Loading ...
Sorry, an error occurred while loading the content.

283364Problem with rejecting mail to unknown users

Expand Messages
  • Martin Kruse Jensen
    Feb 1, 2012
    • 0 Attachment
      Hi.

      I'e got a problem I've been trying to solve for some time now, but I
      can't seem to get it to work. I'm running Postfix on FreeBSD with
      Maildrop delivery, SASL authentification and PostGreSQL backend. However
      I'm sending tons of backscatter because Postfix dosn't reject mail for
      unknown local recipients

      I've tried setting local_recipient_maps and
      unknown_local_recipient_reject_code = 550 - Nothing seems to help
      though... Anyone with some pointers as to where I should look for the error?

      # postconf -n

      alias_maps =
      broken_sasl_auth_clients = yes
      command_directory = /usr/local/sbin
      config_directory = /usr/local/etc/postfix
      content_filter = smtp-amavis:[127.0.0.1]:10026
      daemon_directory = /usr/local/libexec/postfix
      data_directory = /var/db/postfix
      debug_peer_level = 2
      html_directory = /usr/local/share/doc/postfix
      in_flow_delay = 0
      local_recipient_maps =
      proxy:pgsql:/usr/local/etc/postfix/local_recipient_maps
      mail_owner = postfix
      mailq_path = /usr/local/bin/mailq
      manpage_directory = /usr/local/man
      message_size_limit = 41943040
      mydestination =
      mynetworks = 10.10.10.0/24, 127.0.0.0/8
      newaliases_path = /usr/local/bin/newaliases
      proxy_interfaces = 194.255.69.21
      proxy_read_maps = $local_recipient_maps $mydestination
      $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
      $virtual_mailbox_domains $relay_recipient_maps $relay_domains
      $canonical_maps $sender_canonical_maps $recipient_canonical_maps
      $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
      $smtp_sasl_password_maps
      queue_directory = /var/spool/postfix
      readme_directory = /usr/local/share/doc/postfix
      relay_domains = proxy:pgsql:/usr/local/etc/postfix/relaydomainmap
      relay_recipient_maps = proxy:pgsql:/usr/local/etc/postfix/relayaliasmap
      sample_directory = /usr/local/etc/postfix
      sendmail_path = /usr/local/sbin/sendmail
      setgid_group = maildrop
      smtpd_recipient_restrictions = permit_sasl_authenticated,
      permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_local_domain = pixelpoint.dk
      smtpd_sasl_path = smtpd
      smtpd_sender_login_maps = proxy:pgsql:/usr/local/etc/postfix/saslmap
      smtpd_tls_auth_only = no
      smtpd_tls_cert_file = /usr/local/share/courier-imap/imapd.pem
      smtpd_tls_key_file = /usr/local/share/courier-imap/imapd.pem
      smtpd_tls_loglevel = 1
      smtpd_tls_received_header = yes
      smtpd_use_tls = yes
      transport_maps = proxy:pgsql:/usr/local/etc/postfix/mxmap
      unknown_local_recipient_reject_code = 550
      virtual_alias_maps = proxy:pgsql:/usr/local/etc/postfix/aliasmap
      virtual_mailbox_domains = proxy:pgsql:/usr/local/etc/postfix/domainmap
      virtual_transport = maildrop

      master.cf:
      #
      # Postfix master process configuration file. For details on the format
      # of the file, see the master(5) manual page (command: "man 5 master").
      #
      # ==========================================================================
      # service type private unpriv chroot wakeup maxproc command + args
      # (yes) (yes) (yes) (never) (100)
      # ==========================================================================
      smtp inet n - n - - smtpd
      -o content_filter=smtp-amavis:[127.0.0.1]:10024
      -o smtp_send_xforward_command=yes
      submission inet n - n - - smtpd
      # -o smtpd_enforce_tls=yes
      -o smtpd_etrn_restrictions=reject
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o content_filter=smtp-amavis:[127.0.0.1]:10026
      #smtps inet n - n - - smtpd
      # -o smtpd_tls_wrappermode=yes
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      #628 inet n - n - - qmqpd
      pickup fifo n - n 60 1 pickup
      cleanup unix n - n - 0 cleanup
      qmgr fifo n - n 300 1 qmgr
      #qmgr fifo n - n 300 1 oqmgr
      tlsmgr unix - - n 1000? 1 tlsmgr
      rewrite unix - - n - - trivial-rewrite
      bounce unix - - n - 0 bounce
      defer unix - - n - 0 bounce
      trace unix - - n - 0 bounce
      verify unix - - n - 1 verify
      flush unix n - n 1000? 0 flush
      proxymap unix - - n - - proxymap
      smtp unix - - n - - smtp
      # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
      relay unix - - n - - smtp
      -o fallback_relay=
      # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      showq unix n - n - - showq
      error unix - - n - - error
      retry unix - - n - - error
      discard unix - - n - - discard
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - n - - lmtp
      anvil unix - - n - 1 anvil
      scache unix - - n - 1 scache
      #
      # ====================================================================
      # Interfaces to non-Postfix software. Be sure to examine the manual
      # pages of the non-Postfix software to find out what options it wants.
      #
      # Many of the following services use the Postfix pipe(8) delivery
      # agent. See the pipe(8) man page for information about ${recipient}
      # and other message envelope options.
      # ====================================================================
      #
      # maildrop. See the Postfix MAILDROP_README file for details.
      # Also specify in main.cf: maildrop_destination_recipient_limit=1
      #
      maildrop unix - n n - - pipe
      flags=DRhu user=courier:courier argv=/usr/local/bin/maildrop -w 90 -d
      ${recipient}
      #
      # ====================================================================
      #
      # The Cyrus deliver program has changed incompatibly, multiple times.
      #
      #old-cyrus unix - n n - - pipe
      # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
      #
      # ====================================================================
      #
      # Cyrus 2.1.5 (Amos Gouaux)
      # Also specify in main.cf: cyrus_destination_recipient_limit=1
      #
      #cyrus unix - n n - - pipe
      # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
      ${user}
      #
      # ====================================================================
      #
      # See the Postfix UUCP_README file for configuration details.
      #
      #uucp unix - n n - - pipe
      # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
      ($recipient)
      #
      # ====================================================================
      #
      # Other external delivery methods.
      #
      #ifmail unix - n n - - pipe
      # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      #
      #bsmtp unix - n n - - pipe
      # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop
      $recipient
      #
      #scalemail-backend unix - n n - 2 pipe
      # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
      # ${nexthop} ${user} ${extension}
      #
      #mailman unix - n n - - pipe
      # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      # ${nexthop} ${user}

      #start virusscan
      smtp-amavis unix - - n - - smtp
      -o smtp_data_done_timeout=1200
      -o disable_dns_lookups=yes

      127.0.0.1:10025 inet n - n - - smtpd
      -o content_filter=
      -o local_recipient_maps=
      -o smtpd_helo_restrictions=
      -o smtpd_client_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o mynetworks=127.0.0.0/8
      # -o virtual_alias_maps = proxy:pgsql:/usr/local/etc/postfix/aliasmap
      #end virusscan
      proxywrite unix - - n - 1 proxymap
      #smtp inet n - n - 1 postscreen
      #smtpd pass - - n - - smtpd
      #dnsblog unix - - n - 0 dnsblog
      #tlsproxy unix - - n - 0 tlsproxy

      --
      Best regards
      Martin Kruse Jensen
    • Show all 5 messages in this topic