Re: postfix, cyrus imap, backscatter?

[Carl Brewer]

On 1/02/2015 10:21 PM, Carl Brewer wrote:

On 1/02/2015 7:21 PM, Robert Schetterer wrote:



and where is your postfix conf..?

read i.e

http://de.postfix.org/httpmirror/postconf.5.html#smtpd_reject_unlisted_recipient


as well as other setup examples and conf stuff


I checked the server from another server, not telnet'ing from localhost :

rcpt to: f...@aboc.net.au
450 4.1.1 f...@aboc.net.au: Recipient address rejected: unverified
address: host rollcage3.bl.echidna.id.au[/var/imap/socket/lmtp] said:
550-Mailbox unknown.  Either there is no mailbox associated with this
550-name or you do not have authorization to see it. 550 5.1.1 User
unknown (in reply to RCPT TO command)

I think that's working properly :)


I'm not sure though, can anyone here see if this is right? :

2bounce_notice_recipient = postmaster
access_map_defer_code = 450
access_map_reject_code = 554
address_verify_cache_cleanup_interval = 12h
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map = btree:$data_directory/verify_cache
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = ${stress?1}${stress:3}
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_default_transport_maps = 
$sender_dependent_default_transport_maps
address_verify_sender_dependent_relayhost_maps = 
$sender_dependent_relayhost_maps

address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/usr/pkg/etc/postfix/aliases
alias_maps = hash:/usr/pkg/etc/postfix/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_add_missing_headers = no
always_bcc =
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 5
bounce_template_file =
broken_sasl_auth_clients = no
canonical_classes = envelope_sender, envelope_recipient, header_sender, 
header_recipient

canonical_maps =
cleanup_service_name = cleanup
command_directory = /usr/pkg/sbin
command_execution_directory =
command_expansion_filter = 
1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

command_time_limit = 1000s
config_directory = /usr/pkg/etc/postfix/
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter =
cyrus_sasl_config_path =
daemon_directory = /usr/pkg/libexec/postfix
daemon_timeout = 18000s
data_directory = /var/db/postfix
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 20
default_destination_concurrency_negative_feedback = 1
default_destination_concurrency_positive_feedback = 1
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_filter_nexthop =
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class 
[$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}

default_recipient_limit = 2
default_recipient_refill_delay = 5s
default_recipient_refill_limit = 100
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
destination_concurrency_feedback_debug = no
detect_8bit_encoding_header = yes
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_default_transport_maps_lookup_key = 
empty_address_recipient = MAILER-DAEMON
empty_address_relayhost_maps_lookup_key = 

Re: postfix, cyrus imap, backscatter?

[Robert Schetterer]

Am 01.02.2015 um 08:59 schrieb Carl Brewer:
 
 G'day,
 I've been running sendmail for years with cyrus and realtime address
 checking to (supposedly!) stop backscatter, but it seems to be broken,
 so it's probably a good time to migrate to postfix (been putting off for
 years ...)
 
 This document isn't very helpful :
 
 http://www.postfix.org/CYRUS_README.html
 
 Can anyone here point me at a good howto/setup guide to integrate
 postfix with cyrus imapd, virtual domains and realtime checking of
 addresses to prevent backscatter? My google-fu is not returning much
 that I can find.
 
 I've tried this in main.cf :
 
 mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
 
 Which I thought would mean that email to non-existent accounts would be
 instantly rejected, but tests show this :
 
 bash-4.3$  telnet localhost 25
 Trying ::1...
 telnet: connect to address ::1: Connection refused
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 220 x ESMTP Postfix (how far can a goat see-2.10)
 ehlo localhost
 250-
 250-PIPELINING
 250-SIZE 1024
 250-VRFY
 250-ETRN
 250-STARTTLS
 250-ENHANCEDSTATUSCODES
 250-8BITMIME
 250 DSN
 mail from: c...@bl.echidna.id.au
 250 2.1.0 Ok
 rcpt to: f...@bl.echidna.id.au
 250 2.1.5 Ok
 data
 354 End data with CRLF.CRLF
 oh ..
 
 .
 250 2.0.0 Ok: queued as 7F1EA1B3D454
 quit
 221 2.0.0 Bye
 Connection closed by foreign host.
 
 
 
 Thank you
 
 Carl
 
 
 

and where is your postfix conf..?

read i.e

http://de.postfix.org/httpmirror/postconf.5.html#smtpd_reject_unlisted_recipient

as well as other setup examples and conf stuff

Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

postfix, cyrus imap, backscatter?

[Carl Brewer]

G'day,
I've been running sendmail for years with cyrus and realtime address 
checking to (supposedly!) stop backscatter, but it seems to be broken, 
so it's probably a good time to migrate to postfix (been putting off for 
years ...)


This document isn't very helpful :

http://www.postfix.org/CYRUS_README.html

Can anyone here point me at a good howto/setup guide to integrate 
postfix with cyrus imapd, virtual domains and realtime checking of 
addresses to prevent backscatter? My google-fu is not returning much 
that I can find.


I've tried this in main.cf :

mailbox_transport = lmtp:unix:/var/imap/socket/lmtp

Which I thought would mean that email to non-existent accounts would be 
instantly rejected, but tests show this :


bash-4.3$  telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 x ESMTP Postfix (how far can a goat see-2.10)
ehlo localhost
250-
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: c...@bl.echidna.id.au
250 2.1.0 Ok
rcpt to: f...@bl.echidna.id.au
250 2.1.5 Ok
data
354 End data with CRLF.CRLF
oh ..

.
250 2.0.0 Ok: queued as 7F1EA1B3D454
quit
221 2.0.0 Bye
Connection closed by foreign host.



Thank you

Carl

Re: postfix, cyrus imap, backscatter?

[Carl Brewer]

On 1/02/2015 7:21 PM, Robert Schetterer wrote:



and where is your postfix conf..?

read i.e

http://de.postfix.org/httpmirror/postconf.5.html#smtpd_reject_unlisted_recipient

as well as other setup examples and conf stuff


I checked the server from another server, not telnet'ing from localhost :

rcpt to: f...@aboc.net.au
450 4.1.1 f...@aboc.net.au: Recipient address rejected: unverified 
address: host rollcage3.bl.echidna.id.au[/var/imap/socket/lmtp] said: 
550-Mailbox unknown.  Either there is no mailbox associated with this 
550-name or you do not have authorization to see it. 550 5.1.1 User 
unknown (in reply to RCPT TO command)


I think that's working properly :)

Thanks Robert,

Carl





Best Regards
MfG Robert Schetterer