Loading ...
Sorry, an error occurred while loading the content.

Invalid address and bounce from Exchange

Expand Messages
  • Eray Aslan
    Hello, Postfix acts as a relay for our internal exchange server. The following message generates a bounce from exchange. Shouldn t reject_non_fqdn_sender
    Message 1 of 12 , Jan 31, 2007
    • 0 Attachment
      Hello,

      Postfix acts as a relay for our internal exchange server. The following
      message generates a bounce from exchange. Shouldn't
      reject_non_fqdn_sender catch these addresses?

      mail ~ # zgrep 503242E4DC /var/log/mail.log.1.gz
      Jan 29 16:50:46 mail postfix/smtpd[30273]: 503242E4DC:
      client=unknown[201.76.232.39]
      Jan 29 16:50:47 mail postfix/cleanup[30290]: 503242E4DC:
      message-id=<1d9701c743b4$034438c1$27e84cc9@kawanna>
      Jan 29 16:50:50 mail postfix/qmgr[7027]: 503242E4DC: from=<@...>,
      size=7570, nrcpt=1 (queue active)
      Jan 29 16:50:58 mail postfix/smtp[30291]: 503242E4DC:
      to=<user2@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=13,
      delays=5.1/0/0.01/7.6, dsn=2.6.0, status=sent (250 2.6.0 Ok,
      id=29009-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
      E85E09148D)
      Jan 29 16:50:58 mail postfix/qmgr[7027]: 503242E4DC: removed


      And the subsequent bounce:

      mail ~ # zgrep E85E09148D /var/log/mail.log.1.gz
      Jan 29 16:50:57 mail postfix/smtpd[30295]: E85E09148D:
      client=mail.caf.com.tr[127.0.0.1]
      Jan 29 16:50:58 mail postfix/cleanup[30290]: E85E09148D:
      message-id=<1d9701c743b4$034438c1$27e84cc9@kawanna>
      Jan 29 16:50:58 mail postfix/qmgr[7027]: E85E09148D: from=<@...>,
      size=8705, nrcpt=2 (queue active)
      Jan 29 16:50:58 mail amavis[29009]: (29009-20) Passed SPAM,
      [201.76.232.39] [201.76.232.39] <""@...> -> <user2@...>,
      Message-ID: <1d9701c743b4$034438c1$27e84cc9@kawanna>, mail_id:
      Z7DVRcBaggZK, Hits: 22.994, queued_as: E85E09148D, 7565 ms
      Jan 29 16:50:58 mail postfix/smtp[30291]: 503242E4DC:
      to=<user2@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=13,
      delays=5.1/0/0.01/7.6, dsn=2.6.0, status=sent (250 2.6.0 Ok,
      id=29009-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
      E85E09148D)
      Jan 29 16:50:58 mail postfix/smtp[30297]: E85E09148D:
      to=<user2@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.36,
      delays=0.12/0.01/0.22/0, dsn=5.5.4, status=bounced (host
      10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
      FROM command))
      Jan 29 16:50:58 mail postfix/smtp[30297]: E85E09148D:
      to=<user1@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.36,
      delays=0.12/0.01/0.22/0, dsn=5.5.4, status=bounced (host
      10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
      FROM command))
      Jan 29 16:50:58 mail postfix/bounce[30349]: E85E09148D: sender
      non-delivery notification: 7064C30E93
      Jan 29 16:50:58 mail postfix/qmgr[7027]: E85E09148D: removed


