Loading ...
Sorry, an error occurred while loading the content.

unknown recipient issue

Expand Messages
  • Curtis Maurand
    Hello, I m new to the list, but I ve been searching the manuals, how-to s, mail archives, google, etc trying to find the answer to this quesiton. I have the
    Message 1 of 4 , Jun 1, 2010
    • 0 Attachment
      Hello,
      I'm new to the list, but I've been searching the manuals, how-to's, mail archives, google, etc trying to find the answer to this quesiton.

      I have the following setup.

      Postfix 2.6.5
      Amavisd-new 2.6.3
      Spamassassin 3.2.5
      clamav 0.96
      dbmail 2.2.9

      The entire set up works, amavis is a memory and resource hog, but I digress.  Mail is received, forwards to amavis which does what it does and then forwards to postfix which then delivers to dbmail via lmtp.

      I use sql lookups for local recipients, transports and mynetworks.

      I have in the  main.cf

      relay_domains= < a couple of domains> mysql:/etc/postfix/transport.cf
      transport_maps =  mysql:/etc/postfix/transport.cf
      local_recipient_maps=mysql:/etc/postfix/sql-recipients.cf
      smtpd_sender_restrictions = reject_unknown_sender_domain
      smtpd_client_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rb
      smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipients

      the only problem I'm having is that this system is not rejecting unlisted recipients.  I know that I'm missing something and I just can't quite put my finger on it.

      If you need further details, feel free to ask.

      thanks in advance,
      Curtis Maurand


    • Victor Duchovni
      ... Don t use the transport table directly as a relay domain table, some day you ll need special routing for an external domain, that will become an
      Message 2 of 4 , Jun 1, 2010
      • 0 Attachment
        On Tue, Jun 01, 2010 at 02:09:23PM -0400, Curtis Maurand wrote:

        > I have in the main.cf
        >
        > relay_domains= < a couple of domains> mysql:/etc/postfix/transport.cf
        > transport_maps = mysql:/etc/postfix/transport.cf

        Don't use the transport table directly as a relay domain table, some day
        you'll need special routing for an external domain, that will become an
        inadvertant relay domain.

        Also, it is best to avoid mysql, ldap, ... for the transport table and
        relay domain list. These are used by the queue manager (via trivial-rewrite)
        and are performance critical. I recomment indexed files for these, not
        database sources.

        > smtpd_recipient_restrictions = permit_mynetworks,
        > permit_sasl_authenticated, reject_unauth_destination,
        > reject_unlisted_recipients
        >
        > the only problem I'm having is that this system is not rejecting unlisted
        > recipients. I know that I'm missing something and I just can't quite put
        > my finger on it.

        You have not defined "relay_recipient_maps".

        --
        Viktor.
      • Curtis Maurand
        ... I have lots of email addresses that need to be delivered to the dbmail lmtp agent. How would you suggest I map those. Currently they go via: left hand:
        Message 3 of 4 , Jun 1, 2010
        • 0 Attachment
          On 6/1/2010 2:22 PM, Victor Duchovni wrote:
          > On Tue, Jun 01, 2010 at 02:09:23PM -0400, Curtis Maurand wrote:
          >
          >
          >> I have in the main.cf
          >>
          >> relay_domains=< a couple of domains> mysql:/etc/postfix/transport.cf
          >> transport_maps = mysql:/etc/postfix/transport.cf
          >>
          > Don't use the transport table directly as a relay domain table, some day
          > you'll need special routing for an external domain, that will become an
          > inadvertant relay domain.
          >
          I have lots of email addresses that need to be delivered to the dbmail
          lmtp agent. How would you suggest I map those. Currently they go via:

          left hand: domain.tld right hand: dbmail-lmtp:127.0.0.1:24

          I was editing the table by hand, but it seemed to be easier to do via
          the dbmail administrator and the mysql lookup. two domains, I'm simply
          filtering mail for and then sending along to their exchange server via
          smtp (sort of a postini type service.).


          > Also, it is best to avoid mysql, ldap, ... for the transport table and
          > relay domain list. These are used by the queue manager (via trivial-rewrite)
          > and are performance critical. I recomment indexed files for these, not
          > database sources.
          >
          such as a regular map file (e.g. hashtable)? That becomes unwieldy and
          unscalable for a large number of domains doesn't it. Isn't that the
          reason for using mysql? It does these types of lookups very fast.
          There is also the added advantage that I can index that table. I
          suppose I could write an interface to a hash table, but not fun.

          > You have not defined "relay_recipient_maps".

          That was the problem. Its now working as advertised.

          Thanks,
          Curtis
        • Stan Hoeppner
          ... You need to be using recipient address verification. It was designed specifically for this scenario. It is realtime and fully automatic, using SMTP
          Message 4 of 4 , Jun 2, 2010
          • 0 Attachment
            Curtis Maurand put forth on 6/1/2010 2:13 PM:

            > I was editing the table by hand, but it seemed to be easier to do via
            > the dbmail administrator and the mysql lookup. two domains, I'm simply
            > filtering mail for and then sending along to their exchange server via
            > smtp (sort of a postini type service.).

            You need to be using recipient address verification. It was designed
            specifically for this scenario. It is realtime and fully automatic, using
            SMTP queries to downstream servers to determine valid users. Set it up once
            and you're done. No databases to maintain.

            As an example, Nortel Networks uses this technique (although with qpsmtpd, not
            Postfix, IIRC) to route mail through a few smtp gateways to hundreds of
            internal domains and over 50k+ users worldwide. They have divisions using MS
            Active Directory and Exchange, some using Novell eDirectory and Groupwise,
            some using Lotus Notes, others using ??. The sheer magnitude of attempting to
            tie all of these disparate systems together just to identify valid recipients
            would have cost multiple millions and would have never worked correctly due to
            directory synchronization issues.

            SMTP based recipient address verification was(is) the simple, elegant
            solution, as all of these disparate mail platforms have SMTP in common, and
            SMTP has a mechanism for recipient address verification. In essence this
            solution is "free" of cost and complexity, and works extremely well.

            It's really the only way to fly:

            http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient


            --
            Stan
          Your message has been successfully submitted and would be delivered to recipients shortly.