks before rejecting semi-legitimate mail to this particular address with my specific reject message. Thanks, Scott postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipient mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 483886080 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 10485760 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = companypostoffice.com myhostname = tn1.companypostoffice.com mynetworks = localhost,$localdomain, xx.xx.xx.xx/32, xx.xx.xx.xx/32 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = differentdomain.com relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_limit = 1500 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_mx_access hash:/etc/postfix/mx_access, check_sender_mx_access hash:/etc/postfix/mx_access, reject_unknown_sender_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit ## access map check here ?? smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual_users
RE: Bounce a particular recipient address with specified reject message
I tried to setup an access map and reject a specific user. But the mails to that user are not rejected. I tried adding the access map in a few different places in the configuration, so far none worked. It shows up in the smtpd_recipient_restrictions line below. Can anyone see what I did wrong?: My access map file has: mailli...@mydomain.com 550 REJECT The corresponding access.db file is built and fresh But mails to mailli...@mydomain.com get through without issue. postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipient mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = xxx mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = x mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = companypostoffice.com myhostname = tn1.companypostoffice.com mynetworks = localhost,$localdomain, xx.xx.xx.xx/32, xx.xx.xx.xx/32 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = differentdomain.com relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_limit = 1500 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_mx_access hash:/etc/postfix/mx_access, check_sender_mx_access hash:/etc/postfix/mx_access, reject_unknown_sender_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, check_client_access hash:/etc/postfix/access reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual_users >-Original Message- >From: owner-postfix-us...@postfix.org >[mailto:owner-postfix-us...@postfix.org] On Behalf Of techlist06 >Sent: Tuesday, November 24, 2009 8:14 AM >To: postfix-users@postfix.org >Subject: Bounce a particular recipient address with specified >reject message > >Greetings: > >I have what I expect is a simple question for you guys. >Thanks to Ralphs >book and the help here I have a many-year stable postfix >configuration, love >it, don't mess with it. > >I have a very small hobby-based mailing list I maintain >manually in Outlook. >Although all maillist messages I send out include a footer asking the >recipients to not reply to that maillist messages, the users >will reply to >the maillist messages occasionally and I would prefer they >only reply to my >other addresses. I can change the reply to address in Outlook >to an invalid >one, and it will reject it back to the sender with "not in virtual user >table" but I don't wan that bounce message for this particular case. > >Instead, I would like to setup postfix so it has a more >friendly reject for >mail sent to (via replys to my messages) "maill...@mydomain.com" with a >particular reject message that instructs the user on what >address(es) to use >to better contact me. Something similar to : > >550 reject The email address maill...@mydomain.com does not >acce
Re: Bounce a particular recipient address with specified reject message
techlist06 put forth on 11/30/2009 1:59 PM: > I tried to setup an access map and reject a specific user. But the mails to > that user are not rejected. I tried adding the access map in a few > different places in the configuration, so far none worked. It shows up in > the smtpd_recipient_restrictions line below. Can anyone see what I did > wrong?: Yes, you have: check_client_access hash:/etc/postfix/access which is wrong for matching email addresses: check_client_access type:table Search the specified access database for the client hostname, parent domains, client IP address, or networks obtained by stripping least significant octets. See the access(5) manual page for details. You need check_recipient_access type:table check_recipient_access type:table Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action. Example: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access /etc/postfix/access mailli...@mydomain.com 550 REJECT Also, postmap /etc/postfix/access every time you make changes to it. If you did not reload postfix after creating the access file and adding it to main.cf, you also need to restart postfix. > My access map file has: > mailli...@mydomain.com 550 REJECT > > The corresponding access.db file is built and fresh > > But mails to mailli...@mydomain.com get through without issue. BTW, if you are trying to block all access to this email address, why not just remove it from your list(s) of valid recipients? Did I miss something earlier in the thread? -- Stan
RE: Bounce a particular recipient address with specified reject message
> You have: >check_client_access hash:/etc/postfix/access >which is wrong for matching email addresses: Thanks, that fixed my error. >check_recipient_access hash:/etc/postfix/access >BTW, if you are trying to block all access to this email address, why >not just remove it from your list(s) of valid recipients? Did I miss >something earlier in the thread? I was wanting to give a specific reject message for a particular address. It's a small, manually maintained maillist. I don't want the subscribers to reply to the "reply to" address, but I didn't want to reject mails without a friendlier explanation of where they should reply. An auto-reply with reject I guess. I expect there is a better way to do same, this seems to work OK.