      mail ~ # postconf -n
      alias_database = hash:/etc/mail/aliases
      alias_maps = mysql:/etc/postfix/mysql-aliases.cf
      always_bcc = user1@...
      biff = no
      broken_sasl_auth_clients = yes
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      content_filter = smtp-amavis:[127.0.0.1]:10026
      daemon_directory = /usr/lib/postfix
      debug_peer_level = 2
      default_destination_concurrency_limit = 10
      delay_warning_time = 2h
      home_mailbox = .maildir/
      html_directory = /usr/share/doc/postfix-2.4.20070121/html
      local_recipient_maps = $alias_maps unix:passwd.byname
      mail_owner = postfix
      mailbox_size_limit = 102400000
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/share/man
      mydestination = $myhostname, localhost.$mydomain, localhost
      myhostname = mail.caf.com.tr
      mynetworks = 10.0.0.3/32, 127.0.0.0/8, 10.0.2.23/32
      newaliases_path = /usr/bin/newaliases
      proxy_interfaces = 81.215.202.135
      queue_directory = /var/spool/postfix
      readme_directory = /usr/share/doc/postfix-2.4.20070121/readme
      receive_override_options = no_address_mappings
      recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
      relay_domains = caf.com.tr, caf.local
      relay_recipient_maps = hash:/etc/postfix/relay_recipients
      relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
      remote_header_rewrite_domain = domain.invalid
      sample_directory = /etc/postfix
      sendmail_path = /usr/sbin/sendmail
      setgid_group = postdrop
      show_user_unknown_table_name = no
      smtp_tls_CAfile = /etc/postfix/cacert.pem
      smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
      smtp_use_tls = yes
      smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access
      smtpd_error_sleep_time = 1
      smtpd_etrn_restrictions = reject
      smtpd_hard_error_limit = 10
      smtpd_helo_required = yes
      smtpd_recipient_restrictions =
      reject_non_fqdn_sender
      reject_non_fqdn_recipient
      reject_unlisted_recipient
      reject_unlisted_sender
      permit_sasl_authenticated
      permit_mynetworks
      reject_unauth_destination
      check_helo_access cidr:/etc/postfix/helo_checks_ip
      check_helo_access hash:/etc/postfix/helo_checks
      check_recipient_access hash:/etc/postfix/recipient_checks
      reject_invalid_helo_hostname
      check_sender_access pcre:/etc/postfix/valid_sender.pcre
      check_sender_access hash:/etc/postfix/sender_access
      reject_rbl_client zen.spamhaus.org
      check_sender_access regexp:/etc/postfix/filter_10024_catchall
      smtpd_sasl_auth_enable = yes
      smtpd_soft_error_limit = 5
      smtpd_tls_CAfile = /etc/postfix/cacert.pem
      smtpd_tls_auth_only = yes
      smtpd_tls_cert_file = /etc/postfix/mail.caf.com.tr-cert.pem
      smtpd_tls_key_file = /etc/postfix/mail.caf.com.tr-key.pem
      smtpd_tls_received_header = yes
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
      tls_random_source = dev:/dev/urandom
      transport_maps = hash:/etc/postfix/transport
      unknown_local_recipient_reject_code = 550
      virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
      virtual_gid_maps = static:1001
      virtual_mailbox_base = /
      virtual_mailbox_domains = zeplin.cn zeplin.com.cn zeplin.net
      robcol86.org
      virtual_mailbox_limit = 102400000
      virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
      virtual_minimum_uid = 1000
      virtual_transport = maildrop
      virtual_uid_maps = static:1001

      --
      Eray
    • Eray Aslan
      ... mail ~ # telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is ^] . 220 mail.caf.com.tr ESMTP Postfix ehlo example.net
      Message 2 of 12 , Feb 1, 2007
      • 0 Attachment
        Eray Aslan wrote:
        > Postfix acts as a relay for our internal exchange server. The following
        > message generates a bounce from exchange. Shouldn't
        > reject_non_fqdn_sender catch these addresses?

        mail ~ # telnet 127.0.0.1 25
        Trying 127.0.0.1...
        Connected to 127.0.0.1.
        Escape character is '^]'.
        220 mail.caf.com.tr ESMTP Postfix
        ehlo example.net
        250-mail.caf.com.tr
        250-PIPELINING
        250-SIZE 10240000
        250-VRFY
        250-ETRN
        250-STARTTLS
        250-ENHANCEDSTATUSCODES
        250-8BITMIME
        250 DSN
        mail from: @...
        250 2.1.0 Ok
        rcpt to: user3@...
        250 2.1.5 Ok
        data
        354 End data with <CR><LF>.<CR><LF>
        test
        .
        250 2.0.0 Ok: queued as 35526138BB6
        quit
        221 2.0.0 Bye
        Connection closed by foreign host.

        and the message bounces:

        Feb 1 10:36:34 mail postfix/smtp[28903]: 836FB141AF0:
        to=<user3@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.35,
        delays=0.08/0.04/0.22/0, dsn=5.5.4, status=bounced (host
        10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
        FROM command))

