Re: postfix will not send
On Fri, 31 Dec 2021, Wietse Venema wrote: John Fawcett: On 31/12/2021 10:36, Doug Denault wrote: This is a postfix/cyrus/mysql system running in a FreeBSD jail. It is (as far as I can make it) identical to a bare metal with the same configuration. Delivery & reading email works fine, the jailed system will not send email failing with: cyrus postfix/smtpd[51745]: warning: SASL: Connect to smtpd failed: No such file or directory cyrus postfix/smtpd[51745]: fatal: no SASL authentication mechanisms The warning message (at least in the latest version of postfix) is given only for smtpd_sasl_type = dovecot, so seems that dovecot SASL is configured, not cyrus SASL and postfix is interpreting "smtpd" which is your smtpd_sasl_path setting as the dovecot socket path to connect to for authentication. That message neewds to be improved. As of Postfix 3.7 it will be: warning: SASL: Connect to Dovecot auth socket 'smtpd' failed: ... which would save some head scratching. Thank you all. That is indeed the problem. My problem is further compounded by FreeBSD in postfix-3.5.6,1 the package is built with cyrus support however postfix-3.6.2_1,1 is apparently built without cyrus support. cyrus:~> postconf -A cyrus: cyrus:~> postconf -a dovecot setting smtpd_sasl_type = cyrus begets warning: unsupported SASL server implementation: cyrus fatal: SASL per-process initialization failed Fix is trivial but not without the help I got here, Thank again to all and Happy New Year Doug _ Douglas Denault http://www.safeport.com d...@safeport.com Voice: 301-217-9220 Fax: 301-217-9277
Re: postfix will not send
John Fawcett: > On 31/12/2021 10:36, Doug Denault wrote: > > This is a postfix/cyrus/mysql system running in a FreeBSD jail. It is > > (as far as I can make it) identical to a bare metal with the same > > configuration. Delivery & reading email works fine, the jailed system > > will not send email failing with: > > > > cyrus postfix/smtpd[51745]: warning: SASL: Connect to smtpd failed: No > > such file or directory > > cyrus postfix/smtpd[51745]: fatal: no SASL authentication mechanisms > > The warning message (at least in the latest version of postfix) is given > only for smtpd_sasl_type = dovecot, so seems that dovecot SASL is > configured, not cyrus SASL and postfix is interpreting "smtpd" which is > your smtpd_sasl_path setting as the dovecot socket path to connect to > for authentication. That message neewds to be improved. As of Postfix 3.7 it will be: warning: SASL: Connect to Dovecot auth socket 'smtpd' failed: ... which would save some head scratching. Wietse
Re: postfix will not send
On 31/12/2021 11:56, John Fawcett wrote: On 31/12/2021 10:36, Doug Denault wrote: This is a postfix/cyrus/mysql system running in a FreeBSD jail. It is (as far as I can make it) identical to a bare metal with the same configuration. Delivery & reading email works fine, the jailed system will not send email failing with: cyrus postfix/smtpd[51745]: warning: SASL: Connect to smtpd failed: No such file or directory cyrus postfix/smtpd[51745]: fatal: no SASL authentication mechanisms The warning message (at least in the latest version of postfix) is given only for smtpd_sasl_type = dovecot, so seems that dovecot SASL is configured, not cyrus SASL and postfix is interpreting "smtpd" which is your smtpd_sasl_path setting as the dovecot socket path to connect to for authentication. postconf -n ... don't see it and all the internet seems to use dovecot but I don't see how whatever imap impacks smtp. Thanks for any thoughts _ Douglas Denault http://www.safeport.com d...@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 Doug Which imap server you use is irrelevant. It is relevant which SASL implementation you use. postconf -a will give the available SASL implementations. postconf smtpd_sasl_type will give the configured one. However, you may have some override to that parameter configured in master.cf. Hope that helps you track it down. John Just a further bit of info. If I read the following correctly, looks like FreeBSD has a default of smtpd_sasl_type = dovecot since postfix 2.11.7 https://svnweb.freebsd.org/ports/head/mail/postfix/Makefile?r1=409551=409550=409551 In officially released postfix the default is cyrus. This is probably why you are getting dovecot SASL even though you didn't specify a non default smtpd_sasl_type. So if you've got Cyrus SASL installed you can configure smtpd_sasl_type= cyrus in your main.cf. John
Re: postfix will not send
On 2021-12-31 10:36, Doug Denault wrote: broken_sasl_auth_clients = yes not needed in 2022 smtpd_sasl_auth_enable = yes this is undesired since it open sasl auth on port 25 don't see it and all the internet seems to use dovecot but I don't see how whatever imap impacks smtp. Thanks for any thoughts you have mixed horissont :) https://doc.dovecot.org/admin_manual/submission_server/ https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/ both is good, make your choice on one of them
Re: postfix will not send
On 31/12/2021 10:36, Doug Denault wrote: This is a postfix/cyrus/mysql system running in a FreeBSD jail. It is (as far as I can make it) identical to a bare metal with the same configuration. Delivery & reading email works fine, the jailed system will not send email failing with: cyrus postfix/smtpd[51745]: warning: SASL: Connect to smtpd failed: No such file or directory cyrus postfix/smtpd[51745]: fatal: no SASL authentication mechanisms The warning message (at least in the latest version of postfix) is given only for smtpd_sasl_type = dovecot, so seems that dovecot SASL is configured, not cyrus SASL and postfix is interpreting "smtpd" which is your smtpd_sasl_path setting as the dovecot socket path to connect to for authentication. postconf -n ... don't see it and all the internet seems to use dovecot but I don't see how whatever imap impacks smtp. Thanks for any thoughts _ Douglas Denault http://www.safeport.com d...@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 Doug Which imap server you use is irrelevant. It is relevant which SASL implementation you use. postconf -a will give the available SASL implementations. postconf smtpd_sasl_type will give the configured one. However, you may have some override to that parameter configured in master.cf. Hope that helps you track it down. John
