Loading ...
Sorry, an error occurred while loading the content.

backupmx with Postfix

Expand Messages
  • Nicolas Letellier
    Hello. I use Postfix 2.4 with a FreeBSD server. This server is called mail.myserver.com. I set up a backupmx for domain.com. So, a host - MX domain.com
    Message 1 of 19 , Jun 30 6:39 AM
    • 0 Attachment
      Hello.

      I use Postfix 2.4 with a FreeBSD server. This server is called mail.myserver.com.
      I set up a backupmx for domain.com. So, a "host - MX domain.com" returns:
      domain.com mail is handled by 10 mail.myserver.com.
      domain.com mail is handled by 1 smtp.domain.com.

      OK. So, my Postfix server must receive mail *only* if smtp.domain.com is down.

      However, no.

      I receive many many emails (and only spam, it seems). Is it normal? I thinked that my mail server would be used only if smtp.domain.com be down. Why not?

      See a log:
      Jun 30 15:34:47 trinite postfix/pipe[74027]: BF9E73228973: to=<newton@...>, relay=my_service, delay=1.8, delays=1.7/0/0/0.04, dsn=2.0.0, status=sent (delivered via my_service service)
      Jun 30 15:34:48 trinite postfix/smtp[74990]: DF5023228976: to=<newton@...>, relay=smtp.domain.com[**.**.**.**]:25, delay=0.48, delays=0.01/0/0.11/0.36, dsn=2.0.0, status=sent (250 2.0.0 m5UDYlX4030260 Message accepted for delivery)

      I don't know why I have two lines... The mail must be relayed to mail.domain.com, and it seems to be used my my_service (my service who deliver message, in master.cf).

      To conclude: open a backupmx for a domain could be dangerous? (for spam).

      Thanks for your advices.
      --
      -Nicolas.
    • Mark Goodge
      ... Yes, it s very normal. See this blog post for a good explanation: http://www.brassy.net/2006/aug/backup_mxs_are_dangerous_and_pointless If you want more,
      Message 2 of 19 , Jun 30 7:09 AM
      • 0 Attachment
        Nicolas Letellier wrote:
        > Hello.
        >
        > I use Postfix 2.4 with a FreeBSD server. This server is called
        > mail.myserver.com. I set up a backupmx for domain.com. So, a "host -
        > MX domain.com" returns: domain.com mail is handled by 10
        > mail.myserver.com. domain.com mail is handled by 1 smtp.domain.com.
        >
        > OK. So, my Postfix server must receive mail *only* if smtp.domain.com
        > is down.
        >
        > However, no.
        >
        > I receive many many emails (and only spam, it seems). Is it normal? I
        > thinked that my mail server would be used only if smtp.domain.com be
        > down. Why not?

        Yes, it's very normal. See this blog post for a good explanation:

        http://www.brassy.net/2006/aug/backup_mxs_are_dangerous_and_pointless

        If you want more, just Google for [backup MX spam].

        > To conclude: open a backupmx for a domain could be dangerous? (for
        > spam).

        Yes, it can be. The short answer is that you must have exactly the same
        anti-spam provisions on the backup as the primary, otherwise you'll
        either end up with loads of extra spam for yourself (which is bad) or
        become a major source of backscatter (which is worse).

        Mark
        --
        http://mark.goodge.co.uk - my pointless blog
        http://www.good-stuff.co.uk - my less pointless stuff
      • Nicolas Letellier
        On Mon, 30 Jun 2008 15:09:44 +0100 ... It s a good link! It learned me many things. In reading it, I want to apply an option in my postfix. Is it a good idead
        Message 3 of 19 , Jun 30 8:26 AM
        • 0 Attachment
          On Mon, 30 Jun 2008 15:09:44 +0100
          Mark Goodge <mark@...> wrote:
          > > I receive many many emails (and only spam, it seems). Is it normal? I
          > > thinked that my mail server would be used only if smtp.domain.com be
          > > down. Why not?
          >
          > Yes, it's very normal. See this blog post for a good explanation:
          >
          > http://www.brassy.net/2006/aug/backup_mxs_are_dangerous_and_pointless
          >
          > If you want more, just Google for [backup MX spam].
          It's a good link! It learned me many things.