        --
        Eray
      • Erwan David
        Le Thu 1/02/2007, Eray Aslan disait ... You must somehow give to your postifx the valid Exchange addresses in a relay_recipient_maps, then the
        Message 3 of 12 , Feb 1, 2007
        • 0 Attachment
          Le Thu 1/02/2007, Eray Aslan disait
          > Eray Aslan wrote:
          > > Postfix acts as a relay for our internal exchange server. The following
          > > message generates a bounce from exchange. Shouldn't
          > > reject_non_fqdn_sender catch these addresses?
          >
          > mail ~ # telnet 127.0.0.1 25
          > Trying 127.0.0.1...
          > Connected to 127.0.0.1.
          > Escape character is '^]'.
          > 220 mail.caf.com.tr ESMTP Postfix
          > ehlo example.net
          > 250-mail.caf.com.tr
          > 250-PIPELINING
          > 250-SIZE 10240000
          > 250-VRFY
          > 250-ETRN
          > 250-STARTTLS
          > 250-ENHANCEDSTATUSCODES
          > 250-8BITMIME
          > 250 DSN
          > mail from: @...
          > 250 2.1.0 Ok
          > rcpt to: user3@...
          > 250 2.1.5 Ok
          > data
          > 354 End data with <CR><LF>.<CR><LF>
          > test
          > .
          > 250 2.0.0 Ok: queued as 35526138BB6
          > quit
          > 221 2.0.0 Bye
          > Connection closed by foreign host.
          >
          > and the message bounces:
          >
          > Feb 1 10:36:34 mail postfix/smtp[28903]: 836FB141AF0:
          > to=<user3@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.35,
          > delays=0.08/0.04/0.22/0, dsn=5.5.4, status=bounced (host
          > 10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
          > FROM command))

          You must somehow give to your postifx the valid Exchange addresses in
          a relay_recipient_maps, then the reject_unlisted_recipient restriction
          will reject those addresses at postfix level.


          --
          Erwan David
        • Eray Aslan
          ... We do recipient checking and user3@caf.com.tr shown above (local part is munged for obvious reasons) is a valid recipient. That is not the problem. --
          Message 4 of 12 , Feb 1, 2007
          • 0 Attachment
            Erwan David wrote:
            > Le Thu 1/02/2007, Eray Aslan disait
            >> Eray Aslan wrote:
            >>> Postfix acts as a relay for our internal exchange server. The following
            >>> message generates a bounce from exchange. Shouldn't
            >>> reject_non_fqdn_sender catch these addresses?
            >> mail ~ # telnet 127.0.0.1 25
            >> Trying 127.0.0.1...
            >> Connected to 127.0.0.1.
            >> Escape character is '^]'.
            >> 220 mail.caf.com.tr ESMTP Postfix
            >> ehlo example.net
            >> 250-mail.caf.com.tr
            >> 250-PIPELINING
            >> 250-SIZE 10240000
            >> 250-VRFY
            >> 250-ETRN
            >> 250-STARTTLS
            >> 250-ENHANCEDSTATUSCODES
            >> 250-8BITMIME
            >> 250 DSN
            >> mail from: @...
            >> 250 2.1.0 Ok
            >> rcpt to: user3@...
            >> 250 2.1.5 Ok
            >> data
            >> 354 End data with <CR><LF>.<CR><LF>
            >> test
            >> .
            >> 250 2.0.0 Ok: queued as 35526138BB6
            >> quit
            >> 221 2.0.0 Bye
            >> Connection closed by foreign host.
            >>
            >> and the message bounces:
            >>
            >> Feb 1 10:36:34 mail postfix/smtp[28903]: 836FB141AF0:
            >> to=<user3@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.35,
            >> delays=0.08/0.04/0.22/0, dsn=5.5.4, status=bounced (host
            >> 10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
            >> FROM command))
            >
            > You must somehow give to your postifx the valid Exchange addresses in
            > a relay_recipient_maps, then the reject_unlisted_recipient restriction
            > will reject those addresses at postfix level.

            We do recipient checking and user3@... shown above (local part is
            munged for obvious reasons) is a valid recipient. That is not the problem.

