Loading ...
Sorry, an error occurred while loading the content.

Re: Invalid address and bounce from Exchange

Expand Messages
  • Erwan David
    ... Sorry, I mismatched the reject reason between the sender and the recipient. Obviously postfix should not accept a sender address that Exchange will refuse,
    Message 1 of 12 , Feb 1, 2007
    • 0 Attachment
      Le 02/01/07 09:53, Eray Aslan a écrit:

      > We do recipient checking and user3@... shown above (local part is
      > munged for obvious reasons) is a valid recipient. That is not the problem.
      >

      Sorry, I mismatched the reject reason between the sender and the
      recipient. Obviously postfix should not accept a sender address that
      Exchange will refuse, but I cannot help on the Exchange matter.

      --
      Erwan
    • Michael Wang
      ... [...snip...] ... reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a smtpd_recipient_restrictions one. -- Michael Wang
      Message 2 of 12 , Feb 1, 2007
      • 0 Attachment
        Eray Aslan wrote:
        > Hello,
        >
        > Postfix acts as a relay for our internal exchange server. The following
        > message generates a bounce from exchange. Shouldn't
        > reject_non_fqdn_sender catch these addresses?

        [...snip...]

        > smtpd_recipient_restrictions =
        > reject_non_fqdn_sender
        > reject_non_fqdn_recipient
        > reject_unlisted_recipient
        > reject_unlisted_sender
        > permit_sasl_authenticated
        > permit_mynetworks
        > reject_unauth_destination
        > check_helo_access cidr:/etc/postfix/helo_checks_ip
        > check_helo_access hash:/etc/postfix/helo_checks
        > check_recipient_access hash:/etc/postfix/recipient_checks
        > reject_invalid_helo_hostname
        > check_sender_access pcre:/etc/postfix/valid_sender.pcre
        > check_sender_access hash:/etc/postfix/sender_access
        > reject_rbl_client zen.spamhaus.org
        > check_sender_access regexp:/etc/postfix/filter_10024_catchall

        reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
        smtpd_recipient_restrictions one.

        --
        Michael Wang
      • Ralf Hildebrandt
        ... It can be used in smtpd_recipient_restrictions as well -- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix -
        Message 3 of 12 , Feb 1, 2007
        • 0 Attachment
          * Michael Wang <postfix-user@...>:

          > >smtpd_recipient_restrictions =
          > > reject_non_fqdn_sender
          > > reject_non_fqdn_recipient
          > > reject_unlisted_recipient
          > > reject_unlisted_sender
          > > permit_sasl_authenticated
          > > permit_mynetworks
          > > reject_unauth_destination
          > > check_helo_access cidr:/etc/postfix/helo_checks_ip
          > > check_helo_access hash:/etc/postfix/helo_checks
          > > check_recipient_access hash:/etc/postfix/recipient_checks
          > > reject_invalid_helo_hostname
          > > check_sender_access pcre:/etc/postfix/valid_sender.pcre
          > > check_sender_access hash:/etc/postfix/sender_access
          > > reject_rbl_client zen.spamhaus.org
          > > check_sender_access regexp:/etc/postfix/filter_10024_catchall
          >
          > reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
          > smtpd_recipient_restrictions one.

          It can be used in smtpd_recipient_restrictions as well

          --
          Ralf Hildebrandt (Ralf.Hildebrandt@...) plonk@...
          Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
          http://www.arschkrebs.de
          Disclaimer:
          By sending an email to ANY of my addresses you are agreeing that:
          1. I am by definition, "the intended recipient"
          2. All information in the email is mine to do with as I see fit and
          make such financial profit, political mileage, or good joke as it
          lends itself to. In particular, I may quote it on usenet.
          3. I may take the contents as representing the views of your company.
          4. This overrides any disclaimer or statement of confidentiality that
          may be included on your message.
        • Michael Wang
          ... Ah ha, I missed that in the docs, thanks for the correction. -- Michael Wang
          Message 4 of 12 , Feb 1, 2007
          • 0 Attachment
            Ralf Hildebrandt wrote:
            > * Michael Wang <postfix-user@...>:
            >> reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
            >> smtpd_recipient_restrictions one.
            >
            > It can be used in smtpd_recipient_restrictions as well

            Ah ha, I missed that in the docs, thanks for the correction.

