Re: Configuration/backscatter problem
- Hi Magnus,
On Mon, 30 Mar 2009, Magnus Bäck wrote:
> On Monday, March 30, 2009 at 17:07 CEST,
> Tom Diehl <tdiehl@...> wrote:
>> I have a machine running postfix 2.2.8. I recently noticed that it is
>> putting messages in the queue for non-existent users and then trying
>> to send bounce messages. Can someone please look at the following
>> postconf -n output and tell me what I have screwed up? I really want
>> to stop this but I am not seeing the problem.
> "postconf -n" output is good, but without logs we can only guess what
> the problem is.
Ok, here are the logs produced by me telnetting to port 25 from a machine
outside my local network and sending a message:
Mar 30 17:30:13 foghorn postfix/smtpd: D34AFF244: client=shell4.sea5.speakeasy.net[188.8.131.52]
Mar 30 17:30:33 foghorn postfix/cleanup: D34AFF244: message-id=<20090330213013.D34AFF244@...>
Mar 30 17:30:33 foghorn postfix/qmgr: D34AFF244: from=<foo@...>, size=374, nrcpt=1 (queue active)
Mar 30 17:30:33 foghorn postfix/smtpd: connect from unknown[127.0.0.1]
Mar 30 17:30:33 foghorn postfix/smtpd: D2D8AF247: client=unknown[127.0.0.1]
Mar 30 17:30:33 foghorn postfix/cleanup: D2D8AF247: message-id=<20090330213013.D34AFF244@...>
Mar 30 17:30:33 foghorn postfix/qmgr: D2D8AF247: from=<foo@...>, size=917, nrcpt=1 (queue active)
Mar 30 17:30:33 foghorn postfix/smtpd: disconnect from unknown[127.0.0.1]
Mar 30 17:30:33 foghorn amavis: (07197-08) Passed, <foo@...> -> <rice@...>, Message-ID: <20090330213013.D34AFF244@...>, Hits: -0.725
Mar 30 17:30:33 foghorn postfix/smtp: D34AFF244: to=<rice@...>, relay=127.0.0.1[127.0.0.1], delay=46, status=sent (250 2.6.0 Ok, id=07197-08, from MTA: 250 Ok: queued as D2D8AF247)
Mar 30 17:30:33 foghorn postfix/qmgr: D34AFF244: removed
Mar 30 17:30:33 foghorn postfix/local: D2D8AF247: to=<rice@...>, relay=local, delay=0, status=bounced (unknown user: "rice")
Mar 30 17:30:33 foghorn postfix/cleanup: E8723F249: message-id=<20090330213033.E8723F249@...>
Mar 30 17:30:33 foghorn postfix/qmgr: E8723F249: from=<>, size=2527, nrcpt=1 (queue active)
Mar 30 17:30:34 foghorn postfix/qmgr: D2D8AF247: removed
Mar 30 17:30:34 foghorn postfix/local: E8723F249: to=<foo@...>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail -t)
Mar 30 17:30:34 foghorn postfix/qmgr: E8723F249: removed
Mar 30 17:30:37 foghorn postfix/smtpd: disconnect from shell4.sea5.speakeasy.net[184.108.40.206]
As you can see, the user "rice" does not exist.
>> (foghorn pts2) # postconf -n alias_database = hash:/etc/postfix/aliases
>> alias_maps = hash:/etc/postfix/aliases
>> hash:/etc/postfix/local.maps/local.aliases biff = no body_checks =
>> pcre:/etc/postfix/common.maps/body_checks bounce_queue_lifetime = 6h
> I suppose it was your mail client that screwed up these lines?
Sorry, I should have paid better attention.
>> content_filter = smtp-amavis:[127.0.0.1]:10024
>> debug_peer_level = 2
>> disable_vrfy_command = yes
>> header_checks = pcre:/etc/postfix/common.maps/header_checks
>> local_recipient_maps =
> This explicitly disables recipient address validation for local domains
> (i.e. domains listed in mydestination). This may or may not be the
> reason for your bounces.
That was it!! Thank You!! After switching this back to the default
my smtp transaction now looks like this:
Mar 30 17:41:07 foghorn postfix/smtpd: connect from shell4.sea5.speakeasy.net[220.127.116.11]
Mar 30 17:41:30 foghorn postfix/smtpd: NOQUEUE: reject: RCPT from shell4.sea5.speakeasy.net[18.104.22.168]: 550 <rice@...>: Recipient address rejected: User unknown in local recipient table; from=<foo@...> to=<rice@...> proto=SMTP helo=<mail.foo.com>
Mar 30 17:41:50 foghorn postfix/smtpd: disconnect from shell4.sea5.speakeasy.net[22.214.171.124]
I wish I remembered why I set "local_recipient_maps =" in the first place.
I will have to see what else breaks. :-( Initial testing says everything
is still OK.
>> mime_header_checks = regexp:/etc/postfix/common.maps/mime_header_checks
>> mydestination = $myhostname localhost.$mydomain $mydomain mail.$mydomain
>> myhostname = mail.tntechs.com
>> mynetworks = 192.168.0.0/24 127.0.0.0/8
>> myorigin = $mydomain
>> newaliases_path = /usr/bin/newaliases.postfix
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/share/doc/postfix-2.2.8-documentation/readme
>> relay_domains = $mydestination
> Drop $mydestination from relay_domains. Currently harmless but also
> quite useless.
> Where's relay_recipient_maps? Lack of recipient address validation for
> relay domains may or may not be the reason for your bounces.
This is deliberate. The domains that I am backup mx for filter their
email through an external service that also does recipient validation.
As a result we have agreed to accept anything from them.
To be sure we are only doing this for those domains, we use the following
"smtpd_restriction_classes = must_come_from_hosted_email"
With things like the following:
0.0.0.0/0 REJECT Mail must come from MX only
in the hosted_email_addresses file, then
"mydomain.com must_come_from_hosted_email", in the hosted_email_domains file
and "check_recipient_access hash:/etc/postfix/common.maps/hosted_email_domains"
in main.cf. This allows us to force mail for the filtered domains to only be
accepted by this machine if it comes from the scanning providers ip address
I think this is OK. If you see a problem with it, please let me know.
Thanks again for the help.
Tom Diehl tdiehl@... Spamtrap address mtd123@...