            --
            Eray
          • Erwan David
            ... Sorry, I mismatched the reject reason between the sender and the recipient. Obviously postfix should not accept a sender address that Exchange will refuse,
            Message 5 of 12 , Feb 1, 2007
            • 0 Attachment
              Le 02/01/07 09:53, Eray Aslan a écrit:

              > We do recipient checking and user3@... shown above (local part is
              > munged for obvious reasons) is a valid recipient. That is not the problem.
              >

              Sorry, I mismatched the reject reason between the sender and the
              recipient. Obviously postfix should not accept a sender address that
              Exchange will refuse, but I cannot help on the Exchange matter.

              --
              Erwan
            • Michael Wang
              ... [...snip...] ... reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a smtpd_recipient_restrictions one. -- Michael Wang
              Message 6 of 12 , Feb 1, 2007
              • 0 Attachment
                Eray Aslan wrote:
                > Hello,
                >
                > Postfix acts as a relay for our internal exchange server. The following
                > message generates a bounce from exchange. Shouldn't
                > reject_non_fqdn_sender catch these addresses?

                [...snip...]

                > smtpd_recipient_restrictions =
                > reject_non_fqdn_sender
                > reject_non_fqdn_recipient
                > reject_unlisted_recipient
                > reject_unlisted_sender
                > permit_sasl_authenticated
                > permit_mynetworks
                > reject_unauth_destination
                > check_helo_access cidr:/etc/postfix/helo_checks_ip
                > check_helo_access hash:/etc/postfix/helo_checks
                > check_recipient_access hash:/etc/postfix/recipient_checks
                > reject_invalid_helo_hostname
                > check_sender_access pcre:/etc/postfix/valid_sender.pcre
                > check_sender_access hash:/etc/postfix/sender_access
                > reject_rbl_client zen.spamhaus.org
                > check_sender_access regexp:/etc/postfix/filter_10024_catchall

                reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
                smtpd_recipient_restrictions one.

                --
                Michael Wang
              • Ralf Hildebrandt
                ... It can be used in smtpd_recipient_restrictions as well -- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix -
                Message 7 of 12 , Feb 1, 2007
                • 0 Attachment
                  * Michael Wang <postfix-user@...>:

                  > >smtpd_recipient_restrictions =
                  > > reject_non_fqdn_sender
                  > > reject_non_fqdn_recipient
                  > > reject_unlisted_recipient
                  > > reject_unlisted_sender
                  > > permit_sasl_authenticated
                  > > permit_mynetworks
                  > > reject_unauth_destination
                  > > check_helo_access cidr:/etc/postfix/helo_checks_ip
                  > > check_helo_access hash:/etc/postfix/helo_checks
                  > > check_recipient_access hash:/etc/postfix/recipient_checks
                  > > reject_invalid_helo_hostname
                  > > check_sender_access pcre:/etc/postfix/valid_sender.pcre
                  > > check_sender_access hash:/etc/postfix/sender_access
                  > > reject_rbl_client zen.spamhaus.org
                  > > check_sender_access regexp:/etc/postfix/filter_10024_catchall
                  >
                  > reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
                  > smtpd_recipient_restrictions one.

                  It can be used in smtpd_recipient_restrictions as well

                  --
                  Ralf Hildebrandt (Ralf.Hildebrandt@...) plonk@...
                  Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
                  http://www.arschkrebs.de
                  Disclaimer:
                  By sending an email to ANY of my addresses you are agreeing that:
                  1. I am by definition, "the intended recipient"
                  2. All information in the email is mine to do with as I see fit and
                  make such financial profit, political mileage, or good joke as it
                  lends itself to. In particular, I may quote it on usenet.
                  3. I may take the contents as representing the views of your company.
                  4. This overrides any disclaimer or statement of confidentiality that
                  may be included on your message.
                • Michael Wang
                  ... Ah ha, I missed that in the docs, thanks for the correction. -- Michael Wang
                  Message 8 of 12 , Feb 1, 2007
                  • 0 Attachment
                    Ralf Hildebrandt wrote:
                    > * Michael Wang <postfix-user@...>:
                    >> reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
                    >> smtpd_recipient_restrictions one.
                    >
                    > It can be used in smtpd_recipient_restrictions as well

                    Ah ha, I missed that in the docs, thanks for the correction.

