Loading ...
Sorry, an error occurred while loading the content.

Re: dns failure - postfix - avg - outlook

Expand Messages
  • Noel Jones
    ... You want postfix to generate a bounce back to the sender rather than correctly refusing the mail? Why? ... Better to move reject_unauth_destination to
    Message 1 of 13 , Nov 2, 2009
    • 0 Attachment
      On 11/2/2009 4:16 AM, Peter Macko wrote:
      > > On 10/28/2009 7:23 PM, Peter Macko wrote:
      > > > DNS that is used by postfix stopped working and consequently caused
      > > > postfix respond to:
      > > > 1. senders from outside: NOQUEUE: reject: RCPT from
      > > > unknown[194.168.1.66]: 450 4.1.8
      > > > 2. senders from inside (LAN): NOQUEUE: reject: RCPT from
      > > > unknown[172.16.125.115]: 450 4.1.2
      > > >
      > > > 1. case looks Ok, mailservers from outside keep trying to deliver the
      > > > rejected messages.
      > > > 2. case is not that good. Email clients on LAN e.g. outlook generate
      > > > failed delivery message 450 4.1.2.
      > > > The problem is that I use AVG antivirus to check emails and it will not
      > > > generate any message in this case.
      > > > In case of DNS failure, can I configure postfix to construct standard
      > > > message (failed delivery) for senders from LAN (local users of postfix
      > > > server) and
      > > > for senders from outside (other email servers) to keep responding
      > 450 4.1.8?
      > > >
      > >
      > > Yes, don't subject internal or authenticated users to
      > > reject_unknown_client_hostname checks.
      > >
      > > Make sure the permit_mynetworks and/or
      > > permit_sasl_authenticated is listed first.
      > >
      > > If you need more help, refer to the list welcome message you
      > > received when you signed up, or see
      > > http://www.postfix.org/DEBUG_README.html#mail
      > >
      > >
      > > -- Noel Jones
      >
      > Thanks, your advice was helpful.
      > I still have one problem. When I send email from mynetworks to local
      > user that does not exist,
      > postfix does not construct error message.
      >
      > In maillog:
      >
      > Nov 2 11:01:05 mail postfix/smtpd[5083]: NOQUEUE: reject: RCPT from unknown[A.A.A.A]: 550 5.1.1<USER@...>: Recipient address rejected: User unknown in local recipient table; from=<USER2@...> to=<USER@...> proto=ESMTP helo=<oit03>

      You want postfix to generate a bounce back to the sender
      rather than correctly refusing the mail? Why?


      >
      > postconf -n
      >
      > smtpd_recipient_restrictions = permit_mynetworks,
      > permit_sasl_authenticated,
      > reject_invalid_helo_hostname,
      > reject_non_fqdn_sender,
      > reject_non_fqdn_recipient,
      > reject_unknown_sender_domain,
      > reject_unknown_recipient_domain,
      > reject_unauth_destination,
      > reject_rbl_client sbl.spamhaus.org,
      > reject_rbl_client cbl.abuseat.org,
      > reject_rbl_client dul.dnsbl.sorbs.net

      Better to move "reject_unauth_destination" to just after
      "permit_sasl_authenticated". Rule of thumb is to put
      reject_unauth_destination as early as possible.

      Consider replacing sbl.spamhaus.org and cbl.abuseat.org with
      zen.spamhaus.org.
      http://www.spamhaus.org/zen/

      -- Noel Jones
    • Peter Macko
      ... Because the sender do not receive any notification, that he sent a message to invalid user. Comment to maillog I used few lines abov: I as USER2 send email
      Message 2 of 13 , Nov 2, 2009
      • 0 Attachment