          In reading it, I want to apply an option in my postfix. Is it a good idead to desactivate bounce options?
          I think it's a good idea for users who wants to know if the mail has correctly been received...
          However, It could be a problem for backupmx server...

          Thanks!
          --
          -Nicolas.
        • Charles Marcus
          ... You really should not operate a backup MX if you don t have a list of valid recipients. -- Best regards, Charles
          Message 4 of 19 , Jun 30 8:48 AM
          • 0 Attachment
            On 6/30/2008, Nicolas Letellier (nicolas@...) wrote:
            > In reading it, I want to apply an option in my postfix. Is it a good
            > idead to desactivate bounce options? I think it's a good idea for
            > users who wants to know if the mail has correctly been received...
            > However, It could be a problem for backupmx server...

            You really should not operate a backup MX if you don't have a list of
            valid recipients.

            --

            Best regards,

            Charles
          • Nicolas Letellier
            On Mon, 30 Jun 2008 11:48:09 -0400 ... I have a list. How set up this list (.txt format) in my Postfix ONLY for relay domains? (and not for all my others
            Message 5 of 19 , Jun 30 8:54 AM
            • 0 Attachment
              On Mon, 30 Jun 2008 11:48:09 -0400
              Charles Marcus <CMarcus@...> wrote:

              > On 6/30/2008, Nicolas Letellier (nicolas@...) wrote:
              > > In reading it, I want to apply an option in my postfix. Is it a good
              > > idead to desactivate bounce options? I think it's a good idea for
              > > users who wants to know if the mail has correctly been received...
              > > However, It could be a problem for backupmx server...
              >
              > You really should not operate a backup MX if you don't have a list of
              > valid recipients.
              I have a list.
              How set up this list (.txt format) in my Postfix ONLY for relay domains? (and not for all my others mailboxes, and aliases)

              Thanks.
            • Magnus Bäck
              On Monday, June 30, 2008 at 17:54 CEST, ... http://www.postfix.org/postconf.5.html#relay_domains http://www.postfix.org/postconf.5.html#relay_recipient_maps
              Message 6 of 19 , Jun 30 11:29 AM
              • 0 Attachment
                On Monday, June 30, 2008 at 17:54 CEST,
                Nicolas Letellier <nicolas@...> wrote:

                > On Mon, 30 Jun 2008 11:48:09 -0400
                > Charles Marcus <CMarcus@...> wrote:
                >
                > > You really should not operate a backup MX if you don't have a list
                > > of valid recipients.
                >
                > I have a list.
                > How set up this list (.txt format) in my Postfix ONLY for relay
                > domains? (and not for all my others mailboxes, and aliases)

                http://www.postfix.org/postconf.5.html#relay_domains
                http://www.postfix.org/postconf.5.html#relay_recipient_maps

                For the format of the file listed in relay_recipient_maps, see below.

                http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

                --
                Magnus Bäck
                magnus@...
              • mouss
                ... put your head on the other side of the street: how would we reliably know that your primary is not down? if we can t reach it, we don t really care if it
                Message 7 of 19 , Jun 30 12:33 PM
                • 0 Attachment
                  Nicolas Letellier wrote:
                  > Hello.
                  >
                  > I use Postfix 2.4 with a FreeBSD server. This server is called mail.myserver.com.
                  > I set up a backupmx for domain.com. So, a "host - MX domain.com" returns:
                  > domain.com mail is handled by 10 mail.myserver.com.
                  > domain.com mail is handled by 1 smtp.domain.com.
                  >
                  > OK. So, my Postfix server must receive mail *only* if smtp.domain.com is down.
                  >

                  put your head on the other side of the street: how would we reliably
                  know that your primary is not down? if we can't reach it, we don't
                  really care if it is up and playing "come out Virginia, don't let me
                  wait". we will just play "you never gave me your socket, your only gave
                  me your IP address", and will go for the next MX.