Re: Bounce a particular recipient address with specified reject message
techlist06 put forth on 11/30/2009 3:14 PM: >> You have: >> check_client_access hash:/etc/postfix/access >> which is wrong for matching email addresses: > > Thanks, that fixed my error. > >> check_recipient_access hash:/etc/postfix/access >> BTW, if you are trying to block all access to this email address, why >> not just remove it from your list(s) of valid recipients? Did I miss >> something earlier in the thread? > > I was wanting to give a specific reject message for a particular address. > It's a small, manually maintained maillist. I don't want the subscribers to > reply to the "reply to" address, but I didn't want to reject mails without a > friendlier explanation of where they should reply. An auto-reply with > reject I guess. > > I expect there is a better way to do same, this seems to work OK. So, lemme get this straight. You changed the list address, but instead of just sending an email to the list addresses telling all users of the list address change, you just decided to, in essence, inform them via an NDR when they send mail to the list? There have got to be at least 1000 list management how-to's on the web, and not a one would recommend you do this in this way, and probably all 1000 would say _never_ manage a list this way...yikes. -- Stan
RE: Bounce a particular recipient address with specified reject message
>So, lemme get this straight. You changed the list address, but instead >of just sending an email to the list addresses telling all users of the >list address change, you just decided to, in essence, inform >them via an >NDR when they send mail to the list? There have got to be at >least 1000 >list management how-to's on the web, and not a one would recommend you >do this in this way, and probably all 1000 would say _never_ manage a >list this way...yikes. No I didn't change the list address. It is not a "mail list" like this one, more of an "announcement list". It is not a 2-way mailing list. The subscribers don't send anything to it for other subscribers to see. It's used rarely to send announcements of event cancellations, etc. About 1000 subscribers manually maintained. But, the users tend to start a (unrelated) communication with us via replying to that announcement list's "reply to" address since that is where they last received a message from us. And so their message does not go to the right person, it goes to the source address of the announcement and we have to sort through them and direct the message to where it should have gone to start with. We just want to let subscriber who incorrectly sends to the announcement list address to use one of the "correct" addresses to communicate with us, not via replying to the announcement list. See? FWIW, we tell them not to do it with a footer and header on every announcement email, but they do it anyway. I'm sure there is a better way, this seemed easy enough to implement. Perhaps and auto-reply type setup to that particular address. I looked at those and they looked more difficult to set up. I'd be grateful for better suggestions. I'll look for a better way to notify them. Thanks very much for the help.
