Loading ...
Sorry, an error occurred while loading the content.

292177Re: Trouble configuring backup MX to reject unauth destination

Expand Messages
  • Titanus Eramius
    Mar 25, 2013
    • 0 Attachment
      Fri, 22 Mar 2013 19:12:40 -0400 (EDT) skrev Wietse Venema
      <wietse@...>:

      > Test your lookups:
      >
      > postmap -q cogky.dk the-virtual_mailbox_domains-table
      > This should return a result (the value does not matter).

      aptget:~# postalias -q cogky.dk
      mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
      cogky.dk

      > postmap -q real-user@... the-virtual_mailbox_maps-table
      > This should return a result (the mailbox file name).

      aptget:~# postalias -q real-user@...
      mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
      cogky.dk/real-user/

      > postmap -q bogus-user@... the-virtual_mailbox_maps-table
      > This should return no result (Postfix treats this as "user unknown
      > in virtual mailbox table").

      And this does not return a result. Bash gives a error-status of 1.


      Sun, 24 Mar 2013 09:36:03 +0100 skrev mouss <mouss@...>:

      > one possible reason is that you configured a wildcard alias:
      > @... ==> @...
      > (that is anything to cogky maps to same address in aptget.dk).

      As far as I can see that should not be the case. All addresses and
      aliases in the database have a left hand side to it. Is there a way to
      test this?


      I'm using Dovecot 2 as LDA for final delivery and IMAP-services, so
      "virtual_transport" is set to "dovecot" in main.cf and the following
      lines are in master.cf:

      dovecot unix - n n - - pipe
      flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d
      ${recipient}


      When looking through the log, it looks like the "user unknown"
      response comes from Dovecot and not Postfix:

      Mar 25 13:43:53 aptget postfix/smtpd[24133]: connect from
      unknown[92.243.255.38]

      Mar 25 13:43:54 aptget postfix/smtpd[24133]:
      Anonymous TLS connection established from unknown[92.243.255.38]: TLSv1
      with cipher DHE-RSA-AES128-SHA (128/128 bits)

      Mar 25 13:43:54 aptget dovecot: auth-worker(24136): mysql(localhost):
      Connected to database postfix

      Mar 25 13:43:54 aptget postfix/smtpd[24133]: BB6AD371DDC4:
      client=unknown[92.243.255.38], sasl_method=LOGIN,
      sasl_username=HIDDEN_USER@...

      Mar 25 13:43:54 aptget postfix-policyd: connection from: 127.0.0.1
      port: 48937 slots: 0 of 4096 used

      Mar 25 13:43:54 aptget postfix-policyd: connecting to mysql database:
      localhost

      Mar 25 13:43:54 aptget postfix-policyd: connected..

      Mar 25 13:43:54 aptget postfix-policyd: rcpt=16, throttle=clear(a),
      host=92.243.255.38, from=titanus@..., to=unknown-user@...,
      size=365/26214400, quota=365/1800000000, count=1/125(10),
      rcpt=1/600(11), threshold=0%|0%|0%, sasl_username=HIDDEN_USER@...

      Mar 25 13:43:54 aptget postfix/cleanup[24138]: BB6AD371DDC4:
      message-id=<20130325134351.5c2e026f@...>

      Mar 25 13:43:54 aptget postfix/qmgr[23982]: BB6AD371DDC4:
      from=<titanus@...>, size=663, nrcpt=1 (queue active)

      Mar 25 13:43:55 aptget postfix/pipe[24140]: BB6AD371DDC4:
      to=<unknown-user@...>, relay=dovecot, delay=0.38,
      delays=0.26/0.03/0/0.09, dsn=5.1.1, status=bounced (user unknown)

      Mar 25 13:43:55 aptget postfix/cleanup[24138]: 16228371DE3E:
      message-id=<20130325124355.16228371DE3E@...>

      Mar 25 13:43:55 aptget postfix/bounce[24142]: BB6AD371DDC4: sender
      non-delivery notification: 16228371DE3E

      Mar 25 13:43:55 aptget postfix/qmgr[23982]: 16228371DE3E: from=<>,
      size=2673, nrcpt=1 (queue active)

      Mar 25 13:43:55 aptget postfix/qmgr[23982]: BB6AD371DDC4: removed

      Mar 25 13:43:55 aptget postfix/smtpd[24133]: disconnect from
      unknown[92.243.255.38]


      Thank you again for helping
      Titanus


      postconf -n
      alias_maps = hash:/etc/aliases

      bounce_template_file = /etc/postfix/bounce.cf

      broken_sasl_auth_clients = yes

      config_directory = /etc/postfix

      delay_warning_time = 4

      disable_vrfy_command = yes

      dovecot_destination_recipient_limit = 1

      inet_interfaces = 46.21.105.38

      local_recipient_maps = $virtual_mailbox_maps

      mailman_destination_recipient_limit = 1

      maximal_queue_lifetime = 15

      message_size_limit = 26214400

      mydestination = localhost

      mydomain = aptget.dk

      myhostname = aptget.aptget.dk

      mynetworks = 127.0.0.0/8

      postscreen_dnsbl_action = enforce
      postscreen_dnsbl_sites = truncate.gbudb.net*2 b.barracudacentral.org*1
      zen.spamhaus.org*1 bl.spamcop.net*1

      postscreen_dnsbl_threshold = 2

      postscreen_greet_action = enforce

      recipient_canonical_classes = envelope_recipient

      recipient_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf,
      tcp:127.0.0.1:10002

      sender_canonical_classes = envelope_sender

      sender_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf,
      tcp:127.0.0.1:10001

      smtp_tls_security_level = may

      smtp_tls_session_cache_database =
      btree:$data_directory/smtp_tls_session_cache

      smtpd_data_restrictions = reject_unauth_pipelining,
      reject_multi_recipient_bounce,

      smtpd_helo_required = yes

      smtpd_recipient_restrictions = reject_non_fqdn_sender,
      reject_non_fqdn_recipient, reject_unknown_sender_domain,
      reject_unknown_recipient_domain, reject_unauth_destination,

      smtpd_sasl_auth_enable = yes

      smtpd_sasl_exceptions_networks = $mynetworks

      smtpd_sasl_path = private/auth

      smtpd_sasl_security_options = noanonymous

      smtpd_sasl_type = dovecot

      smtpd_tls_ask_ccert = yes

      smtpd_tls_cert_file = /etc/ssl/self-signed/smtpd.crt

      smtpd_tls_key_file = /etc/ssl/self-signed/smtpd.key

      smtpd_tls_loglevel = 1

      smtpd_tls_received_header = yes

      smtpd_tls_security_level = may

      smtpd_tls_session_cache_database =
      btree:$data_directory/smtpd_tls_session_cache

      spamassassin_destination_recipient_limit = 1

      tls_random_source = dev:/dev/urandom

      transport_maps = hash:/etc/postfix/transport.cf

      virtual_alias_maps =
      proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf

      virtual_gid_maps = static:5000

      virtual_mailbox_base = /home/vmail

      virtual_mailbox_domains =
      proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf

      virtual_mailbox_maps =
      proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

      virtual_transport = dovecot

      virtual_uid_maps = static:5000
    • Show all 28 messages in this topic