                  And anyway, if one of your requirements is that zombies respect your DNS
                  data, you'll have to find another internet ;-p

                  > However, no.
                  >
                  > I receive many many emails (and only spam, it seems). Is it normal? I thinked that my mail server would be used only if smtp.domain.com be down. Why not?
                  >
                  > See a log:
                  > Jun 30 15:34:47 trinite postfix/pipe[74027]: BF9E73228973: to=<newton@...>, relay=my_service, delay=1.8, delays=1.7/0/0/0.04, dsn=2.0.0, status=sent (delivered via my_service service)
                  > Jun 30 15:34:48 trinite postfix/smtp[74990]: DF5023228976: to=<newton@...>, relay=smtp.domain.com[**.**.**.**]:25, delay=0.48, delays=0.01/0/0.11/0.36, dsn=2.0.0, status=sent (250 2.0.0 m5UDYlX4030260 Message accepted for delivery)
                  >
                  > I don't know why I have two lines...

                  I hope that you have more than two lines: there should be a
                  postfix/smtpd (with a 'd' at the end) in your logs for these transaction
                  attempts.

                  > The mail must be relayed to mail.domain.com, and it seems to be used my my_service (my service who deliver message, in master.cf).
                  >
                  > To conclude: open a backupmx for a domain could be dangerous? (for spam).
                  >

                  not dangerous, but it requires work. the "law of conservation": you
                  can't get more for free (nor for wanadoo :) [sorry for the silly french
                  joke].
                • Nicolas Letellier
                  On Mon, 30 Jun 2008 21:33:21 +0200 ... Yes, I have the smtpd line, of course. I juste pasted the two lines where I have a question. Is it normal tha the mail
                  Message 8 of 19 , Jul 1, 2008
                  • 0 Attachment
                    On Mon, 30 Jun 2008 21:33:21 +0200
                    mouss <mouss@...> wrote:
                    > > I receive many many emails (and only spam, it seems). Is it normal? I thinked that my mail server would be used only if smtp.domain.com be down. Why not?
                    > >
                    > > See a log:
                    > > Jun 30 15:34:47 trinite postfix/pipe[74027]: BF9E73228973: to=<newton@...>, relay=my_service, delay=1.8, delays=1.7/0/0/0.04, dsn=2.0.0, status=sent (delivered via my_service service)
                    > > Jun 30 15:34:48 trinite postfix/smtp[74990]: DF5023228976: to=<newton@...>, relay=smtp.domain.com[**.**.**.**]:25, delay=0.48, delays=0.01/0/0.11/0.36, dsn=2.0.0, status=sent (250 2.0.0 m5UDYlX4030260 Message accepted for delivery)
                    > >
                    > > I don't know why I have two lines...
                    >
                    > I hope that you have more than two lines: there should be a
                    > postfix/smtpd (with a 'd' at the end) in your logs for these transaction
                    > attempts.
                    Yes, I have the 'smtpd' line, of course. I juste pasted the two lines where I have a question. Is it normal tha the mail to relay pass by my service (from master.cf), and after, is sent by smtp.domain.com.
                    I thinked than the mail to relay will just pass directly by the relay, not by the service.

                    Another question:
                    I see that bounce mail could be problematic. Is it a good idea (and mainly, is it possible?) to disable bounce mail *only* for mail to relay?

                    One another:
                    Is it adviced to reject mail with a sender address not resolvable?

                    Thanks.


                    --
                    -Nicolas.
                  • mouss
                    ... What do you mean by service vs relay ? mail is queued by the relay server and then sent to the final destination (provided the relay server is not
                    Message 9 of 19 , Jul 1, 2008
                    • 0 Attachment
                      Nicolas Letellier wrote:
                      > [snip]
                      > Yes, I have the 'smtpd' line, of course. I juste pasted the two lines where I have a question. Is it normal tha the mail to relay pass by my service (from master.cf), and after, is sent by smtp.domain.com.
                      > I thinked than the mail to relay will just pass directly by the relay, not by the service.
                      >

                      What do you mean by "service" vs "relay"? mail is queued by the relay
                      server and then sent to the final destination (provided the relay server
                      is not configured to deliver such mail locally).
                      > Another question:
                      > I see that bounce mail could be problematic. Is it a good idea (and mainly, is it possible?) to disable bounce mail *only* for mail to relay?
                      >
                      >

                      you should make sure that you validate recipients during the smtp
                      transaction. so either have the list of relay recipients
                      (relay_recipient_maps) or use reject_unverified_recipient (but the
                      latter breaks the purpose of "backup" in backupMX :).