         
        > Date: Mon, 2 Nov 2009 07:57:01 -0600
        > From: njones@...
        > To: postfix-users@...
        > Subject: Re: dns failure - postfix - avg - outlook
        >
        > On 11/2/2009 4:16 AM, Peter Macko wrote:
        > > > On 10/28/2009 7:23 PM, Peter Macko wrote:
        > > > > DNS that is used by postfix stopped working and consequently caused
        > > > > postfix respond to:
        > > > > 1. senders from outside: NOQUEUE: reject: RCPT from
        > > > > unknown[194.168.1.66]: 450 4.1.8
        > > > > 2. senders from inside (LAN): NOQUEUE: reject: RCPT from
        > > > > unknown[172.16.125.115]: 450 4.1.2
        > > > >
        > > > > 1. case looks Ok, mailservers from outside keep trying to deliver the
        > > > > rejected messages.
        > > > > 2. case is not that good. Email clients on LAN e.g. outlook generate
        > > > > failed delivery message 450 4.1.2.
        > > > > The problem is that I use AVG antivirus to check emails and it will not
        > > > > generate any message in this case.
        > > > > In case of DNS failure, can I configure postfix to construct standard
        > > > > message (failed delivery) for senders from LAN (local users of postfix
        > > > > server) and
        > > > > for senders from outside (other email servers) to keep responding
        > > 450 4.1.8?
        > > > >
        > > >
        > > > Yes, don't subject internal or authenticated users to
        > > > reject_unknown_client_hostname checks.
        > > >
        > > > Make sure the permit_mynetworks and/or
        > > > permit_sasl_authenticated is listed first.
        > > >
        > > > If you need more help, refer to the list welcome message you
        > > > received when you signed up, or see
        > > > http://www.postfix.org/DEBUG_README.html#mail
        > > >
        > > >
        > > > -- Noel Jones
        > >
        > > Thanks, your advice was helpful.
        > > I still have one problem. When I send email from mynetworks to local
        > > user that does not exist,
        > > postfix does not construct error message.
        > >
        > > In maillog:
        > >
        > > Nov 2 11:01:05 mail postfix/smtpd[5083]: NOQUEUE: reject: RCPT from unknown[A.A.A.A]: 550 5.1.1<USER@...>: Recipient address rejected: User unknown in local recipient table; from=<USER2@...> to=<USER@...> proto=ESMTP helo=<oit03>
        >
        > You want postfix to generate a bounce back to the sender
        > rather than correctly refusing the mail? Why?
        >
        >
         
        Because the sender do not receive any notification, that he sent a message to invalid user.
         
        Comment to maillog I used few lines abov:
        I as USER2 send email to USER that do not exist. DOMAIN.eu is my local domain.
        In log-file I can find the line I have stated, but my mail client MS Outlook will not notify me, I do not receive anything.
        To be exact, MS Outlook would notified me, but I use AVG antivirus to check emails and the antivirus do not communicate
        the message rejection.
         
         

        > >
        > > postconf -n
        > >
        > > smtpd_recipient_restrictions = permit_mynetworks,
        > > permit_sasl_authenticated,
        > > reject_invalid_helo_hostname,
        > > reject_non_fqdn_sender,
        > > reject_non_fqdn_recipient,
        > > reject_unknown_sender_domain,
        > > reject_unknown_recipient_domain,
        > > reject_unauth_destination,
        > > reject_rbl_client sbl.spamhaus.org,
        > > reject_rbl_client cbl.abuseat.org,
        > > reject_rbl_client dul.dnsbl.sorbs.net
        >
        > Better to move "reject_unauth_destination" to just after
        > "permit_sasl_authenticated". Rule of thumb is to put
        > reject_unauth_destination as early as possible.
        >
        > Consider replacing sbl.spamhaus.org and cbl.abuseat.org with
        > zen.spamhaus.org.
        > http://www.spamhaus.org/zen/
        >
        > -- Noel Jones



        Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
      • Noel Jones
        ... So AVG just throws away mail it cannot deliver? Is that by design or do you have some setting borked? ... Try putting right here:
        Message 3 of 13 , Nov 2, 2009
        • 0 Attachment
          On 11/2/2009 8:38 AM, Peter Macko wrote:
          >
          >
          > > Date: Mon, 2 Nov 2009 07:57:01 -0600
          > > From: njones@...
          > > To: postfix-users@...
          > > Subject: Re: dns failure - postfix - avg - outlook
          > >
          > > On 11/2/2009 4:16 AM, Peter Macko wrote:
          > > > > On 10/28/2009 7:23 PM, Peter Macko wrote:
          > > > > > DNS that is used by postfix stopped working and consequently caused
          > > > > > postfix respond to:
          > > > > > 1. senders from outside: NOQUEUE: reject: RCPT from
          > > > > > unknown[194.168.1.66]: 450 4.1.8
          > > > > > 2. senders from inside (LAN): NOQUEUE: reject: RCPT from
          > > > > > unknown[172.16.125.115]: 450 4.1.2
          > > > > >
          > > > > > 1. case looks Ok, mailservers from outside keep trying to
          > deliver the
          > > > > > rejected messages.
          > > > > > 2. case is not that good. Email clients on LAN e.g. outlook
          > generate
          > > > > > failed delivery message 450 4.1.2.
          > > > > > The problem is that I use AVG antivirus to check emails and it
          > will not
          > > > > > generate any message in this case.
          > > > > > In case of DNS failure, can I configure postfix to construct
          > standard
          > > > > > message (failed delivery) for senders from LAN (local users of
          > postfix
          > > > > > server) and
          > > > > > for senders from outside (other email servers) to keep responding
          > > > 450 4.1.8?
          > > > > >
          > > > >
          > > > > Yes, don't subject internal or authenticated users to
          > > > > reject_unknown_client_hostname checks.
          > > > >
          > > > > Make sure the permit_mynetworks and/or
          > > > > permit_sasl_authenticated is listed first.
          > > > >
          > > > > If you need more help, refer to the list welcome message you
          > > > > received when you signed up, or see
          > > > > http://www.postfix.org/DEBUG_README.html#mail
          > > > >
          > > > >
          > > > > -- Noel Jones
          > > >
          > > > Thanks, your advice was helpful.
          > > > I still have one problem. When I send email from mynetworks to local
          > > > user that does not exist,
          > > > postfix does not construct error message.
          > > >
          > > > In maillog:
          > > >
          > > > Nov 2 11:01:05 mail postfix/smtpd[5083]: NOQUEUE: reject: RCPT from
          > unknown[A.A.A.A]: 550 5.1.1<USER@...>: Recipient address rejected:
          > User unknown in local recipient table; from=<USER2@...>
          > to=<USER@...> proto=ESMTP helo=<oit03>
          > >
          > > You want postfix to generate a bounce back to the sender
          > > rather than correctly refusing the mail? Why?
          > >
          > >
          >
          > Because the sender do not receive any notification, that he sent a
          > message to invalid user.
          >
          > Comment to maillog I used few lines abov:
          > I as USER2 send email to USER that do not exist. DOMAIN.eu is my local
          > domain.
          > In log-file I can find the line I have stated, but my mail client MS
          > Outlook will not notify me, I do not receive anything.
          > To be exact, MS Outlook would notified me, but I use AVG antivirus to
          > check emails and the antivirus do not communicate
          > the message rejection.

          So AVG just throws away mail it cannot deliver? Is that by
          design or do you have some setting borked?

          > > > postconf -n
          > > >
          > > > smtpd_recipient_restrictions = permit_mynetworks,
          > > > permit_sasl_authenticated,

          Try putting right here:
          reject_unauth_destination
          reject_unlisted_recipient


