Loading ...
Sorry, an error occurred while loading the content.

Re: Invalid address and bounce from Exchange

Expand Messages
  • Eray Aslan
    ... mail ~ # telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is ^] . 220 mail.caf.com.tr ESMTP Postfix ehlo example.net
    Message 1 of 12 , Feb 1, 2007
    • 0 Attachment
      Eray Aslan wrote:
      > Postfix acts as a relay for our internal exchange server. The following
      > message generates a bounce from exchange. Shouldn't
      > reject_non_fqdn_sender catch these addresses?

      mail ~ # telnet 127.0.0.1 25
      Trying 127.0.0.1...
      Connected to 127.0.0.1.
      Escape character is '^]'.
      220 mail.caf.com.tr ESMTP Postfix
      ehlo example.net
      250-mail.caf.com.tr
      250-PIPELINING
      250-SIZE 10240000
      250-VRFY
      250-ETRN
      250-STARTTLS
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
      mail from: @...
      250 2.1.0 Ok
      rcpt to: user3@...
      250 2.1.5 Ok
      data
      354 End data with <CR><LF>.<CR><LF>
      test
      .
      250 2.0.0 Ok: queued as 35526138BB6
      quit
      221 2.0.0 Bye
      Connection closed by foreign host.

      and the message bounces:

      Feb 1 10:36:34 mail postfix/smtp[28903]: 836FB141AF0:
      to=<user3@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.35,
      delays=0.08/0.04/0.22/0, dsn=5.5.4, status=bounced (host
      10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
      FROM command))

      --
      Eray
    • Erwan David
      Le Thu 1/02/2007, Eray Aslan disait ... You must somehow give to your postifx the valid Exchange addresses in a relay_recipient_maps, then the
      Message 2 of 12 , Feb 1, 2007
      • 0 Attachment
        Le Thu 1/02/2007, Eray Aslan disait
        > Eray Aslan wrote:
        > > Postfix acts as a relay for our internal exchange server. The following
        > > message generates a bounce from exchange. Shouldn't
        > > reject_non_fqdn_sender catch these addresses?
        >
        > mail ~ # telnet 127.0.0.1 25
        > Trying 127.0.0.1...
        > Connected to 127.0.0.1.
        > Escape character is '^]'.
        > 220 mail.caf.com.tr ESMTP Postfix
        > ehlo example.net
        > 250-mail.caf.com.tr
        > 250-PIPELINING
        > 250-SIZE 10240000
        > 250-VRFY
        > 250-ETRN
        > 250-STARTTLS
        > 250-ENHANCEDSTATUSCODES
        > 250-8BITMIME
        > 250 DSN
        > mail from: @...
        > 250 2.1.0 Ok
        > rcpt to: user3@...
        > 250 2.1.5 Ok
        > data
        > 354 End data with <CR><LF>.<CR><LF>
        > test
        > .
        > 250 2.0.0 Ok: queued as 35526138BB6
        > quit
        > 221 2.0.0 Bye
        > Connection closed by foreign host.
        >
        > and the message bounces:
        >
        > Feb 1 10:36:34 mail postfix/smtp[28903]: 836FB141AF0:
        > to=<user3@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.35,
        > delays=0.08/0.04/0.22/0, dsn=5.5.4, status=bounced (host
        > 10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
        > FROM command))

        You must somehow give to your postifx the valid Exchange addresses in
        a relay_recipient_maps, then the reject_unlisted_recipient restriction
        will reject those addresses at postfix level.


        --
        Erwan David
      • Eray Aslan
        ... We do recipient checking and user3@caf.com.tr shown above (local part is munged for obvious reasons) is a valid recipient. That is not the problem. --
        Message 3 of 12 , Feb 1, 2007
        • 0 Attachment
          Erwan David wrote:
          > Le Thu 1/02/2007, Eray Aslan disait
          >> Eray Aslan wrote:
          >>> Postfix acts as a relay for our internal exchange server. The following
          >>> message generates a bounce from exchange. Shouldn't
          >>> reject_non_fqdn_sender catch these addresses?
          >> mail ~ # telnet 127.0.0.1 25
          >> Trying 127.0.0.1...
          >> Connected to 127.0.0.1.
          >> Escape character is '^]'.
          >> 220 mail.caf.com.tr ESMTP Postfix
          >> ehlo example.net
          >> 250-mail.caf.com.tr
          >> 250-PIPELINING
          >> 250-SIZE 10240000
          >> 250-VRFY
          >> 250-ETRN
          >> 250-STARTTLS
          >> 250-ENHANCEDSTATUSCODES
          >> 250-8BITMIME
          >> 250 DSN
          >> mail from: @...
          >> 250 2.1.0 Ok
          >> rcpt to: user3@...
          >> 250 2.1.5 Ok
          >> data
          >> 354 End data with <CR><LF>.<CR><LF>
          >> test
          >> .
          >> 250 2.0.0 Ok: queued as 35526138BB6
          >> quit
          >> 221 2.0.0 Bye
          >> Connection closed by foreign host.
          >>
          >> and the message bounces:
          >>
          >> Feb 1 10:36:34 mail postfix/smtp[28903]: 836FB141AF0:
          >> to=<user3@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.35,
          >> delays=0.08/0.04/0.22/0, dsn=5.5.4, status=bounced (host
          >> 10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
          >> FROM command))
          >
          > You must somehow give to your postifx the valid Exchange addresses in
          > a relay_recipient_maps, then the reject_unlisted_recipient restriction
          > will reject those addresses at postfix level.