postfix will not send
This is a postfix/cyrus/mysql system running in a FreeBSD jail. It is (as far as I can make it) identical to a bare metal with the same configuration. Delivery & reading email works fine, the jailed system will not send email failing with: cyrus postfix/smtpd[51745]: warning: SASL: Connect to smtpd failed: No such file or directory cyrus postfix/smtpd[51745]: fatal: no SASL authentication mechanisms postconf -n allow_untrusted_routing = no broken_sasl_auth_clients = yes command_directory = /usr/local/sbin compatibility_level = 2 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = /usr/local/share/doc/postfix inet_interfaces = $myhostname, localhost inet_protocols = ipv4 local_recipient_maps = mail_owner = postfix mailbox_size_limit = 2 mailbox_transport = lmtp:unix:/var/imap/socket/lmtp mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 1 meta_directory = /usr/local/libexec/postfix mynetworks = xxx.xxx.157.16/32, 127.0.0.0/8 mynetworks_style = subnet myorigin = $myhostname newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix recipient_delimiter = + relay_domains = $mydestination mail2.safeport.com sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop shlib_directory = /usr/local/lib/postfix smtpd_enforce_tls = no smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = cyrus.safeport.com smtpd_sasl_path = smtpd smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/ov_safeport_ca-bundle.crt smtpd_tls_ask_ccert = no smtpd_tls_auth_only = yes smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/ov_safeport_com.crt smtpd_tls_key_file = /usr/local/etc/postfix/ssl/ov_safeport_com.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_req_ccert = no smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_alias_domains = $virtual_alias_maps virtual_alias_maps = hash:/usr/local/etc/postfix/virtual regexp:/usr/local/etc/postfix/virtual.regexp don't see it and all the internet seems to use dovecot but I don't see how whatever imap impacks smtp. Thanks for any thoughts _ Douglas Denault http://www.safeport.com d...@safeport.com Voice: 301-217-9220 Fax: 301-217-9277
postfix tries to send mail to domains with no mx record
Hi, yesterday i noticed an unexpected behaviour. This mail is lingering in the outbound queue on my mailserver: 54086E032F 10413683 Fri Feb 7 14:04:21 some.user@my.domain (lost connection with apple.de[17.149.160.31] while receiving the initial server greeting) pre...@apple.de Searching the postfix log i found out that postfix tries to deliver this email with no effort: Feb 10 13:20:08 mx-50 postfix/qmgr[17611]: 54086E032F: from=some.user@my.domain, size=10413683, nrcpt=1 (queue active) Feb 10 13:21:22 mx-50 postfix/smtp[17651]: 54086E032F: lost connection with apple.de[17.172.224.31] while receiving the initial server greeting Feb 10 13:22:37 mx-50 postfix/smtp[17651]: 54086E032F: lost connection with apple.de[17.178.96.17] while receiving the initial server greeting Feb 10 13:23:52 mx-50 postfix/smtp[17651]: 54086E032F: to=pre...@apple.de, relay=apple.de[17.149.160.31]:25, delay=256771, delays=256547/0/225/0, dsn=4.4.2, status=deferred (lost connection with apple.de[17.149.160.31] while receiving the initial server greeting) Feb 10 14:35:08 mx-50 postfix/qmgr[6779]: 54086E032F: from=some.user@my.domain, size=10413683, nrcpt=1 (queue active) Feb 10 14:36:22 mx-50 postfix/smtp[4114]: 54086E032F: lost connection with apple.de[17.178.96.17] while receiving the initial server greeting Feb 10 14:37:37 mx-50 postfix/smtp[4114]: 54086E032F: lost connection with apple.de[17.172.224.31] while receiving the initial server greeting Feb 10 14:38:52 mx-50 postfix/smtp[4114]: 54086E032F: to=pre...@apple.de, relay=apple.de[17.149.160.31]:25, delay=261272, delays=261047/0/225/0, dsn=4.4.2, status=deferred (lost connection with apple.de[17.149.160.31] while receiving the initial server greeting) Now the strange thing. There is no mx record for apple.de: root@mx-50:~# host -t mx apple.de apple.de has no MX record So how could postfix determine the mxer for this Domain? Apparently postfix uses the a records: root@mx-50:~# host -t a apple.de apple.de has address 17.178.96.17 apple.de has address 17.149.160.31 apple.de has address 17.172.224.31 Why? these Feature is off by Default and not activated on my mailserver: root@mx-50:~# postconf -d | grep ignore_mx_lookup_error ignore_mx_lookup_error = no root@mx-50:~# postconf -n | grep ignore_mx_lookup_error root@mx-50:~# [no Output] How can i turn this off? TIA, Peter
Re: postfix tries to send mail to domains with no mx record
On Tue, Feb 11, 2014 at 09:48:29AM CET, Klaffehn, Peter peter.klaff...@westermann.de said: Now the strange thing. There is no mx record for apple.de: root@mx-50:~# host -t mx apple.de apple.de has no MX record So how could postfix determine the mxer for this Domain? Apparently postfix uses the a records: root@mx-50:~# host -t a apple.de apple.de has address 17.178.96.17 apple.de has address 17.149.160.31 apple.de has address 17.172.224.31 Why? these Feature is off by Default and not activated on my mailserver: That's the standard : if a right hand side of address has no explicit MX record, but a A record in the DNS, then the A record is an implicit MX.