                      > One another:
                      > Is it adviced to reject mail with a sender address not resolvable?
                      >

                      you can but it does not catch a a lot of junk. use zen.spamhaus.org and
                      after that see what spam is missed. you can then tune your restrictions
                      if possible (otherwise, use a content filter).
                    • Nicolas Letellier
                      On Tue, 01 Jul 2008 10:41:10 +0200 ... Yes, I use a recipient_maps. But if I receive a mail for a bas recipient, by postfix will send a bounce to the sender to
                      Message 10 of 19 , Jul 1, 2008
                      • 0 Attachment
                        On Tue, 01 Jul 2008 10:41:10 +0200
                        mouss <mouss@...> wrote:
                        > > Another question:
                        > > I see that bounce mail could be problematic. Is it a good idea (and mainly, is it possible?) to disable bounce mail *only* for mail to relay?
                        >
                        > you should make sure that you validate recipients during the smtp
                        > transaction. so either have the list of relay recipients
                        > (relay_recipient_maps) or use reject_unverified_recipient (but the
                        > latter breaks the purpose of "backup" in backupMX :).
                        Yes, I use a recipient_maps. But if I receive a mail for a bas recipient, by postfix will send a bounce to the sender to notify the mail does not exist (and it can be problematic if the send address does not exist).

                        --
                        -Nicolas.
                      • mouss
                        ... s/bas/bad ? ... If you have relay_recipient_maps set, then postfix will _reject_, not bounce. it is the previous MTA that generates the bounce. This is
                        Message 11 of 19 , Jul 1, 2008
                        • 0 Attachment
                          Nicolas Letellier wrote:
                          > On Tue, 01 Jul 2008 10:41:10 +0200
                          > mouss <mouss@...> wrote:
                          >
                          >>> Another question:
                          >>> I see that bounce mail could be problematic. Is it a good idea (and mainly, is it possible?) to disable bounce mail *only* for mail to relay?
                          >>>
                          >> you should make sure that you validate recipients during the smtp
                          >> transaction. so either have the list of relay recipients
                          >> (relay_recipient_maps) or use reject_unverified_recipient (but the
                          >> latter breaks the purpose of "backup" in backupMX :).
                          >>
                          > Yes, I use a recipient_maps. But if I receive a mail for a bas recipient, by

                          s/bas/bad ?

                          > postfix will send a bounce to the sender to notify the mail does not exist


                          If you have relay_recipient_maps set, then postfix will _reject_, not
                          bounce. it is the "previous" MTA that generates the bounce. This is why
                          you should reject on the first server that you manage and let others
                          bounce or do whatever they want.

                          > (and it can be problematic if the send address does not exist).
                          >

                          if the sender does not exist, there is not much problems. The real
                          problem is if the sender exists but did not send the message (spam
                          forges sender address) and when you as a victim get thousands of NDRs
                          for mail you never sent, you will hate the backscatter source...
                        • Nicolas Letellier
                          On Tue, 01 Jul 2008 11:04:53 +0200 ... But, if Postfix rejects a mail, it sends a mail to inform that the mail has been rejected or not? If rejecting a mail,
                          Message 12 of 19 , Jul 1, 2008
                          • 0 Attachment
                            On Tue, 01 Jul 2008 11:04:53 +0200
                            mouss <mouss@...> wrote:
                            > If you have relay_recipient_maps set, then postfix will _reject_, not
                            > bounce. it is the "previous" MTA that generates the bounce. This is why
                            > you should reject on the first server that you manage and let others
                            > bounce or do whatever they want.
                            But, if Postfix rejects a mail, it sends a mail to inform that the mail has been rejected or not?
                            If rejecting a mail, Postfix send it to /dev/null and do not send any mails to sender, it's a good news!


