Loading ...
Sorry, an error occurred while loading the content.

Problem with rejecting mail to unknown users

Expand Messages
  • Martin Kruse Jensen
    Hi. I e got a problem I ve been trying to solve for some time now, but I can t seem to get it to work. I m running Postfix on FreeBSD with Maildrop delivery,
    Message 1 of 5 , Feb 1, 2012
    • 0 Attachment
      Hi.

      I'e got a problem I've been trying to solve for some time now, but I
      can't seem to get it to work. I'm running Postfix on FreeBSD with
      Maildrop delivery, SASL authentification and PostGreSQL backend. However
      I'm sending tons of backscatter because Postfix dosn't reject mail for
      unknown local recipients

      I've tried setting local_recipient_maps and
      unknown_local_recipient_reject_code = 550 - Nothing seems to help
      though... Anyone with some pointers as to where I should look for the error?

      # postconf -n

      alias_maps =
      broken_sasl_auth_clients = yes
      command_directory = /usr/local/sbin
      config_directory = /usr/local/etc/postfix
      content_filter = smtp-amavis:[127.0.0.1]:10026
      daemon_directory = /usr/local/libexec/postfix
      data_directory = /var/db/postfix
      debug_peer_level = 2
      html_directory = /usr/local/share/doc/postfix
      in_flow_delay = 0
      local_recipient_maps =
      proxy:pgsql:/usr/local/etc/postfix/local_recipient_maps
      mail_owner = postfix
      mailq_path = /usr/local/bin/mailq
      manpage_directory = /usr/local/man
      message_size_limit = 41943040
      mydestination =
      mynetworks = 10.10.10.0/24, 127.0.0.0/8
      newaliases_path = /usr/local/bin/newaliases
      proxy_interfaces = 194.255.69.21
      proxy_read_maps = $local_recipient_maps $mydestination
      $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
      $virtual_mailbox_domains $relay_recipient_maps $relay_domains
      $canonical_maps $sender_canonical_maps $recipient_canonical_maps
      $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
      $smtp_sasl_password_maps
      queue_directory = /var/spool/postfix
      readme_directory = /usr/local/share/doc/postfix
      relay_domains = proxy:pgsql:/usr/local/etc/postfix/relaydomainmap
      relay_recipient_maps = proxy:pgsql:/usr/local/etc/postfix/relayaliasmap
      sample_directory = /usr/local/etc/postfix
      sendmail_path = /usr/local/sbin/sendmail
      setgid_group = maildrop
      smtpd_recipient_restrictions = permit_sasl_authenticated,
      permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_local_domain = pixelpoint.dk
      smtpd_sasl_path = smtpd
      smtpd_sender_login_maps = proxy:pgsql:/usr/local/etc/postfix/saslmap
      smtpd_tls_auth_only = no
      smtpd_tls_cert_file = /usr/local/share/courier-imap/imapd.pem
      smtpd_tls_key_file = /usr/local/share/courier-imap/imapd.pem
      smtpd_tls_loglevel = 1
      smtpd_tls_received_header = yes
      smtpd_use_tls = yes
      transport_maps = proxy:pgsql:/usr/local/etc/postfix/mxmap
      unknown_local_recipient_reject_code = 550
      virtual_alias_maps = proxy:pgsql:/usr/local/etc/postfix/aliasmap
      virtual_mailbox_domains = proxy:pgsql:/usr/local/etc/postfix/domainmap
      virtual_transport = maildrop