          We do recipient checking and user3@... shown above (local part is
          munged for obvious reasons) is a valid recipient. That is not the problem.

          --
          Eray
        • Erwan David
          ... Sorry, I mismatched the reject reason between the sender and the recipient. Obviously postfix should not accept a sender address that Exchange will refuse,
          Message 4 of 12 , Feb 1, 2007
          • 0 Attachment
            Le 02/01/07 09:53, Eray Aslan a écrit:

            > We do recipient checking and user3@... shown above (local part is
            > munged for obvious reasons) is a valid recipient. That is not the problem.
            >

            Sorry, I mismatched the reject reason between the sender and the
            recipient. Obviously postfix should not accept a sender address that
            Exchange will refuse, but I cannot help on the Exchange matter.

            --
            Erwan
          • Michael Wang
            ... [...snip...] ... reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a smtpd_recipient_restrictions one. -- Michael Wang
            Message 5 of 12 , Feb 1, 2007
            • 0 Attachment
              Eray Aslan wrote:
              > Hello,
              >
              > Postfix acts as a relay for our internal exchange server. The following
              > message generates a bounce from exchange. Shouldn't
              > reject_non_fqdn_sender catch these addresses?

              [...snip...]

              > smtpd_recipient_restrictions =
              > reject_non_fqdn_sender
              > reject_non_fqdn_recipient
              > reject_unlisted_recipient
              > reject_unlisted_sender
              > permit_sasl_authenticated
              > permit_mynetworks
              > reject_unauth_destination
              > check_helo_access cidr:/etc/postfix/helo_checks_ip
              > check_helo_access hash:/etc/postfix/helo_checks
              > check_recipient_access hash:/etc/postfix/recipient_checks
              > reject_invalid_helo_hostname
              > check_sender_access pcre:/etc/postfix/valid_sender.pcre
              > check_sender_access hash:/etc/postfix/sender_access
              > reject_rbl_client zen.spamhaus.org
              > check_sender_access regexp:/etc/postfix/filter_10024_catchall

              reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
              smtpd_recipient_restrictions one.

              --
              Michael Wang
            • Ralf Hildebrandt
              ... It can be used in smtpd_recipient_restrictions as well -- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix -
              Message 6 of 12 , Feb 1, 2007
              • 0 Attachment
                * Michael Wang <postfix-user@...>:

                > >smtpd_recipient_restrictions =
                > > reject_non_fqdn_sender
                > > reject_non_fqdn_recipient
                > > reject_unlisted_recipient
                > > reject_unlisted_sender
                > > permit_sasl_authenticated
                > > permit_mynetworks
                > > reject_unauth_destination
                > > check_helo_access cidr:/etc/postfix/helo_checks_ip
                > > check_helo_access hash:/etc/postfix/helo_checks
                > > check_recipient_access hash:/etc/postfix/recipient_checks
                > > reject_invalid_helo_hostname
                > > check_sender_access pcre:/etc/postfix/valid_sender.pcre
                > > check_sender_access hash:/etc/postfix/sender_access
                > > reject_rbl_client zen.spamhaus.org
                > > check_sender_access regexp:/etc/postfix/filter_10024_catchall
                >
                > reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
                > smtpd_recipient_restrictions one.

                It can be used in smtpd_recipient_restrictions as well

                --
                Ralf Hildebrandt (Ralf.Hildebrandt@...) plonk@...
                Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
                http://www.arschkrebs.de
                Disclaimer:
                By sending an email to ANY of my addresses you are agreeing that:
                1. I am by definition, "the intended recipient"
                2. All information in the email is mine to do with as I see fit and
                make such financial profit, political mileage, or good joke as it
                lends itself to. In particular, I may quote it on usenet.
                3. I may take the contents as representing the views of your company.
                4. This overrides any disclaimer or statement of confidentiality that
                may be included on your message.
              • Michael Wang
                ... Ah ha, I missed that in the docs, thanks for the correction. -- Michael Wang
                Message 7 of 12 , Feb 1, 2007
                • 0 Attachment
                  Ralf Hildebrandt wrote:
                  > * Michael Wang <postfix-user@...>:
                  >> reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
                  >> smtpd_recipient_restrictions one.
                  >
                  > It can be used in smtpd_recipient_restrictions as well

                  Ah ha, I missed that in the docs, thanks for the correction.

