Loading ...
Sorry, an error occurred while loading the content.

RE: rely recipient verification (Was: Increasing throuput)

Expand Messages
  • Rocco Scappatura
    ... Not exactly. The name is misleading, but I use this lookup table for aliases. But In this case, I use it to verify the recipient of an incoming recipient
    Message 1 of 49 , Oct 1, 2007
    • 0 Attachment
      > > This should goood as 'permit_mynetworks' substitute..
      > > Moreover, Im using:
      > >
      > > relay_domains = proxy:mysql:/etc/postfix/mysql-relay-domains.cf
      > >
      > > which looks up for the domain in the domains table which
      > mail server
      > > accept mail for.
      >
      > right. but it seems you also have a relay_recipient_maps.
      > what's this for (my understanding is that you don't have the
      > list of relay)?

      Not exactly. The name is misleading, but I use this lookup table for
      aliases. But In this case, I use it to verify the recipient of an
      incoming recipient is valid, in case the message is destined to one of
      my 'internal domain'. Moreover, I have all the catch-all for my
      'external domains'. When a message is received for an external domain
      'domain.it', it matches '@...' key and returns 'OK'.

      rocsca
    • Rocco Scappatura
      ... Ok. ... I agree with you. ... 220 av4.sttspa.it helo sttspa.it 250 av4.sttspa.it mail from: 250 2.1.0 Ok rcpt to:
      Message 49 of 49 , Oct 1, 2007
      • 0 Attachment
        > >> It is recommended that you enable the submission port
        > (587) and use
        > >> it to relay mail (but not accept mail from the public).
        > >
        > > How could I activate this port?
        > >
        >
        > look for submission in master.cf. keep that for when you have
        > enough time though.

        Ok.

        > > But I'm still a little bit sospicious about the recipient
        > validation
        > > for my 'external domains'.
        > >
        > > For example, for an external domain of mine, say 'domain.it', I get:
        > >
        > > Oct 1 09:40:13 av4 postfix/smtpd[13993]: NOQUEUE: reject: RCPT from
        > > unknown[87.250.102.202]: 450 4.1.1 <stefanobottaluscio@...>:
        > > Recipient address rejected: undeliverable address: host
        > > mail.bontempi.it[195.96.202.54] said: 550
        > > <stefanobottaluscio@...>: Recipient address rejected: User
        > > unknown in virtual alias table (in reply to RCPT TO command);
        > > from=<afesteryga@...>
        > to=<stefanobottaluscio@...>
        > > proto=SMTP helo=<ybvs>
        >
        > looks good indeed.

        I agree with you.

        > > And this is OK (It seems to me that it is my SMTP server
        > that reject
        > > the message for the inexistant address of my external domain). But
        > > when I have tried for other external domains and it doesn't
        > seems to
        > > me that that mail server have the same behaviour. Infact I get:
        > >
        > > Oct 1 09:58:14 av4 postfix/smtp[19942]: 687F1750193:
        > > to=<0batillebacher@...>, relay=10.30.32.7[10.30.32.7]:25,
        > > delay=0.55, delays=0.11/0.29/0.12/0.03, dsn=2.0.0,
        > status=deliverable
        > > (250 0batillebacher@...... Recipient OK)
        > >
        > > Whatever it is the recipient.. I suppose that in this case the
        > > receiving mail server is guilty of this mesleading behaviour..
        > >
        > > Maybe he has a catchall for his domain or won't verifies
        > its recipients?
        >
        > try a telneting to 10.30.32.7 from the "smtp server" and see
        > if it accepts random addresses:
        >
        > # telnet 10.30.32.7
        > EHLO my.hostname
        > ...
        > MAIL FROM:<someone@yourdomain>
        > ...
        > RCPT TO:<randomaddr@...>

        220 av4.sttspa.it
        helo sttspa.it
        250 av4.sttspa.it
        mail from:<valid address>
        250 2.1.0 Ok
        rcpt to:<jkhjhj@...> <-- Invalid address>
        250 2.1.5 Ok
        data
        354 End data with <CR><LF>.<CR><LF>
        502 5.5.2 Error: command not recognized
        kljkjdfkjfd
        .
        250 2.0.0 Ok: queued as 2582475018D

        > if it says recipient ok for any user, then there is a
        > problem. possible

        So there is a problem.

        > explanations:
        > - the final server does not validate recipients (broken old
        > accept-then-bounce).
        > - the final server trusts your server and doesn't validate
        > recipients when the client is your server. you'll need to ask
        > the admin to change this if possible.
        > - the final server has a catchall. Then there is no problem,
        > unless they later bounce for some reason...

        I will investigate.. Now it is my task to discover the mistery..

        In the mean time, many thanks!!!

        rocsca

        PS: And for the submission port??
      Your message has been successfully submitted and would be delivered to recipients shortly.