      master.cf:
      #
      # Postfix master process configuration file. For details on the format
      # of the file, see the master(5) manual page (command: "man 5 master").
      #
      # ==========================================================================
      # service type private unpriv chroot wakeup maxproc command + args
      # (yes) (yes) (yes) (never) (100)
      # ==========================================================================
      smtp inet n - n - - smtpd
      -o content_filter=smtp-amavis:[127.0.0.1]:10024
      -o smtp_send_xforward_command=yes
      submission inet n - n - - smtpd
      # -o smtpd_enforce_tls=yes
      -o smtpd_etrn_restrictions=reject
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o content_filter=smtp-amavis:[127.0.0.1]:10026
      #smtps inet n - n - - smtpd
      # -o smtpd_tls_wrappermode=yes
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      #628 inet n - n - - qmqpd
      pickup fifo n - n 60 1 pickup
      cleanup unix n - n - 0 cleanup
      qmgr fifo n - n 300 1 qmgr
      #qmgr fifo n - n 300 1 oqmgr
      tlsmgr unix - - n 1000? 1 tlsmgr
      rewrite unix - - n - - trivial-rewrite
      bounce unix - - n - 0 bounce
      defer unix - - n - 0 bounce
      trace unix - - n - 0 bounce
      verify unix - - n - 1 verify
      flush unix n - n 1000? 0 flush
      proxymap unix - - n - - proxymap
      smtp unix - - n - - smtp
      # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
      relay unix - - n - - smtp
      -o fallback_relay=
      # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      showq unix n - n - - showq
      error unix - - n - - error
      retry unix - - n - - error
      discard unix - - n - - discard
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - n - - lmtp
      anvil unix - - n - 1 anvil
      scache unix - - n - 1 scache
      #
      # ====================================================================
      # Interfaces to non-Postfix software. Be sure to examine the manual
      # pages of the non-Postfix software to find out what options it wants.
      #
      # Many of the following services use the Postfix pipe(8) delivery
      # agent. See the pipe(8) man page for information about ${recipient}
      # and other message envelope options.
      # ====================================================================
      #
      # maildrop. See the Postfix MAILDROP_README file for details.
      # Also specify in main.cf: maildrop_destination_recipient_limit=1
      #
      maildrop unix - n n - - pipe
      flags=DRhu user=courier:courier argv=/usr/local/bin/maildrop -w 90 -d
      ${recipient}
      #
      # ====================================================================
      #
      # The Cyrus deliver program has changed incompatibly, multiple times.
      #
      #old-cyrus unix - n n - - pipe
      # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
      #
      # ====================================================================
      #
      # Cyrus 2.1.5 (Amos Gouaux)
      # Also specify in main.cf: cyrus_destination_recipient_limit=1
      #
      #cyrus unix - n n - - pipe
      # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
      ${user}
      #
      # ====================================================================
      #
      # See the Postfix UUCP_README file for configuration details.
      #
      #uucp unix - n n - - pipe
      # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
      ($recipient)
      #
      # ====================================================================
      #
      # Other external delivery methods.
      #
      #ifmail unix - n n - - pipe
      # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      #
      #bsmtp unix - n n - - pipe
      # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop
      $recipient
      #
      #scalemail-backend unix - n n - 2 pipe
      # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
      # ${nexthop} ${user} ${extension}
      #
      #mailman unix - n n - - pipe
      # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      # ${nexthop} ${user}

      #start virusscan
      smtp-amavis unix - - n - - smtp
      -o smtp_data_done_timeout=1200
      -o disable_dns_lookups=yes

      127.0.0.1:10025 inet n - n - - smtpd
      -o content_filter=
      -o local_recipient_maps=
      -o smtpd_helo_restrictions=
      -o smtpd_client_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o mynetworks=127.0.0.0/8
      # -o virtual_alias_maps = proxy:pgsql:/usr/local/etc/postfix/aliasmap
      #end virusscan
      proxywrite unix - - n - 1 proxymap
      #smtp inet n - n - 1 postscreen
      #smtpd pass - - n - - smtpd
      #dnsblog unix - - n - 0 dnsblog
      #tlsproxy unix - - n - 0 tlsproxy

      --
      Best regards
      Martin Kruse Jensen
    • Reindl Harald
      ... debug your local_recipient_maps as long your configuration does not handle this correct unknown_local_recipient_reject_code is not part of the game
      Message 2 of 5 , Feb 1, 2012
      • 0 Attachment
        Am 01.02.2012 11:09, schrieb Martin Kruse Jensen:
        > Hi.
        >
        > I'e got a problem I've been trying to solve for some time now, but I can't seem to get it to work. I'm running
        > Postfix on FreeBSD with Maildrop delivery, SASL authentification and PostGreSQL backend. However I'm sending tons
        > of backscatter because Postfix dosn't reject mail for unknown local recipients
        >
        > I've tried setting local_recipient_maps and unknown_local_recipient_reject_code = 550 - Nothing seems to help
        > though... Anyone with some pointers as to where I should look for the error?
        >
        > # postconf -n
        > local_recipient_maps = proxy:pgsql:/usr/local/etc/postfix/local_recipient_maps

