Is postfix misconfiguration to send to wrong domain?
I am concerned a configuration that has been unchanged for a few years may have an error that is now showing up as a problem. I received this email that is a non-delivery notice sent to us ( postmas...@cnm.edu) that a non-delivery notice our gateway sent could not be delivered: From: postmas...@ors-cpa.com To: postmas...@cnm.edu Subject: Undeliverable: lech Sent: Thu 4/11/2013 5:18 AM Generating server: orscpa.local smashab...@ors-cpa.com # #5.1.1 smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found #SMTP# Original message headers: Received: from server45.appriver.com (69.20.58.226) by rm.ors-cpa.com (10.10.10.2) with Microsoft SMTP Server id 14.2.342.3; Thu, 11 Apr 2013 07:15:26 -0400 Received: from [10.238.9.54] (HELO inbound.appriver.com) by server45.appriver.com (CommuniGate Pro SMTP 5.3.12) with ESMTP id 2123501502 for smashab...@ors-cpa.com; Thu, 11 Apr 2013 07:15:26 -0400 X-Note-AR-ScanTimeLocal: 4/11/2013 7:15:26 AM X-Note-AR-Scan: None - PIPE Received: by inbound.appriver.com (CommuniGate Pro PIPE 5.4.1) with PIPE id 412972783; Thu, 11 Apr 2013 07:15:26 -0400 Received: from mg04.cnm.edu ([198.133.182.64] verified) by inbound.appriver.com (CommuniGate Pro SMTP 5.4.1) with ESMTP id 412972755 for smashab...@ors-cpa.com; Thu, 11 Apr 2013 07:15:24 -0400 Received: by mg04.cnm.edu (Postfix)id 08002661BF9; Thu, 11 Apr 2013 05:15:24 -0600 (MDT) Date: Thu, 11 Apr 2013 05:15:24 -0600 From: Mail Delivery System mailer-dae...@cnm.edu Subject: Undelivered Mail Returned to Sender To: smashab...@ors-cpa.com Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary=152B0661BC5.1365678924/mg04.cnm.edu Message-ID: 2013041524.08002661...@mg04.cnm.edu X-Note-AR-ScanTimeLocal: 4/11/2013 7:15:24 AM X-Policy: ors-cpa.com X-Primary: smashab...@ors-cpa.com X-Note: This Email was scanned by AppRiver SecureTide X-Virus-Scan: V-X0M0 X-Note-SnifferID: 0 X-Note: TCH-CT/SI:0-132/SG:6 4/11/2013 7:15:00 AM X-GBUdb-Analysis: 0, 198.133.182.64, Ugly c=0 p=0 Source New X-Signature-Violations: 0-0-0-6732-c X-Note-419: 31.2498 ms. Fail:0 Chk:1344 of 1344 total X-Note: SCH-CT/SI:0-1344/SG:1 4/11/2013 7:15:22 AM X-Warn: BOUNCEBLOCK Contains questionable phrase X-Warn: RETURNPATH No Return Path Listed. X-Warn: WEIGHT10 X-Warn: WEIGHT15 X-Note: Spam Tests Failed: BOUNCEBLOCK, RETURNPATH, WEIGHT10, WEIGHT15 X-Country-Path: -UNITED STATES-UNITED STATES X-Note-Sending-IP: 198.133.182.64 X-Note-Reverse-DNS: mail.cnm.edu X-Note-Return-Path: X-Note: User Rule Hits: X-Note: Global Rule Hits: G319 G320 G321 G322 G326 G327 G373 G415 G426 G427 G434 X-Note: Encrypt Rule Hits: X-Note: Mail Class: VALID Return-Path: mailer-dae...@cnm.edu These are the logfile lines for the email we initially could not deliver: Apr 11 05:15:11 mg04 postfix/smtpd[29756]: connect from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39] Apr 11 05:15:11 mg04 postfix/smtpd[29756]: 701E1661BFF: client= adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39] Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF: hold: header Received: from adsl-070-154-182-039.sip.msy.bellsouth.net ( adsl-070-154-182-039.sip.msy.bellsouth.net [70.154.182.39])??by mg04.cnm.edu(Postfix) with ESMTP id 701E1661BFF??for mmoo...@cnm.edu; Thu, from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39]; from=smashab...@ors-cpa.com to=mmoo...@cnm.edu proto=ESMTP helo= adsl-070-154-182-039.sip.msy.bellsouth.net Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF: message-id=D1C2B329466F437A91BBF89D82BB759E@postmail2 Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF: warning: header Subject: lech from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39]; from=smashab...@ors-cpa.com to=mmoo...@cnm.edu proto=ESMTP helo= adsl-070-154-182-039.sip.msy.bellsouth.net Apr 11 05:15:11 mg04 postfix/smtpd[29756]: disconnect from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39] Apr 11 05:15:12 mg04 MailScanner[16316]: Message 701E1661BFF.5998D from 70.154.182.39 (smashab...