                            --
                            -Nicolas.
                          • Mark Goodge
                            ... No. The server that has the mail rejected sends the mail. Consider this sequence of events: 1. User sends mail out via server A. 2. Server A contacts
                            Message 13 of 19 , Jul 1, 2008
                            • 0 Attachment
                              Nicolas Letellier wrote:
                              > On Tue, 01 Jul 2008 11:04:53 +0200
                              > mouss <mouss@...> wrote:
                              >> If you have relay_recipient_maps set, then postfix will _reject_, not
                              >> bounce. it is the "previous" MTA that generates the bounce. This is why
                              >> you should reject on the first server that you manage and let others
                              >> bounce or do whatever they want.
                              >
                              > But, if Postfix rejects a mail, it sends a mail to inform that the mail has been rejected or not?

                              No. The server that has the mail rejected sends the mail. Consider this
                              sequence of events:

                              1. User sends mail out via server A.

                              2. Server A contacts server B to pass the message on.

                              3. Server B accepts the mail.

                              4. Server B contacts server C to pass the message on.

                              5. Server C rejects the mail.

                              6. Server B emails the sender to say that the mail was rejected by C.

                              You only need to worry about this if you manage server B (as it makes
                              you a potential source of backscatter). If you manage server C, then all
                              you need to do is reject mail you don't want.

                              Mark
                              --
                              http://mark.goodge.co.uk - my pointless blog
                              http://www.good-stuff.co.uk - my less pointless stuff
                            • Nicolas Letellier
                              On Tue, 01 Jul 2008 10:42:02 +0100 ... I manage server B (backupmx). Server C is not mine. The problem is: 1. User sends mail out via server A to an non
                              Message 14 of 19 , Jul 1, 2008
                              • 0 Attachment
                                On Tue, 01 Jul 2008 10:42:02 +0100
                                Mark Goodge <mark@...> wrote:

                                >
                                >
                                > Nicolas Letellier wrote:
                                > > On Tue, 01 Jul 2008 11:04:53 +0200
                                > > mouss <mouss@...> wrote:
                                > >> If you have relay_recipient_maps set, then postfix will _reject_, not
                                > >> bounce. it is the "previous" MTA that generates the bounce. This is why
                                > >> you should reject on the first server that you manage and let others
                                > >> bounce or do whatever they want.
                                > >
                                > > But, if Postfix rejects a mail, it sends a mail to inform that the mail has been rejected or not?
                                >
                                > No. The server that has the mail rejected sends the mail. Consider this
                                > sequence of events:
                                >
                                > 1. User sends mail out via server A.
                                >
                                > 2. Server A contacts server B to pass the message on.
                                >
                                > 3. Server B accepts the mail.
                                >
                                > 4. Server B contacts server C to pass the message on.
                                >
                                > 5. Server C rejects the mail.
                                >
                                > 6. Server B emails the sender to say that the mail was rejected by C.
                                >
                                > You only need to worry about this if you manage server B (as it makes
                                > you a potential source of backscatter). If you manage server C, then all
                                > you need to do is reject mail you don't want.
                                I manage server B (backupmx). Server C is not mine.
                                The problem is:

                                1. User sends mail out via server A to an non existent recipient like 4-ygbG5_ygà@...
                                2. Server B checks the recipient and see it does not exists in recipient_maps (so it does not relay it to server C). The mail is rejected.
                                3. Is server B send an email to User to inform him that his email has not been received (because of a bad recipient) ?