Re: postfix tries to send mail to domains with no mx record
On 11 Feb 2014, at 09:48, Klaffehn, Peter peter.klaff...@westermann.de wrote: yesterday i noticed an unexpected behaviour. This mail is lingering in the outbound queue on my mailserver: 54086E032F 10413683 Fri Feb 7 14:04:21 some.user@my.domain (lost connection with apple.de[17.149.160.31] while receiving the initial server greeting) pre...@apple.de Searching the postfix log i found out that postfix tries to deliver this email with no effort: Feb 10 13:20:08 mx-50 postfix/qmgr[17611]: 54086E032F: from=some.user@my.domain, size=10413683, nrcpt=1 (queue active) Feb 10 13:21:22 mx-50 postfix/smtp[17651]: 54086E032F: lost connection with apple.de[17.172.224.31] while receiving the initial server greeting Feb 10 13:22:37 mx-50 postfix/smtp[17651]: 54086E032F: lost connection with apple.de[17.178.96.17] while receiving the initial server greeting Feb 10 13:23:52 mx-50 postfix/smtp[17651]: 54086E032F: to=pre...@apple.de, relay=apple.de[17.149.160.31]:25, delay=256771, delays=256547/0/225/0, dsn=4.4.2, status=deferred (lost connection withapple.de[17.149.160.31] while receiving the initial server greeting) Feb 10 14:35:08 mx-50 postfix/qmgr[6779]: 54086E032F: from=some.user@my.domain, size=10413683, nrcpt=1 (queue active) Feb 10 14:36:22 mx-50 postfix/smtp[4114]: 54086E032F: lost connection with apple.de[17.178.96.17] while receiving the initial server greeting Feb 10 14:37:37 mx-50 postfix/smtp[4114]: 54086E032F: lost connection with apple.de[17.172.224.31] while receiving the initial server greeting Feb 10 14:38:52 mx-50 postfix/smtp[4114]: 54086E032F: to=pre...@apple.de, relay=apple.de[17.149.160.31]:25, delay=261272, delays=261047/0/225/0, dsn=4.4.2, status=deferred (lost connection withapple.de[17.149.160.31] while receiving the initial server greeting) Now the strange thing. There is no mx record for apple.de: root@mx-50:~# host -t mx apple.de apple.de has no MX record So how could postfix determine the mxer for this Domain? Apparently postfix uses the a records: root@mx-50:~# host -t a apple.de apple.de has address 17.178.96.17 apple.de has address 17.149.160.31 apple.de has address 17.172.224.31 Why? these Feature is off by Default and not activated on my mailserver: root@mx-50:~# postconf -d | grep ignore_mx_lookup_error ignore_mx_lookup_error = no root@mx-50:~# postconf -n | grep ignore_mx_lookup_error root@mx-50:~# [no Output] How can i turn this off? This is how it *should* work; it is not unexpected, but *expected* behaviour. You cannot turn it off, as it is part of standards and all that. As for 'ignore_mx_lookup_error', I suggest you read the documentation again; http://www.postfix.org/postconf.5.html#ignore_mx_lookup_error If this happens a lot and fills up your queue, you could set up a 'check_recipient_access' restriction in the right place, and maintain a list of problem domains. We do this for common misspellings like 'homail.com', 'otmail.com', for example. Mvg, Joni
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
Make sure you understand address classes. We are not a virtual mailbox domain, we are a virtual alias domain because we use UNIX accounts for the few mailboxes we have, and alias several other addresses to them. Here is the definition of a virtual alias domain straight from the manual: The virtual alias domain class. Purpose: hosted domains where each recipient address is aliased to a local UNIX system account or to a remote address. A virtual alias example is given in the VIRTUAL_README file. Domain names are listed in virtual_alias_domains. The default value is $virtual_alias_maps for Postfix 1.1 compatibility. Valid recipient addresses are listed with the virtual_alias_maps parameter. The Postfix SMTP server rejects invalid recipients with User unknown in virtual alias table. The default value is $virtual_maps for Postfix 1.1 compatibility. There is no mail delivery transport parameter. Every address must be aliased to some other address. Apparently this is a virtual mailbox domain. Valid users must be listed in virtual_mailbox_maps. Domain rewrite wildcards will break recipient validation. Again, it is not a virtual mailbox domain, and there are no wildcards used anywhere I am aware of. I don't see anywhere that document recommends setting local_recipient_maps = $virtual_alias_maps. That looks like a hack someone dreamed up for covering broken address classes. Because we are a virtual alias domain, this is where our users are all listed.
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/15/2013 4:02 AM, Chad Elliott wrote: Make sure you understand address classes. We are not a virtual mailbox domain, we are a virtual alias domain because we use UNIX accounts for the few mailboxes we have, and alias several other addresses to them. Your setup is badly broken. The example log entry you showed earlier of an invalid address bouncing showed postfix trying to deliver the message with the virtual delivery agent. This happens when postfix thinks the domain is a virtual mailbox domain. - Make sure each domain is listed in only one address class - Use the documented method for listing valid recipients in each address class. This does not include local_recipient_maps = $virtual_alias_maps. - Remove any domain1 - domain2 rewrites. -- Noel Jones
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
Eureka! I have changed the following in main.cf: virtual_mailbox_domains = hash:/etc/postfix/mydomains SHOULD BE virtual_alias_domains = hash:/etc/postfix/mydomains Many thanks to Noel Jones for pointing out that postfix thought we were a virtual mailbox domain, and to everyone who chimed in on this issue. Chad Elliott. On Tue, Oct 15, 2013 at 6:54 AM, Noel Jones njo...@megan.vbhcs.org wrote: On 10/15/2013 4:02 AM, Chad Elliott wrote: Make sure you understand address classes. We are not a virtual mailbox domain, we are a virtual alias domain because we use UNIX accounts for the few mailboxes we have, and alias several other addresses to them. Your setup is badly broken. The example log entry you showed earlier of an invalid address bouncing showed postfix trying to deliver the message with the virtual delivery agent. This happens when postfix thinks the domain is a virtual mailbox domain. - Make sure each domain is listed in only one address class - Use the documented method for listing valid recipients in each address class. This does not include local_recipient_maps = $virtual_alias_maps. - Remove any domain1 - domain2 rewrites. -- Noel Jones
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/15/2013 4:02 AM, Chad Elliott wrote: Make sure you understand address classes. We are not a virtual mailbox domain, we are a virtual alias domain because we use UNIX accounts for the few mailboxes we have, ... Noel is correct. You're broken. And you are using virtual_mailbox_domains. Look at your postconf -n: ... virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains If I understand you correctly, you simply want additional aliases for your users, correct? To do that you use a *standard Postfix config* and simply add a virtual_alias_maps file. The left side are the virtual aliases. The right side are the UNIX account addresses (though they can be any valid email address): /etc/postfix/virtual walter_wh...@breakingbad.commrwh...@breakingbad.com jessie_pink...@breakingbad.com jes...@breakingbad.com gustavo_fr...@breakingbad.com g...@breakingbad.com That's it. It's that simple. Now, if you don't want to accept SMTP mail to the UNIX acct addresses, only the virtual aliases, simply put them in an access(5) table and have the following, in this order, in smtpd_recipient_restrictions ... check_recipient_access hash:/etc/postfix/shield_acct_names reject_unlisted_recipient ... /etc/postfix/shield_acct_names mrwh...@breakingbad.com jes...@breakingbad.com g...@breakingbad.com As long as your check is before virtual alias expansion this should work. Postfix should reject any mail to UNIX addresses, and any addresses not in /etc/aliases or /etc/postfix/virtual I've been using the first half of this setup for years so I know it works. I've not tested the 'UNIX address shielding', but it should work as well. -- Stan
