Re: User unknown in relay recipient table

[Noel Jones]

Rocco Scappatura wrote:
Hello,
I have a Postfix MTA which is configured to check recipients for a
domain listed in table "relay_domains", before to forward the message to
the appropriate post office.

All has worked fine, until the MTA has been configured as backup MX for
an external domain, say "extdomain.tld".

Since then, every time that a user (enabled to relay message trhough my
MTA) tries to send a message to the domain "extdomain.tld", get an
error:

Dec 12 16:55:33 av1 postfix/smtpd[25586]: NOQUEUE: reject: RCPT from
unknown[<IP Primary MX for "extdomain.tld">]: 550 5.1.1
<u...@extdomain.tld>: Recipient address rejected: User unknown in relay
recipient table; from=<em...@domain.tld> to=< u...@extdomain.tld>
proto=ESMTP helo=<MYPC>

The error message indicates you have defined 
relay_recipient_maps but the recipient is not found in that 
map.  Your postconf -n output shows no relay_recipient_maps 
entry, so you either deleted it from your post or you're 
looking at the wrong postfix install.


The Primary MX for "extdomain.tld" is a Postfix platform too (IMSS). How
do I do so that that MTA don't checks users locally but does recipient
validation on downstream Post-office server?

Please see
http://www.postfix.org/postconf.5.html#relay_recipient_maps
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient



PS: I don't want taht the backup MX deliver mail directly to Postoffice
because on primary MX I can manage the quarantine, whereas on secondary
MX I couldn't.

PPS: Here the postconf -n
...
relay_domains = extdomain.tld

OK, you only relay for this one external domain.
If you don't have a list of recipients for that domain, you 
don't need relay_recipeint_maps.

smtpd_banner = ESMTP

This must be at least:
smtpd_banner = $myhostname ESMTP
Or better, just remove it and leave the default.

smtpd_recipient_restrictions = permit_mynetworks, permit_mx_backup,
permit_sasl_authenticated, check_relay_domains

You should avoid using permit_mx_backup, and 
check_relay_domains has been deprecated for years - it's not 
even documented anymore.
Much better is:
smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination

and make sure the domains you are responsible for are listed 
in the proper address class.
http://www.postfix.org/ADDRESS_CLASS_README.html

If you want to add a verification probe for your relay domain, 
add at the end of smtpd_recipient_restrictions:
  check_recipient_access hash:/etc/postfix/verify_domains

And the contents of verify_domains will look like:
# verify_domains
extdomain.tld reject_unverified_recipient

be sure to run
# postmap verify_domains
after you edit the file.

unknown_local_recipient_reject_code = 450

You should change this to 550


--
Noel Jones