Loading ...
Sorry, an error occurred while loading the content.
 

Re: Invalid address and bounce from Exchange

Expand Messages
  • Michael Wang
    ... [...snip...] ... reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a smtpd_recipient_restrictions one. -- Michael Wang
    Message 1 of 12 , Feb 1, 2007
      Eray Aslan wrote:
      > Hello,
      >
      > Postfix acts as a relay for our internal exchange server. The following
      > message generates a bounce from exchange. Shouldn't
      > reject_non_fqdn_sender catch these addresses?

      [...snip...]

      > smtpd_recipient_restrictions =
      > reject_non_fqdn_sender
      > reject_non_fqdn_recipient
      > reject_unlisted_recipient
      > reject_unlisted_sender
      > permit_sasl_authenticated
      > permit_mynetworks
      > reject_unauth_destination
      > check_helo_access cidr:/etc/postfix/helo_checks_ip
      > check_helo_access hash:/etc/postfix/helo_checks
      > check_recipient_access hash:/etc/postfix/recipient_checks
      > reject_invalid_helo_hostname
      > check_sender_access pcre:/etc/postfix/valid_sender.pcre
      > check_sender_access hash:/etc/postfix/sender_access
      > reject_rbl_client zen.spamhaus.org
      > check_sender_access regexp:/etc/postfix/filter_10024_catchall

      reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
      smtpd_recipient_restrictions one.

      --
      Michael Wang
    • Ralf Hildebrandt
      ... It can be used in smtpd_recipient_restrictions as well -- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) plonk@charite.de Postfix -
      Message 2 of 12 , Feb 1, 2007
        * Michael Wang <postfix-user@...>:

        > >smtpd_recipient_restrictions =
        > > reject_non_fqdn_sender
        > > reject_non_fqdn_recipient
        > > reject_unlisted_recipient
        > > reject_unlisted_sender
        > > permit_sasl_authenticated
        > > permit_mynetworks
        > > reject_unauth_destination
        > > check_helo_access cidr:/etc/postfix/helo_checks_ip
        > > check_helo_access hash:/etc/postfix/helo_checks
        > > check_recipient_access hash:/etc/postfix/recipient_checks
        > > reject_invalid_helo_hostname
        > > check_sender_access pcre:/etc/postfix/valid_sender.pcre
        > > check_sender_access hash:/etc/postfix/sender_access
        > > reject_rbl_client zen.spamhaus.org
        > > check_sender_access regexp:/etc/postfix/filter_10024_catchall
        >
        > reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
        > smtpd_recipient_restrictions one.

        It can be used in smtpd_recipient_restrictions as well

        --
        Ralf Hildebrandt (Ralf.Hildebrandt@...) plonk@...
        Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
        http://www.arschkrebs.de
        Disclaimer:
        By sending an email to ANY of my addresses you are agreeing that:
        1. I am by definition, "the intended recipient"
        2. All information in the email is mine to do with as I see fit and
        make such financial profit, political mileage, or good joke as it
        lends itself to. In particular, I may quote it on usenet.
        3. I may take the contents as representing the views of your company.
        4. This overrides any disclaimer or statement of confidentiality that
        may be included on your message.
      • Michael Wang
        ... Ah ha, I missed that in the docs, thanks for the correction. -- Michael Wang
        Message 3 of 12 , Feb 1, 2007
          Ralf Hildebrandt wrote:
          > * Michael Wang <postfix-user@...>:
          >> reject_non_fqdn_sender is a smtpd_sender_restrictions restriction not a
          >> smtpd_recipient_restrictions one.
          >
          > It can be used in smtpd_recipient_restrictions as well

          Ah ha, I missed that in the docs, thanks for the correction.

