Loading ...
Sorry, an error occurred while loading the content.

relayhost and smtpd_recipient_restrictions

Expand Messages
  • Adam Pribyl
    Hello, we were using postfix as mail server directly delivering email from and to company without issues. Now we had to change the ISP and the new one forces
    Message 1 of 5 , Nov 17, 2013
    • 0 Attachment
      Hello,

      we were using postfix as mail server directly delivering email from and to
      company without issues. Now we had to change the ISP and the new one
      forces us to use his relay as "The next-hop destination of non-local
      mail" - this means I only added a directive "relayhost" to our setup.

      With relayhost setup, when local user sends email to non-existant
      domain, it just passes the email to relayhost even thou there is
      smtpd_recipient_restrictions = reject_unknown_recipient_domain

      When I disable the relayhost, then postfix rejects the emails to
      non-existant domain correctly. From a postfix doc it seems the relayhost
      "overrides non-local domains in recipient addresses." It looks to me, like
      it overrides it and then reject_unknown_recipient_domain could never apply
      anymore.

      Do I understand this correctly? Is it possible to apply
      reject_unknown_recipient_domain even when using realyhost?

      Thanks

      Adam Pribyl
    • Wietse Venema
      ... Then, you have made some configation error. What error? To report a problem see http://www.postfix.org/DEBUG_README.html#mail Thank you for using Postfix.
      Message 2 of 5 , Nov 17, 2013
      • 0 Attachment
        Adam Pribyl:
        > Hello,
        >
        > we were using postfix as mail server directly delivering email from and to
        > company without issues. Now we had to change the ISP and the new one
        > forces us to use his relay as "The next-hop destination of non-local
        > mail" - this means I only added a directive "relayhost" to our setup.
        >
        > With relayhost setup, when local user sends email to non-existant
        > domain, it just passes the email to relayhost even thou there is
        > smtpd_recipient_restrictions = reject_unknown_recipient_domain
        >
        > When I disable the relayhost, then postfix rejects the emails to
        > non-existant domain correctly. From a postfix doc it seems the relayhost

        Then, you have made some configation error. What error?

        To report a problem see http://www.postfix.org/DEBUG_README.html#mail

        Thank you for using Postfix.

        Wietse
      • Adam Pribyl
        ... Thanks for the answer, here is additional info: Then only change in the config is a relayhost = aaaaa.aaa.aa With relayhost set, the relay says: Nov 17
        Message 3 of 5 , Nov 17, 2013
        • 0 Attachment
          On Sun, 17 Nov 2013, Wietse Venema wrote:

          > Adam Pribyl:
          >> Hello,
          >>
          >> we were using postfix as mail server directly delivering email from and to
          >> company without issues. Now we had to change the ISP and the new one
          >> forces us to use his relay as "The next-hop destination of non-local
          >> mail" - this means I only added a directive "relayhost" to our setup.
          >>
          >> With relayhost setup, when local user sends email to non-existant
          >> domain, it just passes the email to relayhost even thou there is
          >> smtpd_recipient_restrictions = reject_unknown_recipient_domain
          >>
          >> When I disable the relayhost, then postfix rejects the emails to
          >> non-existant domain correctly. From a postfix doc it seems the relayhost
          >
          > Then, you have made some configation error. What error?

          Thanks for the answer, here is additional info:

          Then only change in the config is a
          relayhost = aaaaa.aaa.aa
          With relayhost set, the relay says:

          Nov 17 16:34:48 aaaa postfix/smtp[19758]: 018FF37289: to=<aaa@...>,
          relay=aaaaa.aaa.aa[ddd.ddd.dd.ddd]:25, delay=373545, delays=373545/0.01/0.04/0.04,
          dsn=4.1.2, status=deferred (host aaaaa.aaa.aa[ddd.ddd.dd.ddd]
          said: 450 4.1.2 <aaa@...>: Recipient address rejected:
          Domain not found (in reply to RCPT TO command))

          But I'd like those to be rejected by my postfix, not relay. And this is
          what my postfix does, if relayhost is not in config.

          > To report a problem see http://www.postfix.org/DEBUG_README.html#mail
          >
          > Thank you for using Postfix.
          >
          > Wietse