            --
            Michael Wang
          • Eray Aslan
            ... As far as I can tell, RFCs allow empty local part as quoted null string. Even if it is technically correct, should we allow empty local parts in email
            Message 5 of 12 , Feb 1, 2007
            • 0 Attachment
              Eray Aslan wrote:
              > Postfix acts as a relay for our internal exchange server. The following
              > message generates a bounce from exchange. Shouldn't
              > reject_non_fqdn_sender catch these addresses?
              >
              > mail ~ # zgrep 503242E4DC /var/log/mail.log.1.gz
              > Jan 29 16:50:46 mail postfix/smtpd[30273]: 503242E4DC:
              > client=unknown[201.76.232.39]
              > Jan 29 16:50:47 mail postfix/cleanup[30290]: 503242E4DC:
              > message-id=<1d9701c743b4$034438c1$27e84cc9@kawanna>
              > Jan 29 16:50:50 mail postfix/qmgr[7027]: 503242E4DC: from=<@...>,
              > size=7570, nrcpt=1 (queue active)
              > Jan 29 16:50:58 mail postfix/smtp[30291]: 503242E4DC:
              > to=<user2@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=13,
              > delays=5.1/0/0.01/7.6, dsn=2.6.0, status=sent (250 2.6.0 Ok,
              > id=29009-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
              > E85E09148D)
              > Jan 29 16:50:58 mail postfix/qmgr[7027]: 503242E4DC: removed

              As far as I can tell, RFCs allow empty local part as quoted null string.
              Even if it is technically correct, should we allow empty local parts in
              email address in the form of @...? Certainly, it not
              deliverable. Or is Exchange at fault here and I should solve this by a
              regexp in check_sender_access?

              --
              Eray
            • Eray Aslan
              ... For the record, I added the following to the main.cf: smtpd_recipient_restrictions = ... check_sender_access regexp:/etc/postfix/empty_local ...
              Message 6 of 12 , Feb 1, 2007
              • 0 Attachment
                Eray Aslan wrote:
                > As far as I can tell, RFCs allow empty local part as quoted null string.
                > Even if it is technically correct, should we allow empty local parts in
                > email address in the form of @...? Certainly, it not
                > deliverable. Or is Exchange at fault here and I should solve this by a
                > regexp in check_sender_access?

                For the record, I added the following to the main.cf:

                smtpd_recipient_restrictions =
                ...
                check_sender_access regexp:/etc/postfix/empty_local
                ...

                /etc/postfix/empty_local:
                /^@.+/ REJECT No empty local part in email addresses please

                Any caveats I should be aware of?

                --
                Eray
              • Mark Martinec
                Eray, ... With: strict_rfc821_envelopes = yes mail from: 501 5.1.7 Bad sender address syntax We have the strict_rfc821_envelopes turned on since
                Message 7 of 12 , Feb 1, 2007
                • 0 Attachment
                  Eray,

                  > As far as I can tell, RFCs allow empty local part as quoted null string.
                  > Even if it is technically correct, should we allow empty local parts in
                  > email address in the form of @...? Certainly, it not
                  > deliverable. Or is Exchange at fault here and I should solve this by a
                  > regexp in check_sender_access?

                  With:
                  strict_rfc821_envelopes = yes

                  mail from:<@...>
                  501 5.1.7 Bad sender address syntax


                  We have the strict_rfc821_envelopes turned on since forever
                  for precisely this reason. There were no cases here
                  of legitimate mail that were turned down by this setting.

                  Mark
                • mouss
                  ... .+ at the end or beginning of regular expressions is useless. so /^@/ should do. Mark s suggestion (strict_rfc821_envelopes) is a better solution.
                  Message 8 of 12 , Feb 1, 2007
                  • 0 Attachment
                    Eray Aslan wrote:
                    >
                    >
                    > For the record, I added the following to the main.cf:
                    >
                    > smtpd_recipient_restrictions =
                    > ...
                    > check_sender_access regexp:/etc/postfix/empty_local
                    > ...
                    >
                    > /etc/postfix/empty_local:
                    > /^@.+/ REJECT No empty local part in email addresses please
                    >
                    > Any caveats I should be aware of?
                    >
                    >

                    .+ at the end or beginning of regular expressions is useless. so /^@/
                    should do.

                    Mark's suggestion (strict_rfc821_envelopes) is a better solution.
                  Your message has been successfully submitted and would be delivered to recipients shortly.