          --
          Michael Wang
        • Eray Aslan
          ... As far as I can tell, RFCs allow empty local part as quoted null string. Even if it is technically correct, should we allow empty local parts in email
          Message 4 of 12 , Feb 1, 2007
            Eray Aslan wrote:
            > Postfix acts as a relay for our internal exchange server. The following
            > message generates a bounce from exchange. Shouldn't
            > reject_non_fqdn_sender catch these addresses?
            >
            > mail ~ # zgrep 503242E4DC /var/log/mail.log.1.gz
            > Jan 29 16:50:46 mail postfix/smtpd[30273]: 503242E4DC:
            > client=unknown[201.76.232.39]
            > Jan 29 16:50:47 mail postfix/cleanup[30290]: 503242E4DC:
            > message-id=<1d9701c743b4$034438c1$27e84cc9@kawanna>
            > Jan 29 16:50:50 mail postfix/qmgr[7027]: 503242E4DC: from=<@...>,
            > size=7570, nrcpt=1 (queue active)
            > Jan 29 16:50:58 mail postfix/smtp[30291]: 503242E4DC:
            > to=<user2@...>, relay=127.0.0.1[127.0.0.1]:10024, delay=13,
            > delays=5.1/0/0.01/7.6, dsn=2.6.0, status=sent (250 2.6.0 Ok,
            > id=29009-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
            > E85E09148D)
            > Jan 29 16:50:58 mail postfix/qmgr[7027]: 503242E4DC: removed

            As far as I can tell, RFCs allow empty local part as quoted null string.
            Even if it is technically correct, should we allow empty local parts in
            email address in the form of @...? Certainly, it not
            deliverable. Or is Exchange at fault here and I should solve this by a
            regexp in check_sender_access?

            --
            Eray
          • Eray Aslan
            ... For the record, I added the following to the main.cf: smtpd_recipient_restrictions = ... check_sender_access regexp:/etc/postfix/empty_local ...
            Message 5 of 12 , Feb 1, 2007
              Eray Aslan wrote:
              > As far as I can tell, RFCs allow empty local part as quoted null string.
              > Even if it is technically correct, should we allow empty local parts in
              > email address in the form of @...? Certainly, it not
              > deliverable. Or is Exchange at fault here and I should solve this by a
              > regexp in check_sender_access?

              For the record, I added the following to the main.cf:

              smtpd_recipient_restrictions =
              ...
              check_sender_access regexp:/etc/postfix/empty_local
              ...

              /etc/postfix/empty_local:
              /^@.+/ REJECT No empty local part in email addresses please

              Any caveats I should be aware of?

              --
              Eray
            • Mark Martinec
              Eray, ... With: strict_rfc821_envelopes = yes mail from: 501 5.1.7 Bad sender address syntax We have the strict_rfc821_envelopes turned on since
              Message 6 of 12 , Feb 1, 2007
                Eray,

                > As far as I can tell, RFCs allow empty local part as quoted null string.
                > Even if it is technically correct, should we allow empty local parts in
                > email address in the form of @...? Certainly, it not
                > deliverable. Or is Exchange at fault here and I should solve this by a
                > regexp in check_sender_access?

                With:
                strict_rfc821_envelopes = yes

                mail from:<@...>
                501 5.1.7 Bad sender address syntax


                We have the strict_rfc821_envelopes turned on since forever
                for precisely this reason. There were no cases here
                of legitimate mail that were turned down by this setting.

                Mark
              • mouss
                ... .+ at the end or beginning of regular expressions is useless. so /^@/ should do. Mark s suggestion (strict_rfc821_envelopes) is a better solution.
                Message 7 of 12 , Feb 1, 2007
                  Eray Aslan wrote:
                  >
                  >
                  > For the record, I added the following to the main.cf:
                  >
                  > smtpd_recipient_restrictions =
                  > ...
                  > check_sender_access regexp:/etc/postfix/empty_local
                  > ...
                  >
                  > /etc/postfix/empty_local:
                  > /^@.+/ REJECT No empty local part in email addresses please
                  >
                  > Any caveats I should be aware of?
                  >
                  >

                  .+ at the end or beginning of regular expressions is useless. so /^@/
                  should do.

                  Mark's suggestion (strict_rfc821_envelopes) is a better solution.
                Your message has been successfully submitted and would be delivered to recipients shortly.