          -- Noel Jones

          > > > reject_invalid_helo_hostname,
          > > > reject_non_fqdn_sender,
          > > > reject_non_fqdn_recipient,
          > > > reject_unknown_sender_domain,
          > > > reject_unknown_recipient_domain,
          > > > reject_unauth_destination,
          > > > reject_rbl_client sbl.spamhaus.org,
          > > > reject_rbl_client cbl.abuseat.org,
          > > > reject_rbl_client dul.dnsbl.sorbs.net
          > >
          > > Better to move "reject_unauth_destination" to just after
          > > "permit_sasl_authenticated". Rule of thumb is to put
          > > reject_unauth_destination as early as possible.
          > >
          > > Consider replacing sbl.spamhaus.org and cbl.abuseat.org with
          > > zen.spamhaus.org.
          > > http://www.spamhaus.org/zen/
          > >
          > > -- Noel Jones
          >
          >
          > ------------------------------------------------------------------------
          > Windows Live: Make it easier for your friends to see what you’re up to
          > on Facebook.
          > <http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009>
        • Simon Waters
          ... It sounds like an AVG problem. There is no requirement that SMTP submission always work, so if your email client can t handle an error it suggests it is
          Message 4 of 13 , Nov 2, 2009
          • 0 Attachment
            On Monday 02 November 2009 14:38:36 Peter Macko wrote:
            >
            > > You want postfix to generate a bounce back to the sender
            > > rather than correctly refusing the mail? Why?
            >
            > Because the sender do not receive any notification, that he sent a message
            > to invalid user.

            It sounds like an AVG problem.

            There is no requirement that SMTP submission always work, so if your email
            client can't handle an error it suggests it is broken.

            I'm not sure working around failure to handle error conditions is the smart
            approach, as your users will then silently lose email when a different error
            condition arises.

            My email client says "I'll leave it in the outbox till you fix it" when this
            occurs.
          • Peter Macko
            ... I have tried it, but it is still the same.Thank you very much for your help.I am almost sure, that there is a bug in AVG andI think I have found a
            Message 5 of 13 , Nov 2, 2009
            • 0 Attachment


              > Date: Mon, 2 Nov 2009 08:46:43 -0600
              > From: njones@...
              > To: peter_macko@...; postfix-users@...
              > Subject: Re: dns failure - postfix - avg - outlook
              >
              > On 11/2/2009 8:38 AM, Peter Macko wrote:
              > >
              > >
              > > > Date: Mon, 2 Nov 2009 07:57:01 -0600
              > > > From: njones@...
              > > > To: postfix-users@...
              > > > Subject: Re: dns failure - postfix - avg - outlook
              > > >
              > > > On 11/2/2009 4:16 AM, Peter Macko wrote:
              > > > > > On 10/28/2009 7:23 PM, Peter Macko wrote:
              > > > > > > DNS that is used by postfix stopped working and consequently caused
              > > > > > > postfix respond to:
              > > > > > > 1. senders from outside: NOQUEUE: reject: RCPT from
              > > > > > > unknown[194.168.1.66]: 450 4.1.8
              > > > > > > 2. senders from inside (LAN): NOQUEUE: reject: RCPT from
              > > > > > > unknown[172.16.125.115]: 450 4.1.2
              > > > > > >
              > > > > > > 1. case looks Ok, mailservers from outside keep trying to
              > > deliver the
              > > > > > > rejected messages.
              > > > > > > 2. case is not that good. Email clients on LAN e.g. outlook
              > > generate
              > > > > > > failed delivery message 450 4.1.2.
              > > > > > > The problem is that I use AVG antivirus to check emails and it
              > > will not
              > > > > > > generate any message in this case.
              > > > > > > In case of DNS failure, can I configure postfix to construct
              > > standard
              > > > > > > message (failed delivery) for senders from LAN (local users of
              > > postfix
              > > > > > > server) and
              > > > > > > for senders from outside (other email servers) to keep responding
              > > > > 450 4.1.8?
              > > > > > >
              > > > > >
              > > > > > Yes, don't subject internal or authenticated users to
              > > > > > reject_unknown_client_hostname checks.
              > > > > >
              > > > > > Make sure the permit_mynetworks and/or
              > > > > > permit_sasl_authenticated is listed first.
              > > > > >
              > > > > > If you need more help, refer to the list welcome message you
              > > > > > received when you signed up, or see
              > > > > > http://www.postfix.org/DEBUG_README.html#mail
              > > > > >
              > > > > >
              > > > > > -- Noel Jones
              > > > >
              > > > > Thanks, your advice was helpful.
              > > > > I still have one problem. When I send email from mynetworks to local
              > > > > user that does not exist,
              > > > > postfix does not construct error message.
              > > > >
              > > > > In maillog:
              > > > >
              > > > > Nov 2 11:01:05 mail postfix/smtpd[5083]: NOQUEUE: reject: RCPT from
              > > unknown[A.A.A.A]: 550 5.1.1<USER@...>: Recipient address rejected:
              > > User unknown in local recipient table; from=<USER2@...>
              > > to=<USER@...> proto=ESMTP helo=<oit03>
              > > >
              > > > You want postfix to generate a bounce back to the sender
              > > > rather than correctly refusing the mail? Why?
              > > >
              > > >
              > >
              > > Because the sender do not receive any notification, that he sent a
              > > message to invalid user.
              > >
              > > Comment to maillog I used few lines abov:
              > > I as USER2 send email to USER that do not exist. DOMAIN.eu is my local
              > > domain.
              > > In log-file I can find the line I have stated, but my mail client MS
              > > Outlook will not notify me, I do not receive anything.
              > > To be exact, MS Outlook would notified me, but I use AVG antivirus to
              > > check emails and the antivirus do not communicate
              > > the message rejection.
              >
              > So AVG just throws away mail it cannot deliver? Is that by
              > design or do you have some setting borked?
              >
              > > > > postconf -n
              > > > >
              > > > > smtpd_recipient_restrictions = permit_mynetworks,
              > > > > permit_sasl_authenticated,
              >
              > Try putting right here:
              > reject_unauth_destination
              > reject_unlisted_recipient