          Adam Pribyl

          There is no magic in postfix config:

          alias_maps = hash:/etc/aliases
          always_bcc = bbbb
          anvil_status_update_time = 6h
          append_dot_mydomain = no
          biff = no
          config_directory = /etc/postfix
          content_filter = lmtp-amavis:[127.0.0.1]:10024
          delay_warning_time = 4h
          disable_vrfy_command = yes
          html_directory = /usr/share/doc/postfix/html
          inet_protocols = ipv4
          local_destination_concurrency_limit = 1
          mailbox_command = /usr/bin/maildrop
          mailbox_size_limit = 0
          max_use = 10
          message_size_limit = 40960000
          mydestination = $myself $mydomain $myself.$mydomain www.$mydomain
          web.$mydomain mail.$mydomain ftp.$mydomain $mydomain2
          $myself.$mydomain2 www.$mydomain2 web.$mydomain2 mail.$mydomain2
          ftp.$mydomain2
          mydomain = ccccc.cc
          myhostname = $myself.$mydomain
          mynetworks = 127.0.0.1 dd.dd.0.0/12
          myorigin = $mydomain
          parent_domain_matches_subdomains =
          readme_directory = /usr/share/doc/postfix
          receive_override_options = no_address_mappings
          recipient_delimiter = +
          relay_domains =
          relayhost = aaaaa.aaa.aa
          show_user_unknown_table_name = no
          smtp_helo_name = $myorigin
          smtpd_banner = $myhostname ESMTP Welcome.
          smtpd_recipient_restrictions = reject_unlisted_sender,
          reject_unknown_recipient_domain, permit_mynetworks,
          permit_sasl_authenticated, reject_unauth_destination,
          reject_unknown_sender_domain, check_sender_access
          hash:/etc/postfix/sender_checks, check_recipient_access
          hash:/etc/postfix/local_only_access
          soft_bounce = no
          virtual_alias_maps = hash:/etc/postfix/virtual
        • Wietse Venema
          ... This may sound like a surprise, but the problem is elsewhere and it only now reveals itself. What problem? Something with your use of
          Message 4 of 5 , Nov 17, 2013
          • 0 Attachment
            Adam Pribyl:
            > On Sun, 17 Nov 2013, Wietse Venema wrote:
            >
            > > Adam Pribyl:
            > >> Hello,
            > >>
            > >> we were using postfix as mail server directly delivering email from and to
            > >> company without issues. Now we had to change the ISP and the new one
            > >> forces us to use his relay as "The next-hop destination of non-local
            > >> mail" - this means I only added a directive "relayhost" to our setup.
            > >>
            > >> With relayhost setup, when local user sends email to non-existant
            > >> domain, it just passes the email to relayhost even thou there is
            > >> smtpd_recipient_restrictions = reject_unknown_recipient_domain
            > >>
            > >> When I disable the relayhost, then postfix rejects the emails to
            > >> non-existant domain correctly. From a postfix doc it seems the relayhost
            > >
            > > Then, you have made some configation error. What error?
            >
            > Thanks for the answer, here is additional info:
            >
            > Then only change in the config is a
            > relayhost = aaaaa.aaa.aa
            > With relayhost set, the relay says:

            This may sound like a surprise, but the problem is elsewhere and
            it only now reveals itself.

            What problem? Something with your use of reject_unknown_recipient_domain.

            > To report a problem see http://www.postfix.org/DEBUG_README.html#mail

            Wietse
          • Noel Jones
            ... ... and you changed your ISP, which is likely the real problem. When your DNS server lies to you, reject_unknown_recipient domain can t work correctly.
            Message 5 of 5 , Nov 17, 2013
            • 0 Attachment
              On 11/17/2013 5:38 AM, Adam Pribyl wrote:
              > Hello,
              >
              > we were using postfix as mail server directly delivering email from
              > and to company without issues. Now we had to change the ISP and the
              > new one forces us to use his relay as "The next-hop destination of
              > non-local mail" - this means I only added a directive "relayhost" to
              > our setup.

              ... and you changed your ISP, which is likely the real problem.

              When your DNS server lies to you, reject_unknown_recipient domain
              can't work correctly. Some ISP's send fake DNS responses for
              non-existent domains as a helpful service for web-browser clients.

              The usual suggestion is to run your own DNS server, but some ISP's
              also redirect that traffic. If you can't turn off this unhelpful
              feature, you can use check_recipient_mx_access to reject mail that
              resolves to the ISP-supplied wildcard address.
              http://www.postfix.org/postconf.5.html#check_recipient_mx_access

              Also talk to your ISP about allowing outbound port 25 directly from
              your mail server. Most ISP's have a procedure to whitelist known
              mail servers on business-class accounts.



              -- Noel Jones


              >
              > With relayhost setup, when local user sends email to non-existant
              > domain, it just passes the email to relayhost even thou there is
              > smtpd_recipient_restrictions = reject_unknown_recipient_domain
              >
              > When I disable the relayhost, then postfix rejects the emails to
              > non-existant domain correctly. From a postfix doc it seems the
              > relayhost
              > "overrides non-local domains in recipient addresses." It looks to
              > me, like it overrides it and then reject_unknown_recipient_domain
              > could never apply anymore.
              >
              > Do I understand this correctly? Is it possible to apply
              > reject_unknown_recipient_domain even when using realyhost?
              >
              > Thanks
              >
              > Adam Pribyl
            Your message has been successfully submitted and would be delivered to recipients shortly.