Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/15/2013 7:31 AM, Stan Hoeppner wrote: This should have read: /etc/postfix/shield_acct_names mrwh...@breakingbad.com REJECT unknown user jes...@breakingbad.com REJECT unknown user g...@breakingbad.comREJECT unknown user -- Stan
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/15/2013 4:02 AM, Chad Elliott wrote: >> Make sure you understand address classes. > > We are not a virtual mailbox domain, we are a virtual alias domain > because we use UNIX accounts for the few mailboxes we have, ... Noel is correct. You're broken. And you are using virtual_mailbox_domains. Look at your "postconf -n": ... virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains If I understand you correctly, you simply want additional aliases for your users, correct? To do that you use a *standard Postfix config* and simply add a virtual_alias_maps file. The left side are the virtual aliases. The right side are the UNIX account addresses (though they can be any valid email address): /etc/postfix/virtual walter_wh...@breakingbad.commrwh...@breakingbad.com jessie_pink...@breakingbad.com jes...@breakingbad.com gustavo_fr...@breakingbad.com g...@breakingbad.com That's it. It's that simple. Now, if you don't want to accept SMTP mail to the UNIX acct addresses, only the virtual aliases, simply put them in an access(5) table and have the following, in this order, in smtpd_recipient_restrictions ... check_recipient_access hash:/etc/postfix/shield_acct_names reject_unlisted_recipient ... /etc/postfix/shield_acct_names mrwh...@breakingbad.com jes...@breakingbad.com g...@breakingbad.com As long as your check is before virtual alias expansion this should work. Postfix should reject any mail to UNIX addresses, and any addresses not in /etc/aliases or /etc/postfix/virtual I've been using the first half of this setup for years so I know it works. I've not tested the 'UNIX address shielding', but it should work as well. -- Stan
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
Eureka! I have changed the following in main.cf: virtual_mailbox_domains = hash:/etc/postfix/mydomains SHOULD BE virtual_alias_domains = hash:/etc/postfix/mydomains Many thanks to Noel Jones for pointing out that postfix thought we were a virtual mailbox domain, and to everyone who chimed in on this issue. Chad Elliott. On Tue, Oct 15, 2013 at 6:54 AM, Noel Jones wrote: > On 10/15/2013 4:02 AM, Chad Elliott wrote: >>> Make sure you understand address classes. >> >> We are not a virtual mailbox domain, we are a virtual alias domain >> because we use UNIX accounts for the few mailboxes we have, and alias >> several other addresses to them. > > Your setup is badly broken. The example log entry you showed > earlier of an invalid address bouncing showed postfix trying to > deliver the message with the "virtual" delivery agent. This happens > when postfix thinks the domain is a virtual mailbox domain. > > - Make sure each domain is listed in only one address class > - Use the documented method for listing valid recipients in each > address class. This does not include "local_recipient_maps = > $virtual_alias_maps". > - Remove any domain1 <-> domain2 rewrites. > > > > -- Noel Jones
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/15/2013 4:02 AM, Chad Elliott wrote: >> Make sure you understand address classes. > > We are not a virtual mailbox domain, we are a virtual alias domain > because we use UNIX accounts for the few mailboxes we have, and alias > several other addresses to them. Your setup is badly broken. The example log entry you showed earlier of an invalid address bouncing showed postfix trying to deliver the message with the "virtual" delivery agent. This happens when postfix thinks the domain is a virtual mailbox domain. - Make sure each domain is listed in only one address class - Use the documented method for listing valid recipients in each address class. This does not include "local_recipient_maps = $virtual_alias_maps". - Remove any domain1 <-> domain2 rewrites. -- Noel Jones
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
> Make sure you understand address classes. We are not a virtual mailbox domain, we are a virtual alias domain because we use UNIX accounts for the few mailboxes we have, and alias several other addresses to them. Here is the definition of a virtual alias domain straight from the manual: The virtual alias domain class. Purpose: hosted domains where each recipient address is aliased to a local UNIX system account or to a remote address. A virtual alias example is given in the VIRTUAL_README file. Domain names are listed in virtual_alias_domains. The default value is $virtual_alias_maps for Postfix 1.1 compatibility. Valid recipient addresses are listed with the virtual_alias_maps parameter. The Postfix SMTP server rejects invalid recipients with "User unknown in virtual alias table". The default value is $virtual_maps for Postfix 1.1 compatibility. There is no mail delivery transport parameter. Every address must be aliased to some other address. >Apparently this is a virtual mailbox domain. Valid users must be listed in >virtual_mailbox_maps. Domain rewrite wildcards will break recipient validation. Again, it is not a virtual mailbox domain, and there are no wildcards used anywhere I am aware of. >I don't see anywhere that document recommends setting local_recipient_maps = >$virtual_alias_maps. That looks like a hack someone dreamed up for covering >broken address classes. Because we are a virtual alias domain, this is where our users are all listed.