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/15/2013 7:31 AM, Stan Hoeppner wrote: This should have read: /etc/postfix/shield_acct_names mrwh...@breakingbad.com REJECT unknown user jes...@breakingbad.com REJECT unknown user g...@breakingbad.comREJECT unknown user -- Stan
local_recipient_maps set up, yet postfix continues to send bounce messages
Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, yet it continues to send bounces. Here is the output of postconf -n: alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 debug_peer_list = XXX.XXX.XXX.XXX home_mailbox = Maildir/ html_directory = no inet_interfaces = all local_recipient_maps = $virtual_alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -f- -a $USER mailbox_size_limit = 25600 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 3d mydestination = localhost,$myhostname mynetworks = XXX.XXX.XXX.XXX/32, XXX.XXX.XXX.XXX/32 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_host_lookup = dns, native smtp_sasl_security_options = noplaintext smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_unlisted_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains There are no wildcards in virtual_alias_maps or alias_maps Thanks, Chad.
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
Logs? On 2013-10-14 4:00 PM, Chad Elliott waypostsoftw...@gmail.com wrote: Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, yet it continues to send bounces. Here is the output of postconf -n: alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 debug_peer_list = XXX.XXX.XXX.XXX home_mailbox = Maildir/ html_directory = no inet_interfaces = all local_recipient_maps = $virtual_alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -f- -a $USER mailbox_size_limit = 25600 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 3d mydestination = localhost,$myhostname mynetworks = XXX.XXX.XXX.XXX/32, XXX.XXX.XXX.XXX/32 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_host_lookup = dns, native smtp_sasl_security_options = noplaintext smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_unlisted_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains There are no wildcards in virtual_alias_maps or alias_maps Thanks, Chad. -- Best regards, */Charles Marcus/* I.T. Director Media Brokers International, Inc. *678.514.6224 | 678.514.6299 fax*
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
Such a busy server, it's tough to get just the right snippet, let me know if anything seems missing here. Oct 14 12:44:46 mail postfix/smtpd[2527]: mail.senderdomain.org[173.255.XXX.XXX7]: rcpt to:lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: extract_addr: input: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: smtpd_check_addr: addr= lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: ctable_locate: purge entry key z04...@.com Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr request = rewrite Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr rule = local Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr address = lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: 0 Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: address Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: address Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: (list terminator) Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: (end) Oct 14 12:44:46 mail postfix/smtpd[2527]: rewrite_clnt: local: lksjdflkajsflkas...@mycompany.com - lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr request = resolve Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr sender = Oct 14 12:44:46 mail postfix/smtpd[2527]: send attr address = lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: 0 Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: transport Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: transport Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: virtual Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: nexthop Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: nexthop Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: recipient Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: recipient Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: flags Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute value: 1024 Oct 14 12:44:46 mail postfix/smtpd[2527]: private/rewrite socket: wanted attribute: (list terminator) Oct 14 12:44:46 mail postfix/smtpd[2527]: input attribute name: (end) Oct 14 12:44:46 mail postfix/smtpd[2527]: resolve_clnt: `' - ` lksjdflkajsflkas...@mycompany.com' - transp=`virtual' host=`mycompany.com' rcpt=`lksjdflkajsflkas...@mycompany.com' flags= class=virtual Oct 14 12:44:46 mail postfix/smtpd[2527]: ctable_locate: install entry key lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: extract_addr: in: lksjdflkajsflkas...@mycompany.com, result: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: START Recipient address RESTRICTIONS Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=permit_sasl_authenticated Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=permit_sasl_authenticated status=0 Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=permit_mynetworks Oct 14 12:44:46 mail postfix/smtpd[2527]: permit_mynetworks: mail.senderdomain.org 173.255.XXX.XXX7 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_hostname: mail.senderdomain.org ~? 67.192.XXX.XXX/32 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_hostaddr: 173.255.XXX.XXX7 ~? 67.192.XXX.XXX/32 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_hostname: mail.senderdomain.org ~? 127.0.0.0/8 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_hostaddr: 173.255.XXX.XXX7 ~? 127.0.0.0/8 Oct 14 12:44:46 mail postfix/smtpd[2527]: match_list_match: mail.senderdomain.org: no match Oct 14 12:44:46 mail postfix/smtpd[2527]: match_list_match: 173.255.XXX.XXX7: no match Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=permit_mynetworks status=0 Oct 14 12:44:46 mail postfix/smtpd[2527]: generic_checks: name=reject_unauth_destination Oct 14 12:44:46 mail postfix/smtpd[2527]: reject_unauth_destination: lksjdflkajsflkas...@mycompany.com Oct 14 12:44:46 mail postfix/smtpd[2527]: permit_auth_destination: lksjdflkajsflkas...@mycompany.com Oct 14
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/14/2013 3:00 PM, Chad Elliott wrote: Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, yet it continues to send bounces. Here is the output of postconf -n: Without context, we can't provide much help. - what instructions did you follow? - what is being bounced? - what address class (local, virtual-alias, virtual-mailbox, ...) is bouncing? - NON VERBOSE logs demonstrating the problem? -- Noel Jones alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 debug_peer_list = XXX.XXX.XXX.XXX home_mailbox = Maildir/ html_directory = no inet_interfaces = all local_recipient_maps = $virtual_alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -f- -a $USER mailbox_size_limit = 25600 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 3d mydestination = localhost,$myhostname mynetworks = XXX.XXX.XXX.XXX/32, XXX.XXX.XXX.XXX/32 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_host_lookup = dns, native smtp_sasl_security_options = noplaintext smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_unlisted_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains There are no wildcards in virtual_alias_maps or alias_maps Thanks, Chad.
