Loading ...
Sorry, an error occurred while loading the content.
 

Re: Invalid address and bounce from Exchange

Expand Messages
  • Eray Aslan
    ... We do recipient checking and user3@caf.com.tr shown above (local part is munged for obvious reasons) is a valid recipient. That is not the problem. --
    Message 1 of 12 , Feb 1, 2007
      Erwan David wrote:
      > Le Thu 1/02/2007, Eray Aslan disait
      >> Eray Aslan wrote:
      >>> Postfix acts as a relay for our internal exchange server. The following
      >>> message generates a bounce from exchange. Shouldn't
      >>> reject_non_fqdn_sender catch these addresses?
      >> mail ~ # telnet 127.0.0.1 25
      >> Trying 127.0.0.1...
      >> Connected to 127.0.0.1.
      >> Escape character is '^]'.
      >> 220 mail.caf.com.tr ESMTP Postfix
      >> ehlo example.net
      >> 250-mail.caf.com.tr
      >> 250-PIPELINING
      >> 250-SIZE 10240000
      >> 250-VRFY
      >> 250-ETRN
      >> 250-STARTTLS
      >> 250-ENHANCEDSTATUSCODES
      >> 250-8BITMIME
      >> 250 DSN
      >> mail from: @...
      >> 250 2.1.0 Ok
      >> rcpt to: user3@...
      >> 250 2.1.5 Ok
      >> data
      >> 354 End data with <CR><LF>.<CR><LF>
      >> test
      >> .
      >> 250 2.0.0 Ok: queued as 35526138BB6
      >> quit
      >> 221 2.0.0 Bye
      >> Connection closed by foreign host.
      >>
      >> and the message bounces:
      >>
      >> Feb 1 10:36:34 mail postfix/smtp[28903]: 836FB141AF0:
      >> to=<user3@...>, relay=10.0.0.3[10.0.0.3]:25, delay=0.35,
      >> delays=0.08/0.04/0.22/0, dsn=5.5.4, status=bounced (host
      >> 10.0.0.3[10.0.0.3] said: 501 5.5.4 Invalid Address (in reply to MAIL
      >> FROM command))
      >
      > You must somehow give to your postifx the valid Exchange addresses in
      > a relay_recipient_maps, then the reject_unlisted_recipient restriction
      > will reject those addresses at postfix level.

      We do recipient checking and user3@... shown above (local part is
      munged for obvious reasons) is a valid recipient. That is not the problem.

      --
      Eray
    • Erwan David
      ... Sorry, I mismatched the reject reason between the sender and the recipient. Obviously postfix should not accept a sender address that Exchange will refuse,
      Message 2 of 12 , Feb 1, 2007
        Le 02/01/07 09:53, Eray Aslan a écrit:

        > We do recipient checking and user3@... shown above (local part is
        > munged for obvious reasons) is a valid recipient. That is not the problem.
        >

        Sorry, I mismatched the reject reason between the sender and the
        recipient. Obviously postfix should not accept a sender address that
        Exchange will refuse, but I cannot help on the Exchange matter.

        --
        Erwan
      • Michael Wang
        ... [...snip...] ... reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a smtpd_recipient_restrictions one. -- Michael Wang
        Message 3 of 12 , Feb 1, 2007
          Eray Aslan wrote:
          > Hello,
          >
          > Postfix acts as a relay for our internal exchange server. The following
          > message generates a bounce from exchange. Shouldn't
          > reject_non_fqdn_sender catch these addresses?

          [...snip...]

          > smtpd_recipient_restrictions =
          > reject_non_fqdn_sender
          > reject_non_fqdn_recipient
          > reject_unlisted_recipient
          > reject_unlisted_sender
          > permit_sasl_authenticated
          > permit_mynetworks
          > reject_unauth_destination
          > check_helo_access cidr:/etc/postfix/helo_checks_ip
          > check_helo_access hash:/etc/postfix/helo_checks
          > check_recipient_access hash:/etc/postfix/recipient_checks
          > reject_invalid_helo_hostname
          > check_sender_access pcre:/etc/postfix/valid_sender.pcre
          > check_sender_access hash:/etc/postfix/sender_access
          > reject_rbl_client zen.spamhaus.org
          > check_sender_access regexp:/etc/postfix/filter_10024_catchall

          reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
          smtpd_recipient_restrictions one.

          --
          Michael Wang
        • Ralf Hildebrandt
          ... It can be used in smtpd_recipient_restrictions as well -- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix -
          Message 4 of 12 , Feb 1, 2007
            * Michael Wang <postfix-user@...>:

            > >smtpd_recipient_restrictions =
            > > reject_non_fqdn_sender
            > > reject_non_fqdn_recipient
            > > reject_unlisted_recipient
            > > reject_unlisted_sender
            > > permit_sasl_authenticated
            > > permit_mynetworks
            > > reject_unauth_destination
            > > check_helo_access cidr:/etc/postfix/helo_checks_ip
            > > check_helo_access hash:/etc/postfix/helo_checks
            > > check_recipient_access hash:/etc/postfix/recipient_checks
            > > reject_invalid_helo_hostname
            > > check_sender_access pcre:/etc/postfix/valid_sender.pcre
            > > check_sender_access hash:/etc/postfix/sender_access
            > > reject_rbl_client zen.spamhaus.org
            > > check_sender_access regexp:/etc/postfix/filter_10024_catchall
            >
            > reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
            > smtpd_recipient_restrictions one.