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/14/2013 3:41 PM, Chad Elliott wrote: >> Without context, we can't provide much help. > > >> - what instructions did you follow? > I set up "local_recipient_maps = $virtual_alias_maps" and > "unknown_local_recipient_reject_code = 550" per instructions located > here: > http://www.postfix.org/BACKSCATTER_README.html I don't see anywhere that document recommends setting local_recipient_maps = $virtual_alias_maps. That looks like a hack someone dreamed up for covering broken address classes. Anyway, this won't have any effect for a virtual_mailbox_domain, which is what it appears you're using. > > - what is being bounced? > mail sent to non-existent aliases/users (not in virtual_alias_maps) > > - what address class (local, virtual-alias, virtual-mailbox, ...) is > bouncing? > virtual-alias Make sure you understand address classes. http://www.postfix.org/ADDRESS_CLASS_README.html Each domain postfix is responsible for must be listed in *only one* address class, one of: - local addresses, domain listed in mydestination, valid recipients listed in local_recipient_maps - domains relayed elsewhere for final delivery, domains listed in relay_domains, valid recipients listed in relay_recipient_maps. - virtual alias domains, domain listed in virtual_alias_domains, valid recipients listed in virtual_alias_maps (and must be aliased to another domain). - virtual mailbox, domains listed in virtual_mailbox_domains, valid users listed in virtual_mailbox_maps Usually people break recipient validation by using @domain <> @domain rewriting in virtual_alias_maps or in canonical maps. Don't do that. > > - NON VERBOSE logs demonstrating the problem? > > Oct 14 13:37:37 mail postfix/smtpd[17348]: A887A1A084D7: > client=mail-ie0-f180.google.com[209.85.223.180] > Oct 14 13:37:37 mail postfix/cleanup[21208]: A887A1A084D7: > message-id= > Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: > from=, size=1490, nrcpt=1 (queue active) > Oct 14 13:37:37 mail postfix/virtual[20895]: A887A1A084D7: > to=, relay=virtual, delay=0.09, > delays=0.09/0/0/0, dsn=5.1.1, status=bounced (unknown user: > "testboun...@myserver.com") Apparently this is a virtual mailbox domain. Valid users must be listed in virtual_mailbox_maps. Domain rewrite wildcards will break recipient validation. > Oct 14 13:37:37 mail postfix/bounce[21056]: A887A1A084D7: sender > non-delivery notification: B87541A084D9 > Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: removed > > -- Noel Jones
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On Mon, Oct 14, 2013 at 5:27 PM, Charles Marcus wrote: > On 2013-10-14 4:00 PM, Chad Elliott wrote: > > virtual_alias_maps = hash:/etc/postfix/virtual > virtual_mailbox_base = /var/spool/mail > virtual_mailbox_domains = hash:/etc/postfix/mydomains > > > There are no wildcards in virtual_alias_maps or alias_maps > > > Tests against your maps? > > What do > > postmap -q myserver.com hash:/etc/postfix/mydomains response was: "OK" > > postmap -q inva...@myserver.com hash:/etc/postfix/virtual > No Response, just a blank line > postmap -q va...@myserver.com hash:/etc/postfix/virtual > This responded with the alias that the email address was mapped to, in this case "INFO" > return? > > -- > > Best regards, > > Charles
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 2013-10-14 4:00 PM, Chad Elliott wrote: virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains There are no wildcards in virtual_alias_maps or alias_maps Tests against your maps? What do postmap -q myserver.com hash:/etc/postfix/mydomains postmap -q inva...@myserver.com hash:/etc/postfix/virtual postmap -q va...@myserver.com hash:/etc/postfix/virtual return? -- Best regards, */Charles/***
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 2013-10-14 4:54 PM, Charles Marcus wrote: On 2013-10-14 4:00 PM, Chad Elliott wrote: Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, and On 2013-10-14 4:41 PM, Chad Elliott wrote: - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) This is NOT 'backscatter'... Methinks you have some reading to do... Sorry, I misread the logs, I guess it is in fact bounced instead of rejected...