                  --
                  Michael Wang
                • Eray Aslan
                  ... As far as I can tell, RFCs allow empty local part as quoted null string. Even if it is technically correct, should we allow empty local parts in email
                  Message 8 of 12 , Feb 1, 2007
                  • 0 Attachment
                    Eray Aslan wrote:
                    > Postfix acts as a relay for our internal exchange server. The following
                    > message generates a bounce from exchange. Shouldn't
                    > reject_non_fqdn_sender catch these addresses?
                    >
                    > mail ~ # zgrep 503242E4DC /var/log/mail.log.1.gz
                    > Jan 29 16:50:46 mail postfix/smtpd[30273]: 503242E4DC:
                    > client=unknown[201.76.232.39]
                    > Jan 29 16:50:47 mail postfix/cleanup[30290]: 503242E4DC:
                    > message-id=<1d9701c743b4$034438c1$27e84cc9@kawanna>
                    > Jan 29 16:50:50 mail postfix/qmgr[7027]: 503242E4DC: from=<@...>,
                    > size=7570, nrcpt=1 (queue active)
                    > Jan 29 16:50:58 mail postfix/smtp[30291]: 503242E4DC:
                    > to=<user2@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=13,
                    > delays=5.1/0/0.01/7.6, dsn=2.6.0, status=sent (250 2.6.0 Ok,
                    > id=29009-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
                    > E85E09148D)
                    > Jan 29 16:50:58 mail postfix/qmgr[7027]: 503242E4DC: removed

                    As far as I can tell, RFCs allow empty local part as quoted null string.
                    Even if it is technically correct, should we allow empty local parts in
                    email address in the form of @...? Certainly, it not
                    deliverable. Or is Exchange at fault here and I should solve this by a
                    regexp in check_sender_access?

                    --
                    Eray
                  • Eray Aslan
                    ... For the record, I added the following to the main.cf: smtpd_recipient_restrictions = ... check_sender_access regexp:/etc/postfix/empty_local ...
                    Message 9 of 12 , Feb 1, 2007
                    • 0 Attachment
                      Eray Aslan wrote:
                      > As far as I can tell, RFCs allow empty local part as quoted null string.
                      > Even if it is technically correct, should we allow empty local parts in
                      > email address in the form of @...? Certainly, it not
                      > deliverable. Or is Exchange at fault here and I should solve this by a
                      > regexp in check_sender_access?

                      For the record, I added the following to the main.cf:

                      smtpd_recipient_restrictions =
                      ...
                      check_sender_access regexp:/etc/postfix/empty_local
                      ...

                      /etc/postfix/empty_local:
                      /^@.+/ REJECT No empty local part in email addresses please

                      Any caveats I should be aware of?

                      --
                      Eray
                    • Mark Martinec
                      Eray, ... With: strict_rfc821_envelopes = yes mail from: 501 5.1.7 Bad sender address syntax We have the strict_rfc821_envelopes turned on since
                      Message 10 of 12 , Feb 1, 2007
                      • 0 Attachment
                        Eray,

                        > As far as I can tell, RFCs allow empty local part as quoted null string.
                        > Even if it is technically correct, should we allow empty local parts in
                        > email address in the form of @...? Certainly, it not
                        > deliverable. Or is Exchange at fault here and I should solve this by a
                        > regexp in check_sender_access?

                        With:
                        strict_rfc821_envelopes = yes

                        mail from:<@...>
                        501 5.1.7 Bad sender address syntax


                        We have the strict_rfc821_envelopes turned on since forever
                        for precisely this reason. There were no cases here
                        of legitimate mail that were turned down by this setting.

                        Mark
                      • mouss
                        ... .+ at the end or beginning of regular expressions is useless. so /^@/ should do. Mark s suggestion (strict_rfc821_envelopes) is a better solution.
                        Message 11 of 12 , Feb 1, 2007
                        • 0 Attachment
                          Eray Aslan wrote:
                          >
                          >
                          > For the record, I added the following to the main.cf:
                          >
                          > smtpd_recipient_restrictions =
                          > ...
                          > check_sender_access regexp:/etc/postfix/empty_local
                          > ...
                          >
                          > /etc/postfix/empty_local:
                          > /^@.+/ REJECT No empty local part in email addresses please
                          >
                          > Any caveats I should be aware of?
                          >
                          >

                          .+ at the end or beginning of regular expressions is useless. so /^@/
                          should do.

                          Mark's suggestion (strict_rfc821_envelopes) is a better solution.
                        Your message has been successfully submitted and would be delivered to recipients shortly.