Loading ...
Sorry, an error occurred while loading the content.
 

RE: Increasing throuput

Expand Messages
  • Rocco Scappatura
    ... How could I activate this port? ... The behaviour has picked up (I have no more Relay access denied errors for my clients, when they try to send message
    Message 1 of 49 , Oct 1, 2007
      > I suspect your check_client_access was used to implement a
      > permit_mynetworks. Make sure this the case and reorder your checks:
      >
      > reject_unauth_destination is used to reject relay. since it
      > is the first one in your smtpd_recipient_restrictions, nobody
      > can relay via this smtpd.
      >
      > It is recommended that you enable the submission port (587)
      > and use it to relay mail (but not accept mail from the public).

      How could I activate this port?

      > In the meantime, move the check_client_access that implements
      > permit_mynetwork and put it before reject_unauth_destination.
      >
      > Please note that checks are performed in the order they are found.

      The behaviour has picked up (I have no more "Relay access denied" errors
      for my clients, when they try to send message trhoug my SMTP server).

      But I'm still a little bit sospicious about the recipient validation for
      my 'external domains'.

      For example, for an external domain of mine, say 'domain.it', I get:

      Oct 1 09:40:13 av4 postfix/smtpd[13993]: NOQUEUE: reject: RCPT from
      unknown[87.250.102.202]: 450 4.1.1 <stefanobottaluscio@...>:
      Recipient address rejected: undeliverable address: host
      mail.bontempi.it[195.96.202.54] said: 550
      <stefanobottaluscio@...>: Recipient address rejected: User unknown
      in virtual alias table (in reply to RCPT TO command);
      from=<afesteryga@...> to=<stefanobottaluscio@...>
      proto=SMTP helo=<ybvs>

      And this is OK (It seems to me that it is my SMTP server that reject the
      message for the inexistant address of my external domain). But when I
      have tried for other external domains and it doesn't seems to me that
      that mail server have the same behaviour. Infact I get:

      Oct 1 09:58:14 av4 postfix/smtp[19942]: 687F1750193:
      to=<0batillebacher@...>, relay=10.30.32.7[10.30.32.7]:25,
      delay=0.55, delays=0.11/0.29/0.12/0.03, dsn=2.0.0, status=deliverable
      (250 0batillebacher@...... Recipient OK)

      Whatever it is the recipient.. I suppose that in this case the receiving
      mail server is guilty of this mesleading behaviour..

      Maybe he has a catchall for his domain or won't verifies its recipients?

      rocsca
    • Rocco Scappatura
      ... Ok. ... I agree with you. ... 220 av4.sttspa.it helo sttspa.it 250 av4.sttspa.it mail from: 250 2.1.0 Ok rcpt to:
      Message 49 of 49 , Oct 1, 2007
        > >> It is recommended that you enable the submission port
        > (587) and use
        > >> it to relay mail (but not accept mail from the public).
        > >
        > > How could I activate this port?
        > >
        >
        > look for submission in master.cf. keep that for when you have
        > enough time though.

        Ok.

        > > But I'm still a little bit sospicious about the recipient
        > validation
        > > for my 'external domains'.
        > >
        > > For example, for an external domain of mine, say 'domain.it', I get:
        > >
        > > Oct 1 09:40:13 av4 postfix/smtpd[13993]: NOQUEUE: reject: RCPT from
        > > unknown[87.250.102.202]: 450 4.1.1 <stefanobottaluscio@...>:
        > > Recipient address rejected: undeliverable address: host
        > > mail.bontempi.it[195.96.202.54] said: 550
        > > <stefanobottaluscio@...>: Recipient address rejected: User
        > > unknown in virtual alias table (in reply to RCPT TO command);
        > > from=<afesteryga@...>
        > to=<stefanobottaluscio@...>
        > > proto=SMTP helo=<ybvs>
        >
        > looks good indeed.

        I agree with you.

        > > And this is OK (It seems to me that it is my SMTP server
        > that reject
        > > the message for the inexistant address of my external domain). But
        > > when I have tried for other external domains and it doesn't
        > seems to
        > > me that that mail server have the same behaviour. Infact I get:
        > >
        > > Oct 1 09:58:14 av4 postfix/smtp[19942]: 687F1750193:
        > > to=<0batillebacher@...>, relay=10.30.32.7[10.30.32.7]:25,
        > > delay=0.55, delays=0.11/0.29/0.12/0.03, dsn=2.0.0,
        > status=deliverable
        > > (250 0batillebacher@...... Recipient OK)
        > >
        > > Whatever it is the recipient.. I suppose that in this case the
        > > receiving mail server is guilty of this mesleading behaviour..
        > >
        > > Maybe he has a catchall for his domain or won't verifies
        > its recipients?
        >
        > try a telneting to 10.30.32.7 from the "smtp server" and see
        > if it accepts random addresses:
        >
        > # telnet 10.30.32.7
        > EHLO my.hostname
        > ...
        > MAIL FROM:<someone@yourdomain>
        > ...
        > RCPT TO:<randomaddr@...>

        220 av4.sttspa.it
        helo sttspa.it
        250 av4.sttspa.it
        mail from:<valid address>
        250 2.1.0 Ok
        rcpt to:<jkhjhj@...> <-- Invalid address>
        250 2.1.5 Ok
        data
        354 End data with <CR><LF>.<CR><LF>
        502 5.5.2 Error: command not recognized
        kljkjdfkjfd
        .
        250 2.0.0 Ok: queued as 2582475018D

        > if it says recipient ok for any user, then there is a
        > problem. possible

        So there is a problem.

        > explanations:
        > - the final server does not validate recipients (broken old
        > accept-then-bounce).
        > - the final server trusts your server and doesn't validate
        > recipients when the client is your server. you'll need to ask
        > the admin to change this if possible.
        > - the final server has a catchall. Then there is no problem,
        > unless they later bounce for some reason...

        I will investigate.. Now it is my task to discover the mistery..

        In the mean time, many thanks!!!

        rocsca

        PS: And for the submission port??
      Your message has been successfully submitted and would be delivered to recipients shortly.