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
Without context, we can't provide much help. - what instructions did you follow? I set up local_recipient_maps = $virtual_alias_maps and unknown_local_recipient_reject_code = 550 per instructions located here: http://www.postfix.org/BACKSCATTER_README.html - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) - what address class (local, virtual-alias, virtual-mailbox, ...) is bouncing? virtual-alias - NON VERBOSE logs demonstrating the problem? Oct 14 13:37:37 mail postfix/smtpd[17348]: A887A1A084D7: client=mail-ie0-f180.google.com[209.85.223.180] Oct 14 13:37:37 mail postfix/cleanup[21208]: A887A1A084D7: message-id=CAAa=gco6hrafjx9bdu+w47rk+k7qjlfr+xc9ojav1arka1k...@mail.gmail.com Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: from=mypersonalem...@gmail.com, size=1490, nrcpt=1 (queue active) Oct 14 13:37:37 mail postfix/virtual[20895]: A887A1A084D7: to=testboun...@myserver.com, relay=virtual, delay=0.09, delays=0.09/0/0/0, dsn=5.1.1, status=bounced (unknown user: testboun...@myserver.com) Oct 14 13:37:37 mail postfix/bounce[21056]: A887A1A084D7: sender non-delivery notification: B87541A084D9 Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: removed On Mon, Oct 14, 2013 at 4:24 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 10/14/2013 3:00 PM, Chad Elliott wrote: Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, yet it continues to send bounces. Here is the output of postconf -n: Without context, we can't provide much help. - what instructions did you follow? - what is being bounced? - what address class (local, virtual-alias, virtual-mailbox, ...) is bouncing? - NON VERBOSE logs demonstrating the problem? -- Noel Jones
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 2013-10-14 4:41 PM, Chad Elliott waypostsoftw...@gmail.com wrote: - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) This is the DESIRED result... what is the problem? -- Best regards, */Charles /*
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 2013-10-14 4:00 PM, Chad Elliott waypostsoftw...@gmail.com wrote: Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, and On 2013-10-14 4:41 PM, Chad Elliott waypostsoftw...@gmail.com wrote: - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) This is NOT 'backscatter'... Methinks you have some reading to do... -- Best regards, */Charles/*
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 2013-10-14 4:54 PM, Charles Marcus cmar...@media-brokers.com wrote: On 2013-10-14 4:00 PM, Chad Elliott waypostsoftw...@gmail.com wrote: Sorry if this question gets asked too often, but I followed the instructions to stop backscatter email from my server, and On 2013-10-14 4:41 PM, Chad Elliott waypostsoftw...@gmail.com wrote: - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) This is NOT 'backscatter'... Methinks you have some reading to do... Sorry, I misread the logs, I guess it is in fact bounced instead of rejected...
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 2013-10-14 4:00 PM, Chad Elliott waypostsoftw...@gmail.com wrote: virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains There are no wildcards in virtual_alias_maps or alias_maps Tests against your maps? What do postmap -q myserver.com hash:/etc/postfix/mydomains postmap -q inva...@myserver.com hash:/etc/postfix/virtual postmap -q va...@myserver.com hash:/etc/postfix/virtual return? -- Best regards, */Charles/***
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On Mon, Oct 14, 2013 at 5:27 PM, Charles Marcus cmar...@media-brokers.com wrote: On 2013-10-14 4:00 PM, Chad Elliott waypostsoftw...@gmail.com wrote: virtual_alias_maps = hash:/etc/postfix/virtual virtual_mailbox_base = /var/spool/mail virtual_mailbox_domains = hash:/etc/postfix/mydomains There are no wildcards in virtual_alias_maps or alias_maps Tests against your maps? What do postmap -q myserver.com hash:/etc/postfix/mydomains response was: OK postmap -q inva...@myserver.com hash:/etc/postfix/virtual No Response, just a blank line postmap -q va...@myserver.com hash:/etc/postfix/virtual This responded with the alias that the email address was mapped to, in this case INFO return? -- Best regards, Charles
Re: local_recipient_maps set up, yet postfix continues to send bounce messages
On 10/14/2013 3:41 PM, Chad Elliott wrote: Without context, we can't provide much help. - what instructions did you follow? I set up local_recipient_maps = $virtual_alias_maps and unknown_local_recipient_reject_code = 550 per instructions located here: http://www.postfix.org/BACKSCATTER_README.html I don't see anywhere that document recommends setting local_recipient_maps = $virtual_alias_maps. That looks like a hack someone dreamed up for covering broken address classes. Anyway, this won't have any effect for a virtual_mailbox_domain, which is what it appears you're using. - what is being bounced? mail sent to non-existent aliases/users (not in virtual_alias_maps) - what address class (local, virtual-alias, virtual-mailbox, ...) is bouncing? virtual-alias Make sure you understand address classes. http://www.postfix.org/ADDRESS_CLASS_README.html Each domain postfix is responsible for must be listed in *only one* address class, one of: - local addresses, domain listed in mydestination, valid recipients listed in local_recipient_maps - domains relayed elsewhere for final delivery, domains listed in relay_domains, valid recipients listed in relay_recipient_maps. - virtual alias domains, domain listed in virtual_alias_domains, valid recipients listed in virtual_alias_maps (and must be aliased to another domain). - virtual mailbox, domains listed in virtual_mailbox_domains, valid users listed in virtual_mailbox_maps Usually people break recipient validation by using @domain @domain rewriting in virtual_alias_maps or in canonical maps. Don't do that. - NON VERBOSE logs demonstrating the problem? Oct 14 13:37:37 mail postfix/smtpd[17348]: A887A1A084D7: client=mail-ie0-f180.google.com[209.85.223.180] Oct 14 13:37:37 mail postfix/cleanup[21208]: A887A1A084D7: message-id=CAAa=gco6hrafjx9bdu+w47rk+k7qjlfr+xc9ojav1arka1k...@mail.gmail.com Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: from=mypersonalem...@gmail.com, size=1490, nrcpt=1 (queue active) Oct 14 13:37:37 mail postfix/virtual[20895]: A887A1A084D7: to=testboun...@myserver.com, relay=virtual, delay=0.09, delays=0.09/0/0/0, dsn=5.1.1, status=bounced (unknown user: testboun...@myserver.com) Apparently this is a virtual mailbox domain. Valid users must be listed in virtual_mailbox_maps. Domain rewrite wildcards will break recipient validation. Oct 14 13:37:37 mail postfix/bounce[21056]: A887A1A084D7: sender non-delivery notification: B87541A084D9 Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: removed -- Noel Jones
Is postfix misconfiguration to send to wrong domain?