                    --
                    Michael Wang
                  • Eray Aslan
                    ... As far as I can tell, RFCs allow empty local part as quoted null string. Even if it is technically correct, should we allow empty local parts in email
                    Message 9 of 12 , Feb 1, 2007
                    • 0 Attachment
                      Eray Aslan wrote:
                      > Postfix acts as a relay for our internal exchange server. The following
                      > message generates a bounce from exchange. Shouldn't
                      > reject_non_fqdn_sender catch these addresses?
                      >
                      > mail ~ # zgrep 503242E4DC /var/log/mail.log.1.gz
                      > Jan 29 16:50:46 mail postfix/smtpd[30273]: 503242E4DC:
                      > client=unknown[201.76.232.39]
                      > Jan 29 16:50:47 mail postfix/cleanup[30290]: 503242E4DC:
                      > message-id=<1d9701c743b4$034438c1$27e84cc9@kawanna>
                      > Jan 29 16:50:50 mail postfix/qmgr[7027]: 503242E4DC: from=<@...>,
                      > size=7570, nrcpt=1 (queue active)
                      > Jan 29 16:50:58 mail postfix/smtp[30291]: 503242E4DC:
                      > to=<user2@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=13,
                      > delays=5.1/0/0.01/7.6, dsn=2.6.0, status=sent (250 2.6.0 Ok,
                      > id=29009-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
                      > E85E09148D)
                      > Jan 29 16:50:58 mail postfix/qmgr[7027]: 503242E4DC: removed

                      As far as I can tell, RFCs allow empty local part as quoted null string.
                      Even if it is technically correct, should we allow empty local parts in
                      email address in the form of @...? Certainly, it not
                      deliverable. Or is Exchange at fault here and I should solve this by a
                      regexp in check_sender_access?

                      --
                      Eray
                    • Eray Aslan
                      ... For the record, I added the following to the main.cf: smtpd_recipient_restrictions = ... check_sender_access regexp:/etc/postfix/empty_local ...
                      Message 10 of 12 , Feb 1, 2007
                      • 0 Attachment
                        Eray Aslan wrote:
                        > As far as I can tell, RFCs allow empty local part as quoted null string.
                        > Even if it is technically correct, should we allow empty local parts in
                        > email address in the form of @...? Certainly, it not
                        > deliverable. Or is Exchange at fault here and I should solve this by a
                        > regexp in check_sender_access?

                        For the record, I added the following to the main.cf:

                        smtpd_recipient_restrictions =
                        ...
                        check_sender_access regexp:/etc/postfix/empty_local
                        ...

                        /etc/postfix/empty_local:
                        /^@.+/ REJECT No empty local part in email addresses please

                        Any caveats I should be aware of?

                        --
                        Eray
                      • Mark Martinec
                        Eray, ... With: strict_rfc821_envelopes = yes mail from: 501 5.1.7 Bad sender address syntax We have the strict_rfc821_envelopes turned on since
                        Message 11 of 12 , Feb 1, 2007
                        • 0 Attachment
                          Eray,

                          > As far as I can tell, RFCs allow empty local part as quoted null string.
                          > Even if it is technically correct, should we allow empty local parts in
                          > email address in the form of @...? Certainly, it not
                          > deliverable. Or is Exchange at fault here and I should solve this by a
                          > regexp in check_sender_access?

                          With:
                          strict_rfc821_envelopes = yes

                          mail from:<@...>
                          501 5.1.7 Bad sender address syntax


                          We have the strict_rfc821_envelopes turned on since forever
                          for precisely this reason. There were no cases here
                          of legitimate mail that were turned down by this setting.

                          Mark
                        • mouss
                          ... .+ at the end or beginning of regular expressions is useless. so /^@/ should do. Mark s suggestion (strict_rfc821_envelopes) is a better solution.
                          Message 12 of 12 , Feb 1, 2007
                          • 0 Attachment
                            Eray Aslan wrote:
                            >
                            >
                            > For the record, I added the following to the main.cf:
                            >
                            > smtpd_recipient_restrictions =
                            > ...
                            > check_sender_access regexp:/etc/postfix/empty_local
                            > ...
                            >
                            > /etc/postfix/empty_local:
                            > /^@.+/ REJECT No empty local part in email addresses please
                            >
                            > Any caveats I should be aware of?
                            >
                            >

                            .+ at the end or beginning of regular expressions is useless. so /^@/
                            should do.

                            Mark's suggestion (strict_rfc821_envelopes) is a better solution.
                          Your message has been successfully submitted and would be delivered to recipients shortly.