            It can be used in smtpd_recipient_restrictions as well

            --
            Ralf Hildebrandt (Ralf.Hildebrandt@...) plonk@...
            Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
            http://www.arschkrebs.de
            Disclaimer:
            By sending an email to ANY of my addresses you are agreeing that:
            1. I am by definition, "the intended recipient"
            2. All information in the email is mine to do with as I see fit and
            make such financial profit, political mileage, or good joke as it
            lends itself to. In particular, I may quote it on usenet.
            3. I may take the contents as representing the views of your company.
            4. This overrides any disclaimer or statement of confidentiality that
            may be included on your message.
          • Michael Wang
            ... Ah ha, I missed that in the docs, thanks for the correction. -- Michael Wang
            Message 5 of 12 , Feb 1, 2007
              Ralf Hildebrandt wrote:
              > * Michael Wang <postfix-user@...>:
              >> reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
              >> smtpd_recipient_restrictions one.
              >
              > It can be used in smtpd_recipient_restrictions as well

              Ah ha, I missed that in the docs, thanks for the correction.

              --
              Michael Wang
            • Eray Aslan
              ... As far as I can tell, RFCs allow empty local part as quoted null string. Even if it is technically correct, should we allow empty local parts in email
              Message 6 of 12 , Feb 1, 2007
                Eray Aslan wrote:
                > Postfix acts as a relay for our internal exchange server. The following
                > message generates a bounce from exchange. Shouldn't
                > reject_non_fqdn_sender catch these addresses?
                >
                > mail ~ # zgrep 503242E4DC /var/log/mail.log.1.gz
                > Jan 29 16:50:46 mail postfix/smtpd[30273]: 503242E4DC:
                > client=unknown[201.76.232.39]
                > Jan 29 16:50:47 mail postfix/cleanup[30290]: 503242E4DC:
                > message-id=<1d9701c743b4$034438c1$27e84cc9@kawanna>
                > Jan 29 16:50:50 mail postfix/qmgr[7027]: 503242E4DC: from=<@...>,
                > size=7570, nrcpt=1 (queue active)
                > Jan 29 16:50:58 mail postfix/smtp[30291]: 503242E4DC:
                > to=<user2@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=13,
                > delays=5.1/0/0.01/7.6, dsn=2.6.0, status=sent (250 2.6.0 Ok,
                > id=29009-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
                > E85E09148D)
                > Jan 29 16:50:58 mail postfix/qmgr[7027]: 503242E4DC: removed

                As far as I can tell, RFCs allow empty local part as quoted null string.
                Even if it is technically correct, should we allow empty local parts in
                email address in the form of @...? Certainly, it not
                deliverable. Or is Exchange at fault here and I should solve this by a
                regexp in check_sender_access?

                --
                Eray
              • Eray Aslan
                ... For the record, I added the following to the main.cf: smtpd_recipient_restrictions = ... check_sender_access regexp:/etc/postfix/empty_local ...
                Message 7 of 12 , Feb 1, 2007
                  Eray Aslan wrote:
                  > As far as I can tell, RFCs allow empty local part as quoted null string.
                  > Even if it is technically correct, should we allow empty local parts in
                  > email address in the form of @...? Certainly, it not
                  > deliverable. Or is Exchange at fault here and I should solve this by a
                  > regexp in check_sender_access?

                  For the record, I added the following to the main.cf:

                  smtpd_recipient_restrictions =
                  ...
                  check_sender_access regexp:/etc/postfix/empty_local
                  ...

                  /etc/postfix/empty_local:
                  /^@.+/ REJECT No empty local part in email addresses please

                  Any caveats I should be aware of?

                  --
                  Eray
                • Mark Martinec
                  Eray, ... With: strict_rfc821_envelopes = yes mail from: 501 5.1.7 Bad sender address syntax We have the strict_rfc821_envelopes turned on since
                  Message 8 of 12 , Feb 1, 2007
                    Eray,

                    > As far as I can tell, RFCs allow empty local part as quoted null string.
                    > Even if it is technically correct, should we allow empty local parts in
                    > email address in the form of @...? Certainly, it not
                    > deliverable. Or is Exchange at fault here and I should solve this by a
                    > regexp in check_sender_access?

                    With:
                    strict_rfc821_envelopes = yes

                    mail from:<@...>
                    501 5.1.7 Bad sender address syntax


                    We have the strict_rfc821_envelopes turned on since forever
                    for precisely this reason. There were no cases here
                    of legitimate mail that were turned down by this setting.

                    Mark
                  • mouss
                    ... .+ at the end or beginning of regular expressions is useless. so /^@/ should do. Mark s suggestion (strict_rfc821_envelopes) is a better solution.
                    Message 9 of 12 , Feb 1, 2007
                      Eray Aslan wrote:
                      >
                      >
                      > For the record, I added the following to the main.cf:
                      >
                      > smtpd_recipient_restrictions =
                      > ...
                      > check_sender_access regexp:/etc/postfix/empty_local
                      > ...
                      >
                      > /etc/postfix/empty_local:
                      > /^@.+/ REJECT No empty local part in email addresses please
                      >
                      > Any caveats I should be aware of?
                      >
                      >

                      .+ at the end or beginning of regular expressions is useless. so /^@/
                      should do.

                      Mark's suggestion (strict_rfc821_envelopes) is a better solution.
                    Your message has been successfully submitted and would be delivered to recipients shortly.