@ors-cpa.com) to cnm.edu is spam, SpamAssassin (not cached, score=9.628, required 6, autolearn=disabled, DATE_IN_PAST_06_12 1.85, FH_HELO_EQ_D_D_D_D 0.50, HELO_DYNAMIC_DHCP 1.52, HELO_DYNAMIC_IPADDR 2.94, RDNS_DYNAMIC 0.10, STOX_REPLY_TYPE 0.00, TVD_FINGER_02 2.72) Apr 11 05:15:15 mg04 MailScanner[16316]: Spam Actions: message 701E1661BFF.5998D actions are deliver,header Apr 11 05:15:20 mg04 MailScanner[16316]: Requeue: 701E1661BFF.5998D to 152B0661BC5 Apr 11 05:15:20 mg04 postfix/qmgr[25178]: 152B0661BC5: from= smashab...@ors-cpa.com, size=1112, nrcpt=1 (queue active) Apr 11 05:15:23 mg04 postfix/smtp[28222]: 152B0661BC5: to= mmoo...@cnm.edu.test-google-a.com, orig_to=mmoo...@cnm.edu, relay= gmail-smtp-in.l.google.com[173.194.76.26]:25, delay=13, delays=9.3/0/0.22/3.2, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[173.194.76.26] said: 550-5.1.1 The email account that you tried to reach does not
Re: Is postfix misconfiguration to send to wrong domain?
Hi, And these are the logfile lines for our sending of the non-delivery notice we sent. One item in these log lines I do not understand at all is relay=server50.appriver.com http://server50.appriver.com[204.232.236.138]:25. I do not understand where were that information is sourced. It looks to me that we sent the non-delivery to a wrong location. No, that is correct. Source of that routing information is the MX record for the target domain: # host -t mx ors-cpa.com ors-cpa.com mail is handled by 10 server50.appriver.com. ors-cpa.com mail is handled by 20 server51.appriver.com.
Re: Is postfix misconfiguration to send to wrong domain?
That was a fast response Jan. Thanks. Is the overall situation suggestive of any misconfiguration here? On Thu, Apr 11, 2013 at 1:22 PM, Jan P. Kessler post...@jpkessler.infowrote: Hi, And these are the logfile lines for our sending of the non-delivery notice we sent. One item in these log lines I do not understand at all is relay=server50.appriver.com[204.232.236.138]:25. I do not understand where were that information is sourced. It looks to me that we sent the non-delivery to a wrong location. No, that is correct. Source of that routing information is the MX record for the target domain: # host -t mx ors-cpa.com ors-cpa.com mail is handled by 10 server50.appriver.com. ors-cpa.com mail is handled by 20 server51.appriver.com. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
Re: Is postfix misconfiguration to send to wrong domain?
On 4/11/2013 2:42 PM, Robert Lopez wrote: That was a fast response Jan. Thanks. Is the overall situation suggestive of any misconfiguration here? [please don't top-post] It appears you're generating a bounce for spam. Don't do that; the spam sender address is often forged causing your notice to go to some innocent third party. This makes you a backscatter source. As a backscatter source, your queue can become clogged with undeliverable bounces and your server may be blacklisted by others. With an after queue content filter, the only valid choice you have is to tag and deliver the message (or in some cases, discard it, but that's not legal some places and not good practice everywhere else). -- Noel Jones On Thu, Apr 11, 2013 at 1:22 PM, Jan P. Kessler post...@jpkessler.info mailto:post...@jpkessler.info wrote: Hi, And these are the logfile lines for our sending of the non-delivery notice we sent. One item in these log lines I do not understand at all is relay=server50.appriver.com http://server50.appriver.com[204.232.236.138]:25. I do not understand where were that information is sourced. It looks to me that we sent the non-delivery to a wrong location. No, that is correct. Source of that routing information is the MX record for the target domain: # host -t mx ors-cpa.com http://ors-cpa.com ors-cpa.com http://ors-cpa.com mail is handled by 10 server50.appriver.com http://server50.appriver.com. ors-cpa.com http://ors-cpa.com mail is handled by 20 server51.appriver.com http://server51.appriver.com. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
Re: Is postfix misconfiguration to send to wrong domain?