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 2013-10-14 4:00 PM, Chad Elliott wrote: Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, and On 2013-10-14 4:41 PM, Chad Elliott wrote: - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) This is NOT 'backscatter'... Methinks you have some reading to do... -- Best regards, */Charles/*
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 2013-10-14 4:41 PM, Chad Elliott wrote: - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) This is the DESIRED result... what is the problem? -- Best regards, */Charles /*
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
>Without context, we can't provide much help. >- what instructions did you follow? I set up "local_recipient_maps = $virtual_alias_maps" and "unknown_local_recipient_reject_code = 550" per instructions located here: http://www.postfix.org/BACKSCATTER_README.html - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) - what address class (local, virtual-alias, virtual-mailbox, ...) is bouncing? virtual-alias - NON VERBOSE logs demonstrating the problem? Oct 14 13:37:37 mail postfix/smtpd[17348]: A887A1A084D7: client=mail-ie0-f180.google.com[209.85.223.180] Oct 14 13:37:37 mail postfix/cleanup[21208]: A887A1A084D7: message-id= Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: from=, size=1490, nrcpt=1 (queue active) Oct 14 13:37:37 mail postfix/virtual[20895]: A887A1A084D7: to=, relay=virtual, delay=0.09, delays=0.09/0/0/0, dsn=5.1.1, status=bounced (unknown user: "testboun...@myserver.com") Oct 14 13:37:37 mail postfix/bounce[21056]: A887A1A084D7: sender non-delivery notification: B87541A084D9 Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: removed On Mon, Oct 14, 2013 at 4:24 PM, Noel Jones wrote: > On 10/14/2013 3:00 PM, Chad Elliott wrote: >> Sorry if this question gets asked too often, but I followed the >> instructions to stop backscatter email from my server, yet it >> continues to send bounces. Here is the output of postconf -n: > > Without context, we can't provide much help. > > - what instructions did you follow? > - what is being bounced? > - what address class (local, virtual-alias, virtual-mailbox, ...) is > bouncing? > - NON VERBOSE logs demonstrating the problem? > > > > > -- Noel Jones > >>
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/14/2013 3:00 PM, Chad Elliott wrote: > Sorry if this question gets asked too often, but I followed the > instructions to stop backscatter email from my server, yet it > continues to send bounces. Here is the output of postconf -n: Without context, we can't provide much help. - what instructions did you follow? - what is being bounced? - what address class (local, virtual-alias, virtual-mailbox, ...) is bouncing? - NON VERBOSE logs demonstrating the problem? -- Noel Jones > > alias_maps = hash:/etc/aliases > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > debug_peer_level = 2 > debug_peer_list = XXX.XXX.XXX.XXX > home_mailbox = Maildir/ > html_directory = no > inet_interfaces = all > local_recipient_maps = $virtual_alias_maps > mail_owner = postfix > mail_spool_directory = /var/spool/mail > mailbox_command = /usr/bin/procmail -f- -a "$USER" > mailbox_size_limit = 25600 > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > maximal_queue_lifetime = 3d > mydestination = localhost,$myhostname > mynetworks = XXX.XXX.XXX.XXX/32, XXX.XXX.XXX.XXX/32 > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES > sample_directory = /usr/share/doc/postfix-2.3.3/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtp_host_lookup = dns, native > smtp_sasl_security_options = noplaintext > smtpd_banner = $myhostname ESMTP $mail_name > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination, > reject_unknown_sender_domain, reject_unlisted_recipient > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_security_options = noanonymous > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = hash:/etc/postfix/virtual > virtual_mailbox_base = /var/spool/mail > virtual_mailbox_domains = hash:/etc/postfix/mydomains > > > There are no wildcards in virtual_alias_maps or alias_maps > > Thanks, > > Chad. > >
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