                                --
                                -Nicolas.
                              • Scott Kitterman
                                ... No. That s server A s job. Server B rejects the message and never takes responsibility for it. Server A is still responsible for the message and
                                Message 15 of 19 , Jul 1, 2008
                                • 0 Attachment
                                  On Tue, 1 Jul 2008 11:53:52 +0200 Nicolas Letellier <nicolas@...> wrote:
                                  >On Tue, 01 Jul 2008 10:42:02 +0100
                                  >Mark Goodge <mark@...> wrote:
                                  >
                                  >>
                                  >>
                                  >> Nicolas Letellier wrote:
                                  >> > On Tue, 01 Jul 2008 11:04:53 +0200
                                  >> > mouss <mouss@...> wrote:
                                  >> >> If you have relay_recipient_maps set, then postfix will _reject_, not
                                  >> >> bounce. it is the "previous" MTA that generates the bounce. This is why
                                  >> >> you should reject on the first server that you manage and let others
                                  >> >> bounce or do whatever they want.
                                  >> >
                                  >> > But, if Postfix rejects a mail, it sends a mail to inform that the mail has been rejected or not?
                                  >>
                                  >> No. The server that has the mail rejected sends the mail. Consider this
                                  >> sequence of events:
                                  >>
                                  >> 1. User sends mail out via server A.
                                  >>
                                  >> 2. Server A contacts server B to pass the message on.
                                  >>
                                  >> 3. Server B accepts the mail.
                                  >>
                                  >> 4. Server B contacts server C to pass the message on.
                                  >>
                                  >> 5. Server C rejects the mail.
                                  >>
                                  >> 6. Server B emails the sender to say that the mail was rejected by C.
                                  >>
                                  >> You only need to worry about this if you manage server B (as it makes
                                  >> you a potential source of backscatter). If you manage server C, then all
                                  >> you need to do is reject mail you don't want.
                                  >I manage server B (backupmx). Server C is not mine.
                                  >The problem is:
                                  >
                                  >1. User sends mail out via server A to an non existent recipient like 4-ygbG5_ygà@...
                                  >2. Server B checks the recipient and see it does not exists in recipient_maps (so it does not relay it to server C). The mail is rejected.
                                  >3. Is server B send an email to User to inform him that his email has not been received (because of a bad recipient) ?

                                  No. That's server A's job.

                                  Server B rejects the message and never takes responsibility for it. Server A is still responsible for the message and generating the bounce message.

                                  Scott K
                                • Mark Goodge
                                  ... No. In this case, server A will send the email, because it will not get to step 3 in my sequence above. Instead, you have this: 1. User sends mail out via
                                  Message 16 of 19 , Jul 1, 2008
                                  • 0 Attachment
                                    Nicolas Letellier wrote:
                                    > On Tue, 01 Jul 2008 10:42:02 +0100
                                    > Mark Goodge <mark@...> wrote:
                                    >
                                    >> No. The server that has the mail rejected sends the mail. Consider this
                                    >> sequence of events:
                                    >>
                                    >> 1. User sends mail out via server A.
                                    >>
                                    >> 2. Server A contacts server B to pass the message on.
                                    >>
                                    >> 3. Server B accepts the mail.
                                    >>
                                    >> 4. Server B contacts server C to pass the message on.
                                    >>
                                    >> 5. Server C rejects the mail.
                                    >>
                                    >> 6. Server B emails the sender to say that the mail was rejected by C.
                                    >>
                                    >> You only need to worry about this if you manage server B (as it makes
                                    >> you a potential source of backscatter). If you manage server C, then all
                                    >> you need to do is reject mail you don't want.
                                    >
                                    > I manage server B (backupmx). Server C is not mine.
                                    > The problem is:
                                    >
                                    > 1. User sends mail out via server A to an non existent recipient like 4-ygbG5_ygà@...
                                    > 2. Server B checks the recipient and see it does not exists in recipient_maps (so it does not relay it to server C). The mail is rejected.
                                    > 3. Is server B send an email to User to inform him that his email has not been received (because of a bad recipient) ?

