Loading ...
Sorry, an error occurred while loading the content.

Re: address verify vs. virtual_alias_maps

Expand Messages
  • Arpi
    Hi, Any chance to get this answered? Wietse? please at least tell me if my problem is: A, known bug/problem of postfix, will be fixed (when?) B, can be solved
    Message 1 of 4 , Nov 30, 2007
    • 0 Attachment
      Hi,

      Any chance to get this answered? Wietse?
      please at least tell me if my problem is:
      A, known bug/problem of postfix, will be fixed (when?)
      B, can be solved by proper configuration (some hint?)
      C, feature request

      btw i'm using postfix 2.4.1, but i didnt see such problem/fix mentioned
      in later changelogs. if it's fixed in 2.5, then i'll upgrade.

      thanks a lot,

      A'rpi

      > Hi,
      >
      > > > We have a posfix mail server, which does content filtering (spam virus etc)
      > > > for all of our mail servers, as a relay. I've enabled address verify
      > > > (both sender and recipient) for all of our server domains. It's working fine.
      > > >
      > > > Now I've added
      > > > virtual_alias_maps = hash:/etc/postfix/virtual, ldap:ldapforward, ldap:ldapvirtual
      > > > which does address translation for many of our domains where the
      > > > addresses are redirected to other addresses (users moved and have their
      > > > old mail forwarded, and some users moved to an ms exchange server).
      > > > The problem is, that I dont want to do address verification for these
      > > > foregin domains, where some of our addresses are forwarded/virtaal_aliased.
      > > > (there are some servers, where address verify doesnt work)
      > > >
      > > > Is there any way, to tell postfix which domains NOT to verify
      > > > mail to? Adding it to check_recipient_access maps in
      > > > smtpd_recipient_restrictions doesnt work, as it's used by smtpd only,
      > > > and address verify ignores that when doing the address verify.
      > > > Or any way to force verify to verify only mails to listed domains,
      > > > and do this domain check _after_ resolving virtual_alias mappings ?
      > > >
      > > > For example:
      > > > smtpd receives a connection, with recipient arpi@....
      > > > there is a such line in the check_recipient_access map:
      > > > bmf.hu reject_unverified_recipient
      > > > so it does address verify. it's ok.
      > > > but this address is mapped to an external address in virtual_alias_maps:
      > > > arpi@... arpi@...
      > > > so the verify process connects thot.banki.hu to verify this address.
      > > > but i dont want it to connect thot.banki.hu!
      > > >
      > >
      > > please show evidence (relevant logs).
      >
      > i dont really see why do you need it, i think it's clear what's
      > happening, the question is how to avoid it.
      >
      > but here is it:
      >
      > i sent a mail from root@... to arpi@...,
      > which has virtual maps entry to arpi@...:
      > virtual_alias_maps = hash:/etc/postfix/virtual, ldap:ldapforward,
      > ldap:ldapvirtual
      > /etc/postfix/virtual:
      > arpi@... arpi@...
      >
      > for the demonstration, i set firewall to drop packets from the
      > relay server to thot.banki.hu, so you can see the address verify fail.
      > (normally there is no trace in logs of address verify, only if it fails)
      >
      > Nov 28 22:40:15 sendmail postfix/smtpd[21639]: connect from b
      > b-server.archeo.mta.hu[193.224.177.3]
      > Nov 28 22:40:15 sendmail postfix/smtpd[21639]: 5116C800EE: cl
      > ient=bb-server.archeo.mta.hu[193.224.177.3]
      > Nov 28 22:40:15 sendmail postfix/smtpd[21639]: 5116C800EE: reject: RCPT
      > from bb-server.archeo.mta.hu[193.224.177.3]: 450 4.1.1 <arpi@...>:
      > Recipient address rejected: unverified address: connect to 19
      > 2.190.173.38[192.190.173.38]: Connection timed out; from=<roo
      > t@...> to=<arpi@...> proto=ESMTP helo=<server.archeo.mta.hu>
      >
      > here is the mailq of the sender (server.archeo.mta.hu):
      > -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
      > 7D0CE170E0 288 Wed Nov 28 22:38:20 root@...
      > (host sendmail.bmf.hu[193.224.40.21] said: 450 4.1.1 <arpi@...>:
      > Recipient address rejected: unverified address: connect to
      > 192.190.173.38[192.190.173.38]: Connection timed out (in reply to RCPT TO
      > command))
      > arpi@...
      >
      > (192.190.173.38 is the IP of thot.banki.hu)
      >
      > > and while you are at it, show output of 'postconf -n'. is there a
      >
      > http://thot.banki.hu/arpi/postfix/postconf.txt
      >
      > > transport entry for bmf.hu?
      >
      > yes, of course. (the relay server doesnt have local users)
      >
      > bmf.hu :[webmail.bmf.hu]
      >
      > A'rpi
      >
      > > > if the address is listed in virtual_alias_maps, then it's an existing
      > > > address (but at least an address i can assume it's a working one)
      > > > so no further checks needed!
      > > >
      > > > i hope the problem is clear now.
      > > > any ideas?
      > > >
      > > > A'rpi
      > > >
      > > >
      > >
      > >
      >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.