Loading ...
Sorry, an error occurred while loading the content.

292184Re: Trouble configuring backup MX to reject unauth destination

Expand Messages
  • Titanus Eramius
    Mar 25, 2013
      Mon, 25 Mar 2013 11:30:41 -0400 (EDT) skrev Wietse Venema
      <wietse@...>:

      > Titanus Eramius:
      > > Fri, 22 Mar 2013 19:12:40 -0400 (EDT) skrev Wietse Venema
      > > <wietse@...>:
      > >
      > > > Test your lookups:
      > > >
      > > > postmap -q cogky.dk the-virtual_mailbox_domains-table
      > > > This should return a result (the value does not matter).
      > >
      > > aptget:~# postalias -q cogky.dk
      > > mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
      > > cogky.dk
      > >
      > > > postmap -q real-user@... the-virtual_mailbox_maps-table
      > > > This should return a result (the mailbox file name).
      > >
      > > aptget:~# postalias -q real-user@...
      > > mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
      > > cogky.dk/real-user/
      > >
      > > > postmap -q bogus-user@... the-virtual_mailbox_maps-table
      > > > This should return no result (Postfix treats this as "user unknown
      > > > in virtual mailbox table").
      > >
      > > And this does not return a result. Bash gives a error-status of 1.
      >
      > OK, the table is working as it should. Now let's find out
      > why the bogus recipient is accepted:
      >
      > Next step:
      >
      > - Connect to the public (not content re-injection) SMTP port and try
      >
      > $ telnet hostname 25
      > ehlo ...
      > mail from:<>
      > rcpt to:<real-user@...>
      > rcpt to:<bogus-user@...>
      > quit
      >
      > One recipient should be accepted, the other not.
      >
      > - Same experiment for mail over the submission port, if you have one:
      >
      > $ openssl s_client -starttls smtp -connect hostname:587
      > ehlo ...
      > mail from:<>
      > rcpt to:<real-user@...>
      > rcpt to:<bogus-user@...>
      > quit
      >
      > This is just in case.
      >
      > Wietse

      Both RCPT TOs are successful

      titanus@asrock:~$ telnet 46.21.105.38 25
      Trying 46.21.105.38...
      Connected to 46.21.105.38.
      Escape character is '^]'.
      220 aptget.aptget.dk ESMTP Postfix
      EHLO Hej
      250-aptget.aptget.dk
      250-PIPELINING
      250-SIZE 26214400
      250-ETRN
      250-STARTTLS
      250-AUTH PLAIN LOGIN
      250-AUTH=PLAIN LOGIN
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
      MAIL FROM:<>
      250 2.1.0 Ok
      RCPT TO:<real-user@...>
      250 2.1.5 Ok
      RCPT TO:<non-existent@...>
      250 2.1.5 Ok
      QUIT
      221 2.0.0 Bye
      Connection closed by foreign host.

      If non-existent@... is substituted with non-existent@...,
      then it is still rejected with "... unknown in virtual mailbox table".

      When trying with submission through telnet, I'm afraid I can't get the
      syntax right. But when using the mail client Claws Mail, Postfix
      accepts non-existent addresses for cogky.dk

      ...
      [17:51:52] ESMTP< 235 2.7.0 Authentication successful
      [17:51:52] ESMTP> MAIL FROM:<nicky@...> SIZE=371
      [17:51:52] SMTP< 250 2.1.0 Ok
      [17:51:52] SMTP> RCPT TO:<non-existent@...>
      [17:51:52] SMTP< 250 2.1.5 Ok
      ...

      Thank you, Titanus
    • Show all 28 messages in this topic