                                    No. In this case, server A will send the email, because it will not get
                                    to step 3 in my sequence above. Instead, you have this:

                                    1. User sends mail out via server A.

                                    2. Server A contacts server B to pass the message on.

                                    3. Server B rejects the mail.

                                    4. Server A emails the sender to say that the mail was rejected by C.

                                    Mark
                                    --
                                    http://mark.goodge.co.uk - my pointless blog
                                    http://www.good-stuff.co.uk - my less pointless stuff
                                  • Nicolas Letellier
                                    On Tue, 01 Jul 2008 6:04:41 -0400 ... Oops.... I made an error in this message... I retry... Server A: backup MX (me) Server B: smtp.domain.com (true smtp
                                    Message 17 of 19 , Jul 1, 2008
                                    • 0 Attachment
                                      On Tue, 01 Jul 2008 6:04:41 -0400
                                      Scott Kitterman <postfix@...> wrote:

                                      > On Tue, 1 Jul 2008 11:53:52 +0200 Nicolas Letellier <nicolas@...> wrote:
                                      > >On Tue, 01 Jul 2008 10:42:02 +0100
                                      > >Mark Goodge <mark@...> wrote:
                                      > >
                                      > >>
                                      > >>
                                      > >> Nicolas Letellier wrote:
                                      > >> > On Tue, 01 Jul 2008 11:04:53 +0200
                                      > >> > mouss <mouss@...> wrote:
                                      > >> >> If you have relay_recipient_maps set, then postfix will _reject_, not
                                      > >> >> bounce. it is the "previous" MTA that generates the bounce. This is why
                                      > >> >> you should reject on the first server that you manage and let others
                                      > >> >> bounce or do whatever they want.
                                      > >> >
                                      > >> > But, if Postfix rejects a mail, it sends a mail to inform that the mail has been rejected or not?
                                      > >>
                                      > >> No. The server that has the mail rejected sends the mail. Consider this
                                      > >> sequence of events:
                                      > >>
                                      > >> 1. User sends mail out via server A.
                                      > >>
                                      > >> 2. Server A contacts server B to pass the message on.
                                      > >>
                                      > >> 3. Server B accepts the mail.
                                      > >>
                                      > >> 4. Server B contacts server C to pass the message on.
                                      > >>
                                      > >> 5. Server C rejects the mail.
                                      > >>
                                      > >> 6. Server B emails the sender to say that the mail was rejected by C.
                                      > >>
                                      > >> You only need to worry about this if you manage server B (as it makes
                                      > >> you a potential source of backscatter). If you manage server C, then all
                                      > >> you need to do is reject mail you don't want.
                                      > >I manage server B (backupmx). Server C is not mine.
                                      > >The problem is:
                                      > >
                                      > >1. User sends mail out via server A to an non existent recipient like 4-ygbG5_ygà@...
                                      > >2. Server B checks the recipient and see it does not exists in recipient_maps (so it does not relay it to server C). The mail is rejected.
                                      > >3. Is server B send an email to User to inform him that his email has not been received (because of a bad recipient) ?
                                      >
                                      > No. That's server A's job.
                                      >
                                      > Server B rejects the message and never takes responsibility for it. Server A is still responsible for the message and generating the bounce message.
                                      >
                                      > Scott K
                                      Oops.... I made an error in this message... I retry...

                                      Server A: backup MX (me)
                                      Server B: smtp.domain.com (true smtp server, managed by another persons who want a backupmx)

                                      1. User sends mail out via server A to an non existent recipient like 4-ygbG5_ygà@...
                                      2. Server A checks the recipient and see it does not exists in recipient_maps (so it does not relay it to server B). The mail is rejected.
                                      3. Is server A send an email to User to inform him that his email has not been received (because of a bad recipient) ?

                                      So, Server A (me) will reject the mail and send a bounce... I don't want to bounce mails for it.


