Loading ...
Sorry, an error occurred while loading the content.
 

Re: Configuration/backscatter problem

Expand Messages
  • Tom Diehl
    Hi Magnus, ... Ok, here are the logs produced by me telnetting to port 25 from a machine outside my local network and sending a message: Mar 30 17:30:13
    Message 1 of 4 , Mar 30, 2009
      Hi Magnus,

      On Mon, 30 Mar 2009, Magnus B├Ąck wrote:

      > On Monday, March 30, 2009 at 17:07 CEST,
      > Tom Diehl <tdiehl@...> wrote:
      >
      >> I have a machine running postfix 2.2.8. I recently noticed that it is
      >> putting messages in the queue for non-existent users and then trying
      >> to send bounce messages. Can someone please look at the following
      >> postconf -n output and tell me what I have screwed up? I really want
      >> to stop this but I am not seeing the problem.
      >
      > "postconf -n" output is good, but without logs we can only guess what
      > the problem is.


      Ok, here are the logs produced by me telnetting to port 25 from a machine
      outside my local network and sending a message:
      Mar 30 17:30:13 foghorn postfix/smtpd[8574]: D34AFF244: client=shell4.sea5.speakeasy.net[69.17.116.5]
      Mar 30 17:30:33 foghorn postfix/cleanup[8602]: D34AFF244: message-id=<20090330213013.D34AFF244@...>
      Mar 30 17:30:33 foghorn postfix/qmgr[15503]: D34AFF244: from=<foo@...>, size=374, nrcpt=1 (queue active)
      Mar 30 17:30:33 foghorn postfix/smtpd[8605]: connect from unknown[127.0.0.1]
      Mar 30 17:30:33 foghorn postfix/smtpd[8605]: D2D8AF247: client=unknown[127.0.0.1]
      Mar 30 17:30:33 foghorn postfix/cleanup[8602]: D2D8AF247: message-id=<20090330213013.D34AFF244@...>
      Mar 30 17:30:33 foghorn postfix/qmgr[15503]: D2D8AF247: from=<foo@...>, size=917, nrcpt=1 (queue active)
      Mar 30 17:30:33 foghorn postfix/smtpd[8605]: disconnect from unknown[127.0.0.1]
      Mar 30 17:30:33 foghorn amavis[7197]: (07197-08) Passed, <foo@...> -> <rice@...>, Message-ID: <20090330213013.D34AFF244@...>, Hits: -0.725
      Mar 30 17:30:33 foghorn postfix/smtp[8603]: D34AFF244: to=<rice@...>, relay=127.0.0.1[127.0.0.1], delay=46, status=sent (250 2.6.0 Ok, id=07197-08, from MTA: 250 Ok: queued as D2D8AF247)
      Mar 30 17:30:33 foghorn postfix/qmgr[15503]: D34AFF244: removed
      Mar 30 17:30:33 foghorn postfix/local[8606]: D2D8AF247: to=<rice@...>, relay=local, delay=0, status=bounced (unknown user: "rice")
      Mar 30 17:30:33 foghorn postfix/cleanup[8602]: E8723F249: message-id=<20090330213033.E8723F249@...>
      Mar 30 17:30:33 foghorn postfix/qmgr[15503]: E8723F249: from=<>, size=2527, nrcpt=1 (queue active)
      Mar 30 17:30:34 foghorn postfix/qmgr[15503]: D2D8AF247: removed
      Mar 30 17:30:34 foghorn postfix/local[8606]: E8723F249: to=<foo@...>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail -t)
      Mar 30 17:30:34 foghorn postfix/qmgr[15503]: E8723F249: removed
      Mar 30 17:30:37 foghorn postfix/smtpd[8574]: disconnect from shell4.sea5.speakeasy.net[69.17.116.5]

      As you can see, the user "rice" does not exist.

      >> (foghorn pts2) # postconf -n alias_database = hash:/etc/postfix/aliases
      >> hash:/etc/postfix/local.maps/local.aliases
      >> alias_maps = hash:/etc/postfix/aliases
      >> hash:/etc/postfix/local.maps/local.aliases biff = no body_checks =
      >> pcre:/etc/postfix/common.maps/body_checks bounce_queue_lifetime = 6h
      >
      > I suppose it was your mail client that screwed up these lines?

      Sorry, I should have paid better attention.

      >
      >> content_filter = smtp-amavis:[127.0.0.1]:10024
      >> debug_peer_level = 2
      >> disable_vrfy_command = yes
      >> header_checks = pcre:/etc/postfix/common.maps/header_checks
      >> local_recipient_maps =
      >
      > This explicitly disables recipient address validation for local domains
      > (i.e. domains listed in mydestination). This may or may not be the
      > reason for your bounces.

      That was it!! Thank You!! After switching this back to the default
      my smtp transaction now looks like this:

      Mar 30 17:41:07 foghorn postfix/smtpd[9735]: connect from shell4.sea5.speakeasy.net[69.17.116.5]
      Mar 30 17:41:30 foghorn postfix/smtpd[9735]: NOQUEUE: reject: RCPT from shell4.sea5.speakeasy.net[69.17.116.5]: 550 <rice@...>: Recipient address rejected: User unknown in local recipient table; from=<foo@...> to=<rice@...> proto=SMTP helo=<mail.foo.com>
      Mar 30 17:41:50 foghorn postfix/smtpd[9735]: disconnect from shell4.sea5.speakeasy.net[69.17.116.5]

      I wish I remembered why I set "local_recipient_maps =" in the first place.
      I will have to see what else breaks. :-( Initial testing says everything
      is still OK.

      >
      >> mime_header_checks = regexp:/etc/postfix/common.maps/mime_header_checks
      >> mydestination = $myhostname localhost.$mydomain $mydomain mail.$mydomain
      >> myhostname = mail.tntechs.com
      >> mynetworks = 192.168.0.0/24 127.0.0.0/8
      >> myorigin = $mydomain
      >> newaliases_path = /usr/bin/newaliases.postfix
      >> queue_directory = /var/spool/postfix
      >> readme_directory = /usr/share/doc/postfix-2.2.8-documentation/readme
      >> relay_domains = $mydestination
      >> /etc/postfix/stnhbr.maps/relay_domains.stnhbr
      >
      > Drop $mydestination from relay_domains. Currently harmless but also
      > quite useless.

      Done!!

      >
      > Where's relay_recipient_maps? Lack of recipient address validation for
      > relay domains may or may not be the reason for your bounces.

      This is deliberate. The domains that I am backup mx for filter their
      email through an external service that also does recipient validation.
      As a result we have agreed to accept anything from them.

      To be sure we are only doing this for those domains, we use the following
      in main.cf:
      "smtpd_restriction_classes = must_come_from_hosted_email"

      "must_come_from_hosted_email =
      check_client_access cidr:/etc/postfix/common.maps/hosted_email_addresses"

      With things like the following:

      216.44.46.9/32 DUNNO
      ...
      0.0.0.0/0 REJECT Mail must come from MX only

      in the hosted_email_addresses file, then

      "mydomain.com must_come_from_hosted_email", in the hosted_email_domains file

      and "check_recipient_access hash:/etc/postfix/common.maps/hosted_email_domains"
      in main.cf. This allows us to force mail for the filtered domains to only be
      accepted by this machine if it comes from the scanning providers ip address
      blocks.

      I think this is OK. If you see a problem with it, please let me know.

      Thanks again for the help.

      --
      Tom Diehl tdiehl@... Spamtrap address mtd123@...
    Your message has been successfully submitted and would be delivered to recipients shortly.