              I have tried it, but it is still the same.
              Thank you very much for your help.
              I am almost sure, that there is a bug in AVG and
              I think I have found a workaround.


              >
              >
              > -- Noel Jones
              >
              > > > > reject_invalid_helo_hostname,
              > > > > reject_non_fqdn_sender,
              > > > > reject_non_fqdn_recipient,
              > > > > reject_unknown_sender_domain,
              > > > > reject_unknown_recipient_domain,
              > > > > reject_unauth_destination,
              > > > > reject_rbl_client sbl.spamhaus.org,
              > > > > reject_rbl_client cbl.abuseat.org,
              > > > > reject_rbl_client dul.dnsbl.sorbs.net
              > > >
              > > > Better to move "reject_unauth_destination" to just after
              > > > "permit_sasl_authenticated". Rule of thumb is to put
              > > > reject_unauth_destination as early as possible.
              > > >
              > > > Consider replacing sbl.spamhaus.org and cbl.abuseat.org with
              > > > zen.spamhaus.org.
              > > > http://www.spamhaus.org/zen/
              > > >
              > > > -- Noel Jones
              > >
              > >
              > > ------------------------------------------------------------------------
              > > Windows Live: Make it easier for your friends to see what you’re up to
              > > on Facebook.
              > > <http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009>
              >
              >


              Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.
            • /dev/rob0
              ... Please note that the question itself is a matter of GIGO. The munged IP address cannot be in mynetworks according to the postconf shown, because it was
              Message 6 of 13 , Nov 2, 2009
              • 0 Attachment
                On Monday 02 November 2009 07:57:01 Noel Jones wrote:
                > On 11/2/2009 4:16 AM, Peter Macko wrote:
                > > I still have one problem. When I send email from mynetworks to local
                > > user that does not exist,
                > > postfix does not construct error message.
                > >
                > > In maillog:
                > >
                > > Nov 2 11:01:05 mail postfix/smtpd[5083]: NOQUEUE: reject: RCPT from
                > > unknown[A.A.A.A]: 550 5.1.1<USER@...>: Recipient address rejected:
                > > User unknown in local recipient table; from=<USER2@...>
                > > to=<USER@...> proto=ESMTP helo=<oit03>
                >
                > You want postfix to generate a bounce back to the sender
                > rather than correctly refusing the mail? Why?

