Happy new year to all of you ! ;o)
I'm trying to setup a postfix antispam gateway to our mail server.
Something looking like :
Internet --> mx1.mydomain.com[my gateway with postfix] -->
mx2.mydomain.com (only MX1 acts as a DNS MX for all emails sent to
mydomain.com)
It works pretty well, with restrictions I planned, but I have two problems I
cannot solve for some weeks :
1/ relay_recipient_maps seems not to filter emails sent to mx2.mydomain.com
(it was postmap'ed).
mx2 is contacted to verify if user email exists instead of looking up into
/etc/postfix/relay_recipients file.
Did I miss something ??
2/ the most important problem is the mail return message following a non
existing user sending email :
The Postfix program
< ... at mydomain dot com>: host mx1.mydomain.com[xx.xx.xx.xx] said:
550 5.1.1 < ... at mydomain dot com>: Recipient address rejected:
undeliverable address: host mx2.mydomain.com[xx.xx.xx.xx] said:
550 5.1.1 < ... at mydomain dot com>: Recipient address rejected: User
unknown in local recipient table (in reply to RCPT TO command) (in reply
to
RCPT TO command)
For security reasons, is there a way to hide this notification, and say
instead something like "User unknown" ?
Or just notify the first line about mx1 without any mention to mx2 ?
Thank in advance for your replies.
Antony
Here are the configuration files of mx1.mydomain.com
#cat main.cf
invalid_hostname_reject_code = 550
multi_recipient_bounce_reject_code = 550
non_fqdn_reject_code = 550
unknown_sender_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 550
unverified_recipient_reject_reason = Address lookup failed !
show_user_unknown_table_name = no
smtpd_banner = Mailbox Machine
biff = no
disable_vrfy_command = yes
smtpd_helo_required = yes
append_dot_mydomain = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
myorigin = mydomain.com
mynetworks =
127.0.0.0/8
parent_domain_matches_subdomains =
debug_peer_list,
smtpd_access_maps
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relay_domains = mydomain.com
transport_maps = hash:/etc/postfix/transport
show_user_unknown_table_name = no
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_helo_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unverified_recipient,
reject_invalid_helo_hostname,
reject_unlisted_recipient,
check_recipient_maps,
reject_unlisted_sender,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
check_policy_service inet:127.0.0.1:60000,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_end_of_data_restrictions =
# cat virtual
postmaster <a href="mailto: ... at mydomain dot com"> ... at mydomain dot com</a>
abuse <a href="mailto: ... at mydomain dot com"> ... at mydomain dot com</a>
root <a href="mailto: ... at mydomain dot com"> ... at mydomain dot com</a>
cat relay_recipients
<a href="mailto: ... at mydomain dot com"> ... at mydomain dot com</a> xx
# cat transport
mydomain.com smtp:[mx2.mydomain.com]
Comments
Re: Postix relay gateway - "Recipient address rejected" notifica
By mouss at 01/30/2009 - 12:44Antony a écrit :
Bonne année!
this is the same as reject_non_fqdn_helo_hostname
put reject_unlisted_recipient here.
this is the same as reject_invalid_hostname above.
see above.
what's this?
dsbl is dead.
cbl is included in zen, so remove it.
Re: Postix relay gateway - "Recipient address rejected" notifica
By Wietse Venema at 01/30/2009 - 12:43Postfix 2.6 and later allow you to override the SMTP server
response with the unverified_recipient_reject_reason parameter.
See <a href="http://www.postfix.org/ADDRESS_VERIFICATION_README.html" title="http://www.postfix.org/ADDRESS_VERIFICATION_README.html">http://www.postfix.org/ADDRESS_VERIFICATION_README.html</a>
Wietse
RE: Postix relay gateway - "Recipient address rejected" notifica
By Antony at 01/30/2009 - 12:43I have tried to add :
unverified_recipient_reject_reason = Unknown user !
but no way, the error message is the same ...