                                      --
                                      -Nicolas.
                                    • mouss
                                      ... do not confuse reject and bounce . here is a reject example: C is a remote client (MTA or other). S is your server. C- S: connect S- C: show greeting
                                      Message 18 of 19 , Jul 1, 2008
                                      • 0 Attachment
                                        Nicolas Letellier wrote:
                                        > On Tue, 01 Jul 2008 11:04:53 +0200
                                        > mouss <mouss@...> wrote:
                                        >
                                        >> If you have relay_recipient_maps set, then postfix will _reject_, not
                                        >> bounce. it is the "previous" MTA that generates the bounce. This is why
                                        >> you should reject on the first server that you manage and let others
                                        >> bounce or do whatever they want.
                                        >>
                                        > But, if Postfix rejects a mail, it sends a mail to inform that the mail has been rejected or not?
                                        > If rejecting a mail, Postfix send it to /dev/null and do not send any mails to sender, it's a good news!
                                        >
                                        >
                                        >

                                        do not confuse "reject" and "bounce".

                                        here is a reject example: C is a remote client (MTA or other). S is your
                                        server.

                                        C->S: connect
                                        S->C: show greeting banner
                                        C->S: says helo
                                        S->C: show supported extensions (auth, tls, ... etc)
                                        C->S: MAIL FROM: <sender@...>
                                        S->C: OK
                                        C->S: RCPT TO: <invalid@...>
                                        S->C: rejected. recipient does not exist
                                        C->S: QUIT

                                        no message is exchanged here. your server does nothing after this. it
                                        does not send a bounce. If C is a normal MTA, it is its responsibility
                                        to generate a bounce, but this none of our business: we don't care.

                                        If on the other hand your server is misconfigured, it will accept the
                                        mail during the smtp transaction. then later it will find out that it
                                        cannot deliver the message. it will then generate a bounce and send it
                                        to the original sender. sometime ago, this was ok, but since a lot of
                                        spam uses forged addresses, such bounces go to innocent people who did
                                        not send anything. This is backscatter.
                                      • Nicolas Letellier
                                        On Tue, 01 Jul 2008 17:33:09 +0200 ... Ok, thanks for the explication! This will help me. -- -Nicolas.
                                        Message 19 of 19 , Jul 1, 2008
                                        • 0 Attachment
                                          On Tue, 01 Jul 2008 17:33:09 +0200
                                          mouss <mouss@...> wrote:

                                          > Nicolas Letellier wrote:
                                          > > On Tue, 01 Jul 2008 11:04:53 +0200
                                          > > mouss <mouss@...> wrote:
                                          > >
                                          > >> If you have relay_recipient_maps set, then postfix will _reject_, not
                                          > >> bounce. it is the "previous" MTA that generates the bounce. This is why
                                          > >> you should reject on the first server that you manage and let others
                                          > >> bounce or do whatever they want.
                                          > >>
                                          > > But, if Postfix rejects a mail, it sends a mail to inform that the mail has been rejected or not?
                                          > > If rejecting a mail, Postfix send it to /dev/null and do not send any mails to sender, it's a good news!
                                          > >
                                          > >
                                          > >
                                          >
                                          > do not confuse "reject" and "bounce".
                                          >
                                          > here is a reject example: C is a remote client (MTA or other). S is your
                                          > server.
                                          >
                                          > C->S: connect
                                          > S->C: show greeting banner
                                          > C->S: says helo
                                          > S->C: show supported extensions (auth, tls, ... etc)
                                          > C->S: MAIL FROM: <sender@...>
                                          > S->C: OK
                                          > C->S: RCPT TO: <invalid@...>
                                          > S->C: rejected. recipient does not exist
                                          > C->S: QUIT
                                          >
                                          > no message is exchanged here. your server does nothing after this. it
                                          > does not send a bounce. If C is a normal MTA, it is its responsibility
                                          > to generate a bounce, but this none of our business: we don't care.
                                          >
                                          > If on the other hand your server is misconfigured, it will accept the
                                          > mail during the smtp transaction. then later it will find out that it
                                          > cannot deliver the message. it will then generate a bounce and send it
                                          > to the original sender. sometime ago, this was ok, but since a lot of
                                          > spam uses forged addresses, such bounces go to innocent people who did
                                          > not send anything. This is backscatter.
                                          Ok, thanks for the explication! This will help me.


                                          --
                                          -Nicolas.
                                        Your message has been successfully submitted and would be delivered to recipients shortly.