        debug your "local_recipient_maps"

        as long your configuration does not handle this correct
        "unknown_local_recipient_reject_code" is not part of the
        game because a) 550 is default and b) even if it would be
        any other status-code -> if you are rejecting then you
        would not be a backscatter because you will never accept
        the message
      • Martin Kruse Jensen
        ... Turns out all I needed was to set relay_recipient_maps - problem appears to be solved!
        Message 3 of 5 , Feb 1, 2012
        • 0 Attachment
          Den 01-02-2012 11:48, Reindl Harald skrev:
          >
          > Am 01.02.2012 11:09, schrieb Martin Kruse Jensen:
          >> Hi.
          >>
          >> I'e got a problem I've been trying to solve for some time now, but I can't seem to get it to work. I'm running
          >> Postfix on FreeBSD with Maildrop delivery, SASL authentification and PostGreSQL backend. However I'm sending tons
          >> of backscatter because Postfix dosn't reject mail for unknown local recipients
          >>
          >> I've tried setting local_recipient_maps and unknown_local_recipient_reject_code = 550 - Nothing seems to help
          >> though... Anyone with some pointers as to where I should look for the error?
          >>
          >> # postconf -n
          >> local_recipient_maps = proxy:pgsql:/usr/local/etc/postfix/local_recipient_maps
          > debug your "local_recipient_maps"
          >
          > as long your configuration does not handle this correct
          > "unknown_local_recipient_reject_code" is not part of the
          > game because a) 550 is default and b) even if it would be
          > any other status-code -> if you are rejecting then you
          > would not be a backscatter because you will never accept
          > the message
          >

          Turns out all I needed was to set relay_recipient_maps - problem appears
          to be solved!
        • /dev/rob0
          On Wed, Feb 01, 2012 at 02:00:15PM +0100, ... Given the overall confusion of address classes in the postconf, including virtual_mailbox_domains being set
          Message 4 of 5 , Feb 1, 2012
          • 0 Attachment
            On Wed, Feb 01, 2012 at 02:00:15PM +0100,
            Martin Kruse Jensen wrote:
            > Turns out all I needed was to set relay_recipient_maps -
            > problem appears to be solved!

            Given the overall confusion of address classes in the postconf,
            including virtual_mailbox_domains being set without corresponding
            virtual_mailbox_maps, I am not at all confident that you have truly
            solved this. Sometimes relay_domains is set using the default of
            $mydestination

            http://www.postfix.org/ADDRESS_CLASS_README.html

            If further assistance is required, logs must be included:

            http://www.postfix.org/DEBUG_README.html#mail
            --
            http://rob0.nodns4.us/ -- system administration and consulting
            Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
          • Martin Kruse Jensen
            ... My relay_domains is set to lookup a PostGreSQL table - I ll keep an eye on things over the next period of time to make sure everything works well :) Thank
            Message 5 of 5 , Feb 1, 2012
            • 0 Attachment
              Den 01-02-2012 14:56, /dev/rob0 skrev:
              > On Wed, Feb 01, 2012 at 02:00:15PM +0100,
              > Martin Kruse Jensen wrote:
              >> Turns out all I needed was to set relay_recipient_maps -
              >> problem appears to be solved!
              > Given the overall confusion of address classes in the postconf,
              > including virtual_mailbox_domains being set without corresponding
              > virtual_mailbox_maps, I am not at all confident that you have truly
              > solved this. Sometimes relay_domains is set using the default of
              > $mydestination
              >
              > http://www.postfix.org/ADDRESS_CLASS_README.html
              >
              > If further assistance is required, logs must be included:
              >
              > http://www.postfix.org/DEBUG_README.html#mail

              My relay_domains is set to lookup a PostGreSQL table - I'll keep an eye
              on things over the next period of time to make sure everything works well :)

              Thank you for your hints

              Best regards,
              Martin
            Your message has been successfully submitted and would be delivered to recipients shortly.