Re: Bounce a particular recipient address with specified reject message
On 11/30/2009 3:52 PM, techlist06 wrote: So, lemme get this straight. You changed the list address, but instead of just sending an email to the list addresses telling all users of the list address change, you just decided to, in essence, inform them via an NDR when they send mail to the list? There have got to be at least 1000 list management how-to's on the web, and not a one would recommend you do this in this way, and probably all 1000 would say _never_ manage a list this way...yikes. No I didn't change the list address. It is not a "mail list" like this one, more of an "announcement list". It is not a 2-way mailing list. The subscribers don't send anything to it for other subscribers to see. It's used rarely to send announcements of event cancellations, etc. About 1000 subscribers manually maintained. But, the users tend to start a (unrelated) communication with us via replying to that announcement list's "reply to" address since that is where they last received a message from us. And so their message does not go to the right person, it goes to the source address of the announcement and we have to sort through them and direct the message to where it should have gone to start with. We just want to let subscriber who incorrectly sends to the announcement list address to use one of the "correct" addresses to communicate with us, not via replying to the announcement list. See? FWIW, we tell them not to do it with a footer and header on every announcement email, but they do it anyway. I'm sure there is a better way, this seemed easy enough to implement. Perhaps and auto-reply type setup to that particular address. I looked at those and they looked more difficult to set up. I'd be grateful for better suggestions. I'll look for a better way to notify them. Thanks very much for the help. The envelope sender where delivery problems are reported can be different from the From: header displayed in most email clients, which can also be different from the Reply-To: header where most mail clients will send if you hit the "Reply" button. You mustn't block the mail list's envelope sender address; you must be able to receive non-delivery notifications. There's nothing wrong with rejecting incoming mail addressed to the mail list "From:" address for an announce-only list. In your case, it would be a nice touch to add a Reply-To: header that points to the human contact or help desk as a convenience for your recipients. Look at this message -- the envelope is "owner-postfix-us...@..." the From: displayed by your mail client is "Noel Jones", but if you hit your reply button it will be addressed to "postfix-us...@..." since I want replies to go to the list. -- Noel Jones
RE: Bounce a particular recipient address with specified reject message
Noel: Thank you. >The envelope sender where delivery problems are reported can >be different from the From: header displayed in most email >clients, which can also be different from the Reply-To: header >where most mail clients will send if you hit the "Reply" button. > >You mustn't block the mail list's envelope sender address; you >must be able to receive non-delivery notifications. >There's nothing wrong with rejecting incoming mail addressed >to the mail list "From:" address for an announce-only list. I believe I understand and that was exactly what I was setting up, I think. This is what I had setup to do: The original message is actually sent from maill...@mydomain.com. The envelope sender as I understand it. I NEED to know when a announcement message bounces, because that is how I maintain the list manually, and remove any invalid entries. When they bounce, I know they are bad, or I can decide if they've had too many "mailbox full" replies, etc. and I then I remove the bounced address from the distribution list. So I have not blocked the envelope sender. For announcements I send, I have the "Reply to" set to a different, but similar address which is: maillist_nore...@mydomain.com (still trying to get their attention to not reply to the address). This is the address I have blocked in my new access table. So, if they click on "reply" in their client, the reply message should be sent to maillist_nore...@mydomain.com. My end accepts it (through spam filters), but then rejects the address with my custom reject message via my new access table with: maillist_nore...@mydomain.com 550 Do not reply to this address, instead do this. I did not add all that detail in my original post to avoid confusing my original question. Thanks for the detailed reply and helping me be sure I wasn't doing something wrong/improper. Best, Scott
Re: Bounce a particular recipient address with specified reject message
On 11/30/2009, techlist06 (techlis...@msws.org) wrote: > So, if they click on "reply" in their client, the reply message should be > sent to maillist_nore...@mydomain.com. My end accepts it (through spam > filters), but then rejects the address with my custom reject message via my > new access table with: You are NOT 'rejecting', you are ACCEPTING, then BOUNCING, which you should never do if you can possibly help it. Reject it at smtp time. Why waste system resources scanning messages you will later bounce?
RE: Bounce a particular recipient address with specified reject message
>You are NOT 'rejecting', you are ACCEPTING, then BOUNCING, which you >should never do if you can possibly help it. Reject it at smtp time. > >Why waste system resources scanning messages you will later bounce? I understand your point. Thank you for correcting my syntax. FWIW, this will only happen to a relatively minuscule number of inbound messages. I don't *think* it will take much in the way of resources. For my specific purpose, this check is to deal with the occasional, but fairly regular incorrect replies to the announcement list. The access map check is likely to only have to deal with such an "accept, then bounce" a few times a week. So I figured instead of testing thousands per day of unrelated inbound messages against this access check that I know will get "hit" rarely, I figured it would be better to put the check nearer the end of my UCE checks. Which will cause the occasional accept then bounce. Mainly I was apprehensive about moving the restriction on my main.cf. I have tried to carefully select respected authorities books and one particular UCE "guide" to build my main.cf. And it works very, very well (thanks Ralf). Not being an expert, I don't want to accidentally break anything that is there and screw it up. If you have a suggestion on where to put the access map restriction in my setup, I'm all ears. Thanks!