I am concerned a configuration that has been unchanged for a few years may have an error that is now showing up as a problem. I received this email that is a non-delivery notice sent to us ( postmas...@cnm.edu) that a non-delivery notice our gateway sent could not be delivered: From: postmas...@ors-cpa.com To: postmas...@cnm.edu Subject: Undeliverable: lech Sent: Thu 4/11/2013 5:18 AM Generating server: orscpa.local smashab...@ors-cpa.com # #5.1.1 smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found #SMTP# Original message headers: Received: from server45.appriver.com (69.20.58.226) by rm.ors-cpa.com (10.10.10.2) with Microsoft SMTP Server id 14.2.342.3; Thu, 11 Apr 2013 07:15:26 -0400 Received: from [10.238.9.54] (HELO inbound.appriver.com) by server45.appriver.com (CommuniGate Pro SMTP 5.3.12) with ESMTP id 2123501502 for smashab...@ors-cpa.com; Thu, 11 Apr 2013 07:15:26 -0400 X-Note-AR-ScanTimeLocal: 4/11/2013 7:15:26 AM X-Note-AR-Scan: None - PIPE Received: by inbound.appriver.com (CommuniGate Pro PIPE 5.4.1) with PIPE id 412972783; Thu, 11 Apr 2013 07:15:26 -0400 Received: from mg04.cnm.edu ([198.133.182.64] verified) by inbound.appriver.com (CommuniGate Pro SMTP 5.4.1) with ESMTP id 412972755 for smashab...@ors-cpa.com; Thu, 11 Apr 2013 07:15:24 -0400 Received: by mg04.cnm.edu (Postfix)id 08002661BF9; Thu, 11 Apr 2013 05:15:24 -0600 (MDT) Date: Thu, 11 Apr 2013 05:15:24 -0600 From: Mail Delivery System mailer-dae...@cnm.edu Subject: Undelivered Mail Returned to Sender To: smashab...@ors-cpa.com Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary=152B0661BC5.1365678924/mg04.cnm.edu Message-ID: 2013041524.08002661...@mg04.cnm.edu X-Note-AR-ScanTimeLocal: 4/11/2013 7:15:24 AM X-Policy: ors-cpa.com X-Primary: smashab...@ors-cpa.com X-Note: This Email was scanned by AppRiver SecureTide X-Virus-Scan: V-X0M0 X-Note-SnifferID: 0 X-Note: TCH-CT/SI:0-132/SG:6 4/11/2013 7:15:00 AM X-GBUdb-Analysis: 0, 198.133.182.64, Ugly c=0 p=0 Source New X-Signature-Violations: 0-0-0-6732-c X-Note-419: 31.2498 ms. Fail:0 Chk:1344 of 1344 total X-Note: SCH-CT/SI:0-1344/SG:1 4/11/2013 7:15:22 AM X-Warn: BOUNCEBLOCK Contains questionable phrase X-Warn: RETURNPATH No Return Path Listed. X-Warn: WEIGHT10 X-Warn: WEIGHT15 X-Note: Spam Tests Failed: BOUNCEBLOCK, RETURNPATH, WEIGHT10, WEIGHT15 X-Country-Path: -UNITED STATES-UNITED STATES X-Note-Sending-IP: 198.133.182.64 X-Note-Reverse-DNS: mail.cnm.edu X-Note-Return-Path: X-Note: User Rule Hits: X-Note: Global Rule Hits: G319 G320 G321 G322 G326 G327 G373 G415 G426 G427 G434 X-Note: Encrypt Rule Hits: X-Note: Mail Class: VALID Return-Path: mailer-dae...@cnm.edu These are the logfile lines for the email we initially could not deliver: Apr 11 05:15:11 mg04 postfix/smtpd[29756]: connect from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39] Apr 11 05:15:11 mg04 postfix/smtpd[29756]: 701E1661BFF: client= adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39] Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF: hold: header Received: from adsl-070-154-182-039.sip.msy.bellsouth.net ( adsl-070-154-182-039.sip.msy.bellsouth.net [70.154.182.39])??by mg04.cnm.edu(Postfix) with ESMTP id 701E1661BFF??for mmoo...@cnm.edu; Thu, from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39]; from=smashab...@ors-cpa.com to=mmoo...@cnm.edu proto=ESMTP helo= adsl-070-154-182-039.sip.msy.bellsouth.net Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF: message-id=D1C2B329466F437A91BBF89D82BB759E@postmail2 Apr 11 05:15:11 mg04 postfix/cleanup[28238]: 701E1661BFF: warning: header Subject: lech from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39]; from=smashab...@ors-cpa.com to=mmoo...@cnm.edu proto=ESMTP helo= adsl-070-154-182-039.sip.msy.bellsouth.net Apr 11 05:15:11 mg04 postfix/smtpd[29756]: disconnect from adsl-070-154-182-039.sip.msy.bellsouth.net[70.154.182.39] Apr 11 05:15:12 mg04 MailScanner[16316]: Message 701E1661BFF.5998D from 70.154.182.39 (smashab...@ors-cpa.com) to cnm.edu is spam, SpamAssassin (not cached, score=9.628, required 6, autolearn=disabled, DATE_IN_PAST_06_12 1.85, FH_HELO_EQ_D_D_D_D 0.50, HELO_DYNAMIC_DHCP 1.52, HELO_DYNAMIC_IPADDR 2.94, RDNS_DYNAMIC 0.10, STOX_REPLY_TYPE 0.00, TVD_FINGER_02 2.72) Apr 11 05:15:15 mg04 MailScanner[16316]: Spam Actions: message 701E1661BFF.5998D actions are deliver,header Apr 11 05:15:20 mg04 MailScanner[16316]: Requeue: 701E1661BFF.5998D to 152B0661BC5 Apr 11 05:15:20 mg04 postfix/qmgr[25178]: 152B0661BC5: from= smashab...@ors-cpa.com, size=1112, nrcpt=1 (queue active) Apr 11 05:15:23 mg04 postfix/smtp[28222]: 152B0661BC5: to= mmoo...@cnm.edu.test-google-a.com, orig_to=mmoo...@cnm.edu, relay= gmail-smtp-in.l.google.com[173.194.76.26]:25, delay=13, delays=9.3/0/0.22/3.2, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[173.194.76.26] said: 550-5.1.1 The email account that you tried to reach does not
Re: Is postfix misconfiguration to send to wrong domain?