On Thu, Apr 11, 2013 at 2:23 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 4/11/2013 2:42 PM, Robert Lopez wrote: That was a fast response Jan. Thanks. Is the overall situation suggestive of any misconfiguration here? [please don't top-post] It appears you're generating a bounce for spam. Don't do that; the spam sender address is often forged causing your notice to go to some innocent third party. This makes you a backscatter source. As a backscatter source, your queue can become clogged with undeliverable bounces and your server may be blacklisted by others. With an after queue content filter, the only valid choice you have is to tag and deliver the message (or in some cases, discard it, but that's not legal some places and not good practice everywhere else). -- Noel Jones On Thu, Apr 11, 2013 at 1:22 PM, Jan P. Kessler post...@jpkessler.info mailto:post...@jpkessler.info wrote: Hi, And these are the logfile lines for our sending of the non-delivery notice we sent. One item in these log lines I do not understand at all is relay=server50.appriver.com http://server50.appriver.com[204.232.236.138]:25. I do not understand where were that information is sourced. It looks to me that we sent the non-delivery to a wrong location. No, that is correct. Source of that routing information is the MX record for the target domain: # host -t mx ors-cpa.com http://ors-cpa.com ors-cpa.com http://ors-cpa.com mail is handled by 10 server50.appriver.com http://server50.appriver.com. ors-cpa.com http://ors-cpa.com mail is handled by 20 server51.appriver.com http://server51.appriver.com. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 Is postscreen able to identify email as spam to prevent bouncing it? Is there a way to alter my postfix configuration to prevent bouncing it? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
Re: Is postfix misconfiguration to send to wrong domain?
Is postscreen able to identify email as spam to prevent bouncing it? Is there a way to alter my postfix configuration to prevent bouncing it? This is not a matter of 'spam detection'. You have to verify for valid (means existing) recipients *before* you accept mail. Look for reject_unlisted_recipient or reject_unverified_recipients in the postfix docs.
Re: Is postfix misconfiguration to send to wrong domain?
Robert Lopez: Is postscreen able to identify email as spam to prevent bouncing it? Is there a way to alter my postfix configuration to prevent bouncing it? Both postscreen and a before-queue content filter block mail before it is allowed into the Postfix queue. Postfix will therefore not return such mail to the (usually) forged sender. http://www.postfix.org/SMTPD_PROXY_README.html Wietse
Re: Is postfix misconfiguration to send to wrong domain?
Is postscreen able to identify email as spam to prevent bouncing it? Is there a way to alter my postfix configuration to prevent bouncing it? This is not a matter of 'spam detection'. You have to verify for valid (means existing) recipients *before* you accept mail. Look for reject_unlisted_recipient or reject_unverified_recipients in the postfix docs. To be more precise: - verify your recipients - do not reject mails by content filters (as said: use prequeue filters or tag spam mails) - and most important: do not rewrite recipients to non existing third-party accounts (here: google)! Apr 11 05:15:23 mg04 postfix/smtp[28222]: 152B0661BC5: to=mmoo...@cnm.edu.test-google-a.com mailto:mmoo...@cnm.edu.test-google-a.com, orig_to=mmoo...@cnm.edu mailto:mmoo...@cnm.edu, relay=gmail-smtp-in.l.google.com http://gmail-smtp-in.l.google.com[173.194.76.26]:25, delay=13, delays=9.3/0/0.22/3.2, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com http://gmail-smtp-in.l.google.com[173.194.76.26] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 j8si3846254qaz.28 - gsmtp (in reply to RCPT TO command))
Re: Is postfix misconfiguration to send to wrong domain?
On Apr 11, 2013, at 15:56, Jan P. Kessler post...@jpkessler.info wrote: do not reject mails by content filters (as said: use prequeue filters or tag spam mails) to be clear, do not bounce emails based on content filters AFTER the SMTP transaction. You can certainly reject email based on any criteria you wish during the SMTP phase. In fact, anymore, bouncing mail at all is more trouble than it is worth. Any criteria that would cause an email to bounce should be checked before the SMTP phase closes and cause a reject instead.