                Please note that the question itself is a matter of GIGO. The munged
                IP address cannot be in mynetworks according to the postconf shown,
                because it was rejected, not accepted then bounced.

                > > postconf -n
                > >
                > > smtpd_recipient_restrictions = permit_mynetworks,

                Oh well, apparently the OP has figured out something anyway.
                --
                Offlist mail to this address is discarded unless
                "/dev/rob0" or "not-spam" is in Subject: header
              • Simon Waters
                ... I get this behaviour with permit_mynetworks and the address being covered by mynetworks parameter as well as the OP. I assumed it was the default Postfix
                Message 7 of 13 , Nov 3, 2009
                • 0 Attachment
                  On Monday 02 November 2009 20:30:00 /dev/rob0 wrote:
                  >
                  > Please note that the question itself is a matter of GIGO. The munged
                  > IP address cannot be in mynetworks according to the postconf shown,
                  > because it was rejected, not accepted then bounced.

                  I get this behaviour with permit_mynetworks and the address being covered by
                  mynetworks parameter as well as the OP.

                  I assumed it was the default Postfix behaviour, as even after deciding to
                  accept a message it still has to respond to the given "RCPT TO:" command for
                  a local user.

                  Do you get something different when sending to non-existent local users?
                • /dev/rob0
                  ... Oops. You re right. It s smtpd_reject_unlisted_recipient = yes (default.) Thanks for the correction. -- Offlist mail to this address is discarded unless
                  Message 8 of 13 , Nov 3, 2009
                  • 0 Attachment
                    On Tue, Nov 03, 2009 at 09:26:33AM +0000, Simon Waters wrote:
                    > On Monday 02 November 2009 20:30:00 /dev/rob0 wrote:
                    > >
                    > > Please note that the question itself is a matter of GIGO. The munged
                    > > IP address cannot be in mynetworks according to the postconf shown,
                    > > because it was rejected, not accepted then bounced.
                    >
                    > I get this behaviour with permit_mynetworks and the address being covered by
                    > mynetworks parameter as well as the OP.
                    >
                    > I assumed it was the default Postfix behaviour, as even after deciding to

                    Oops. You're right. It's "smtpd_reject_unlisted_recipient = yes"
                    (default.) Thanks for the correction.
                    --
                    Offlist mail to this address is discarded unless
                    "/dev/rob0" or "not-spam" is in Subject: header
                  • mouss
                    ... by default, unknown users are rejected. This is generally the right thing . you can however set smtpd_reject_unlisted_recipient = no in your submission
                    Message 9 of 13 , Nov 3, 2009
                    • 0 Attachment
                      Simon Waters a écrit :
                      > On Monday 02 November 2009 20:30:00 /dev/rob0 wrote:
                      >> Please note that the question itself is a matter of GIGO. The munged
                      >> IP address cannot be in mynetworks according to the postconf shown,
                      >> because it was rejected, not accepted then bounced.
                      >
                      > I get this behaviour with permit_mynetworks and the address being covered by
                      > mynetworks parameter as well as the OP.
                      >
                      > I assumed it was the default Postfix behaviour, as even after deciding to
                      > accept a message it still has to respond to the given "RCPT TO:" command for
                      > a local user.
                      >
                      > Do you get something different when sending to non-existent local users?
                      >

                      by default, "unknown" users are rejected. This is generally "the right
                      thing".

                      you can however set
                      smtpd_reject_unlisted_recipient = no
                      in your submission service.

                      of course, don't do this in your "general purpose" smtpd, unless you put
                      enough controls to avoid becoming a backscatter source.
                    • Arthur Titeica
                      ... Please tell us what you did.
                      Message 10 of 13 , Nov 3, 2009
                      • 0 Attachment
                        Peter Macko wrote:

                        > I have tried it, but it is still the same.
                        > Thank you very much for your help.
                        > I am almost sure, that there is a bug in AVG and
                        > I think I have found a workaround.
                        >
                        Please tell us what you did.
                      Your message has been successfully submitted and would be delivered to recipients shortly.