Hi, And these are the logfile lines for our sending of the non-delivery notice we sent. One item in these log lines I do not understand at all is relay=server50.appriver.com http://server50.appriver.com[204.232.236.138]:25. I do not understand where were that information is sourced. It looks to me that we sent the non-delivery to a wrong location. No, that is correct. Source of that routing information is the MX record for the target domain: # host -t mx ors-cpa.com ors-cpa.com mail is handled by 10 server50.appriver.com. ors-cpa.com mail is handled by 20 server51.appriver.com.
Re: Is postfix misconfiguration to send to wrong domain?
That was a fast response Jan. Thanks. Is the overall situation suggestive of any misconfiguration here? On Thu, Apr 11, 2013 at 1:22 PM, Jan P. Kessler post...@jpkessler.infowrote: Hi, And these are the logfile lines for our sending of the non-delivery notice we sent. One item in these log lines I do not understand at all is relay=server50.appriver.com[204.232.236.138]:25. I do not understand where were that information is sourced. It looks to me that we sent the non-delivery to a wrong location. No, that is correct. Source of that routing information is the MX record for the target domain: # host -t mx ors-cpa.com ors-cpa.com mail is handled by 10 server50.appriver.com. ors-cpa.com mail is handled by 20 server51.appriver.com. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
Re: Is postfix misconfiguration to send to wrong domain?
On 4/11/2013 2:42 PM, Robert Lopez wrote: That was a fast response Jan. Thanks. Is the overall situation suggestive of any misconfiguration here? [please don't top-post] It appears you're generating a bounce for spam. Don't do that; the spam sender address is often forged causing your notice to go to some innocent third party. This makes you a backscatter source. As a backscatter source, your queue can become clogged with undeliverable bounces and your server may be blacklisted by others. With an after queue content filter, the only valid choice you have is to tag and deliver the message (or in some cases, discard it, but that's not legal some places and not good practice everywhere else). -- Noel Jones On Thu, Apr 11, 2013 at 1:22 PM, Jan P. Kessler post...@jpkessler.info mailto:post...@jpkessler.info wrote: Hi, And these are the logfile lines for our sending of the non-delivery notice we sent. One item in these log lines I do not understand at all is relay=server50.appriver.com http://server50.appriver.com[204.232.236.138]:25. I do not understand where were that information is sourced. It looks to me that we sent the non-delivery to a wrong location. No, that is correct. Source of that routing information is the MX record for the target domain: # host -t mx ors-cpa.com http://ors-cpa.com ors-cpa.com http://ors-cpa.com mail is handled by 10 server50.appriver.com http://server50.appriver.com. ors-cpa.com http://ors-cpa.com mail is handled by 20 server51.appriver.com http://server51.appriver.com. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
Re: Is postfix misconfiguration to send to wrong domain?
On Thu, Apr 11, 2013 at 2:23 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 4/11/2013 2:42 PM, Robert Lopez wrote: That was a fast response Jan. Thanks. Is the overall situation suggestive of any misconfiguration here? [please don't top-post] It appears you're generating a bounce for spam. Don't do that; the spam sender address is often forged causing your notice to go to some innocent third party. This makes you a backscatter source. As a backscatter source, your queue can become clogged with undeliverable bounces and your server may be blacklisted by others. With an after queue content filter, the only valid choice you have is to tag and deliver the message (or in some cases, discard it, but that's not legal some places and not good practice everywhere else). -- Noel Jones On Thu, Apr 11, 2013 at 1:22 PM, Jan P. Kessler post...@jpkessler.info mailto:post...@jpkessler.info wrote: Hi, And these are the logfile lines for our sending of the non-delivery notice we sent. One item in these log lines I do not understand at all is relay=server50.appriver.com http://server50.appriver.com[204.232.236.138]:25. I do not understand where were that information is sourced. It looks to me that we sent the non-delivery to a wrong location. No, that is correct. Source of that routing information is the MX record for the target domain: # host -t mx ors-cpa.com http://ors-cpa.com ors-cpa.com http://ors-cpa.com mail is handled by 10 server50.appriver.com http://server50.appriver.com. ors-cpa.com http://ors-cpa.com mail is handled by 20 server51.appriver.com http://server51.appriver.com. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 Is postscreen able to identify email as spam to prevent bouncing it? Is there a way to alter my postfix configuration to prevent bouncing it? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
Re: Is postfix misconfiguration to send to wrong domain?