Such a busy server, it's tough to get just the right snippet, let me know if anything seems missing here. Oct 14 12:44:46 mail postfix/smtpd[2527]: < mail.senderdomain.org[173.255.XXX.XXX7]: rcpt to:lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: extract_addr: input: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: smtpd_check_addr: addr= lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: ctable_locate: purge entry key z04...@.com Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr request = rewrite Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr rule = local Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr address = lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: 0 Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: address Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: address Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: (list terminator) Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: (end) Oct 14 12:44:46 mail postfix/smtpd[2527]: rewrite_clnt: local: lksjdflkajsflkas...@mycompany.com -> lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr request = resolve Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr sender = Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr address = lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: 0 Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: transport Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: transport Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: virtual Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: nexthop Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: nexthop Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: recipient Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: recipient Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: 1024 Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: (list terminator) Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: (end) Oct 14 12:44:46 mail postfix/smtpd[2527]: resolve_clnt: `' -> ` lksjdflkajsflkas...@mycompany.com' -> transp=`virtual' host=`mycompany.com' rcpt=`lksjdflkajsflkas...@mycompany.com' flags= class=virtual Oct 14 12:44:46 mail postfix/smtpd[2527]: ctable_locate: install entry key lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: extract_addr: in: lksjdflkajsflkas...@mycompany.com, result: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: >>> START Recipient address RESTRICTIONS <<< Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=permit_sasl_authenticated Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=permit_sasl_authenticated status=0 Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=permit_mynetworks Oct 14 12:44:46 mail postfix/smtpd[2527]: permit_mynetworks: mail.senderdomain.org 173.255.XXX.XXX7 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_hostname: mail.senderdomain.org ~? 67.192.XXX.XXX/32 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_hostaddr: 173.255.XXX.XXX7 ~? 67.192.XXX.XXX/32 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_hostname: mail.senderdomain.org ~? 127.0.0.0/8 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_hostaddr: 173.255.XXX.XXX7 ~? 127.0.0.0/8 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_list_match: mail.senderdomain.org: no match Oct 14 12:44:46 mail postfix/smtpd[2527]: match_list_match: 173.255.XXX.XXX7: no match Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=permit_mynetworks status=0 Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=reject_unauth_destination Oct 14 12:44:46 mail postfix/smtpd[2527]: reject_unauth_destination: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: permit_auth_destination: lksjdflkajsflkas...@mycompany.c
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
Logs? On 2013-10-14 4:00 PM, Chad Elliott wrote: Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, yet it continues to send bounces. Here is the output of postconf -n: alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 debug_peer_list = XXX.XXX.XXX.XXX home_mailbox = Maildir/ html_directory = no inet_interfaces = all local_recipient_maps = $virtual_alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -f- -a "$USER" mailbox_size_limit = 25600 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 3d mydestination = localhost,$myhostname mynetworks = XXX.XXX.XXX.XXX/32, XXX.XXX.XXX.XXX/32 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_host_lookup = dns, native smtp_sasl_security_options = noplaintext smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_unlisted_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains There are no wildcards in virtual_alias_maps or alias_maps Thanks, Chad. -- Best regards, */Charles Marcus/* I.T. Director Media Brokers International, Inc. *678.514.6224 | 678.514.6299 fax*