Antony
-----Message d'origine-----
De : <a href="mailto:owner-postfix- ... at postfix dot org">owner-postfix- ... at postfix dot org</a>
[mailto:owner-postfix- ... at postfix dot org] De la part de Wietse Venema
Envoyé : dimanche 4 janvier 2009 00:36
À : Postfix users
Objet : Re: Postix relay gateway - "Recipient address rejected" notification
verbosity ...
Postfix 2.6 and later allow you to override the SMTP server
response with the unverified_recipient_reject_reason parameter.
See <a href="http://www.postfix.org/ADDRESS_VERIFICATION_README.html" title="http://www.postfix.org/ADDRESS_VERIFICATION_README.html">http://www.postfix.org/ADDRESS_VERIFICATION_README.html</a>
Wietse
!DSPAM:495ff67172326021818051!
Re: Postix relay gateway - "Recipient address rejected" notifica
By Wietse Venema at 01/30/2009 - 12:44vvvvvvvvvvvvvvvvvvvvv
Postfix 2.6 and later allow you to override the SMTP server
^^^^^^^^^^^^^^^^^^^^^
response with the unverified_recipient_reject_reason parameter.
RE: Postix relay gateway - "Recipient address rejected" notifica
By Antony at 01/30/2009 - 12:44My version is an etch 2.3.8.
Even if I'm french, I think my version number is in the scope ;o)
Here are the postfix log I omit to give you :
Jan 3 22:53:03 mx1 postfix/smtpd[16104]: connect from
postfix2-g20.free.fr[212.27.60.43]
Jan 3 22:53:03 mx1 postfix/cleanup[16114]: ED3552DE159:
message-id=<20090103215303. ... at mx1 dot mydomain.com>
Jan 3 22:53:03 mx1 postfix/qmgr[16093]: ED3552DE159:
from=< ... at mydomain dot com>, size=289, nrcpt=1 (queue active)
Jan 3 22:53:04 mx1 postfix/smtp[16115]: ED3552DE159:
to=< ... at mydomain dot com>, relay=mx2.mydomain.com[xx.xx.xx.xx]:25, delay=0.5,
delays=0.01/0.02/0.08/0.39, dsn=5.1.1, status=undeliverable (host
mx2.mydomain.com[xx.xx.xx.xx] said: 550 5.1.1 < ... at mydomain dot com>:
Recipient address rejected: User unknown in local recipient table (in reply
to RCPT TO command))
Jan 3 22:53:04 mx1 postfix/qmgr[16093]: ED3552DE159: removed
Jan 3 22:53:06 mx1 postfix/smtpd[16104]: NOQUEUE: reject: RCPT from
postfix2-g20.free.fr[212.27.60.43]: 550 5.1.1 < ... at mydomain dot com>:
Recipient address rejected: undeliverable address: host
mx2.mydomain.com[xx.xx.xx.xx] said: 550 5.1.1 < ... at mydomain dot com>:
Recipient address rejected: User unknown in local recipient table (in reply
to RCPT TO command); from=< ... at simonneau dot eu> to=< ... at mydomain dot com>
proto=ESMTP helo=<postfix2-g20.free.fr>
Jan 3 22:53:07 mx1 postfix/smtpd[16104]: disconnect from
postfix2-g20.free.fr[212.27.60.43]
Regards,
Antony
-----Message d'origine-----
De : Wietse Venema [mailto: ... at porcupine dot org]
Envoyé : dimanche 4 janvier 2009 00:55
À : <a href="mailto: ... at abruti dot org"> ... at abruti dot org</a>
Cc : 'Postfix users'
Objet : Re: Postix relay gateway - "Recipient address rejected" notification
verbosity ...
Antony:
vvvvvvvvvvvvvvvvvvvvv
Postfix 2.6 and later allow you to override the SMTP server
^^^^^^^^^^^^^^^^^^^^^
response with the unverified_recipient_reject_reason parameter.
notification
!DSPAM:495ffaff74371607148689!
RE: Postix relay gateway - "Recipient address rejected" notifica
By PauAmma at 01/30/2009 - 12:44Even in France, I think 6 is greater than 3...