Is postscreen able to identify email as spam to prevent bouncing it? Is there a way to alter my postfix configuration to prevent bouncing it? This is not a matter of 'spam detection'. You have to verify for valid (means existing) recipients *before* you accept mail. Look for reject_unlisted_recipient or reject_unverified_recipients in the postfix docs.
Re: Is postfix misconfiguration to send to wrong domain?
Robert Lopez: Is postscreen able to identify email as spam to prevent bouncing it? Is there a way to alter my postfix configuration to prevent bouncing it? Both postscreen and a before-queue content filter block mail before it is allowed into the Postfix queue. Postfix will therefore not return such mail to the (usually) forged sender. http://www.postfix.org/SMTPD_PROXY_README.html Wietse
Re: Is postfix misconfiguration to send to wrong domain?
Is postscreen able to identify email as spam to prevent bouncing it? Is there a way to alter my postfix configuration to prevent bouncing it? This is not a matter of 'spam detection'. You have to verify for valid (means existing) recipients *before* you accept mail. Look for reject_unlisted_recipient or reject_unverified_recipients in the postfix docs. To be more precise: - verify your recipients - do not reject mails by content filters (as said: use prequeue filters or tag spam mails) - and most important: do not rewrite recipients to non existing third-party accounts (here: google)! Apr 11 05:15:23 mg04 postfix/smtp[28222]: 152B0661BC5: to=mmoo...@cnm.edu.test-google-a.com mailto:mmoo...@cnm.edu.test-google-a.com, orig_to=mmoo...@cnm.edu mailto:mmoo...@cnm.edu, relay=gmail-smtp-in.l.google.com http://gmail-smtp-in.l.google.com[173.194.76.26]:25, delay=13, delays=9.3/0/0.22/3.2, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com http://gmail-smtp-in.l.google.com[173.194.76.26] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 j8si3846254qaz.28 - gsmtp (in reply to RCPT TO command))
Re: Is postfix misconfiguration to send to wrong domain?
On Apr 11, 2013, at 15:56, Jan P. Kessler post...@jpkessler.info wrote: do not reject mails by content filters (as said: use prequeue filters or tag spam mails) to be clear, do not bounce emails based on content filters AFTER the SMTP transaction. You can certainly reject email based on any criteria you wish during the SMTP phase. In fact, anymore, bouncing mail at all is more trouble than it is worth. Any criteria that would cause an email to bounce should be checked before the SMTP phase closes and cause a reject instead.
Re: Postfix unable to send email for specific domain
kshitij mali: I have postfix chroot i think [master.cf] Indeed. Both smtpd (server) and smtp (client) are chrooted. Your current problem is with the client. You may run into other problems with the server. but i want to know that the problem is with the resolution and sending email to specfic domain what its relate to chroot config ? Please follow my instructions. If the problem disappears, complain to your Postfix distributor for providing you with broken software. Wietse
Re: Postfix unable to send email for specific domain
kshitij mali: Feb 20 00:54:17 D1OKH680RL postfix/smtp[4993]: 390077605C3: to= xxx...@lcit.com teera...@mitsubishielevatorasia.co.th, relay=none, delay=13164, delays=13144/0/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=lcit.com type=MX: Host not found, try again) Does this help? http://www.postfix.org/DEBUG_README.html#no_chroot Be sure to un-chroot SMTP not SMTPD. Then, complain to your distribution's Postfix maintainer for shipping a broken Postfix. Wietse
My postfix server sometimes send command less than 4 alphabets
Hi, I'm stuck into a problem. I'm using content filter, which parses email from my postfix server. My postfix server sometimes sends a command which is less than 4 alphabets. I don't know what to do for that command, as I don't know which command is that... Can anybody tell me, is there any command of less than 4 alphabets, postfix sends Thanks Regards, Sumit Arora IPG RD Hub, Gurgaon Hewlett-Packard India Software Operation Pvt. Ltd. Work: x19013 Cell: +91-9958181104
Re: My postfix server sometimes send command less than 4 alphabets
Arora, Sumit: Hi, I'm stuck into a problem. I'm using content filter, which parses email from my postfix server. My postfix server sometimes sends a command which is less than 4 alphabets. I don't know what to do for that command, as I don't know which command is that... Can anybody tell me, is there any command of less than 4 alphabets, postfix sends Please show evidence, and please describe how that evidence was obtained. Wietse
Re: My postfix server sometimes send command less than 4 alphabets
* Arora, Sumit sumit.ar...@hp.com: Hi, I'm stuck into a problem. I'm using content filter, which parses email from my postfix server. My postfix server sometimes sends a command which is less than 4 alphabets. http://en.wikipedia.org/wiki/Alphabet I don't know what to do for that command, as I don't know which command is that... Can anybody tell me, is there any command of less than 4 alphabets, postfix sends 4 letters. Hmm. EXPN, VRFY, HELO, EHLO, STARTTLS, ETRN,... Hm, I'd think the commands are 4 letters or more. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: My postfix server sometimes send command less than 4 alphabets
I'm using content filter, which parses email from my postfix server. My postfix server sometimes sends a command which is less than 4 alphabets. I don't know what to do for that command, as I don't know which command is that... Can anybody tell me, is there any command of less than 4 alphabets, postfix sends 4 letters. Hmm. EXPN, VRFY, HELO, EHLO, STARTTLS, ETRN,... Hm, I'd think the commands are 4 letters or more. Maybe a firewall bug: http://fanf.livejournal.com/102206.html Mark
