I had been under the impression that I should tell users to use the
domain "example.com" (or example.org) as default settings in software
being tested and developed, in order that the software not generate
email which would be a problem for our own or other domains' SMTP
servers.
This recently heavily stressed our SMTP server. A machine inside our
domain was running software that generated a number of emails to
addresses at example.com, with return addresses at example.com, and
Postfix attempted to deliver them. These filled the mail queue and
generated "undeliverable" bounces to example.com which also filled
the mail queue.
The situation reached the point where the mail queue could not even
be listed completely with postqueue without postqueue failing, and
with error messages in /var/log/warnings:
> Jan 19 04:55:07 relay postfix/qmgr[27203]: warning: mail for
example.com is using up 6001 of 6016 active queue entries
> Jan 19 04:55:07 relay postfix/qmgr[27203]: warning: you may need a
separate master.cf transport for example.com
Start of the flood in /var/log/mail/info
> Jan 18 15:19:47 relay postfix/smtpd[22939]: connect from
macguffin.localnet[192.168.69.9]
> Jan 18 15:19:47 relay postfix/smtpd[22939]: 345F82544D7:
client=macguffin.localnet[192.168.69.9]
> Jan 18 15:19:47 relay postfix/cleanup[24731]: 345F82544D7:
message-id=<agvscgrlc2tfy2fzzqk0mqkwcurlbw80ueyjywvhmgi5y...@macguffin>
> Jan 18 15:19:47 relay postfix/qmgr[26415]: 345F82544D7:
from=<d...@example.com>, size=4319, nrcpt=1 (queue active)
> Jan 18 15:19:47 relay postfix/smtpd[22939]: disconnect from
macguffin.localnet[192.168.69.9]
> Jan 18 15:19:48 relay postfix/smtpd[22939]: connect from
macguffin.localnet[192.168.69.9]
> Jan 18 15:19:48 relay postfix/smtpd[22939]: 0ECEE2544D8:
client=macguffin.localnet[192.168.69.9]
> Jan 18 15:19:48 relay postfix/cleanup[24731]: 0ECEE2544D8:
message-id=<agvscgrlc2tfy2fzzqk0mgkwcurlbw80ueyjyjfmm2jko...@macguffin>
> Jan 18 15:19:48 relay postfix/qmgr[26415]: 0ECEE2544D8:
from=<d...@example.com>, size=2889, nrcpt=1 (queue active)
Start of the connection timeouts slightly later in /var/log/mail/info:
> Jan 18 15:20:17 relay postfix/smtp[24790]: connect to
example.com[208.77.188.166]: Connection timed out (port 25)
> Jan 18 15:20:17 relay postfix/smtp[24790]: 345F82544D7:
to=<adm...@example.com>, relay=none, delay=30, status=deferred (connect
to example.com[208.77.188.166]: Connection timed out)
> Jan 18 15:20:18 relay postfix/smtp[24791]: connect to
example.com[208.77.188.166]: Connection timed out (port 25)
> Jan 18 15:20:18 relay postfix/smtp[24791]: 0ECEE2544D8:
to=<user-00...@example.com>, relay=none, delay=30, status=deferred
(connect to example.com[208.77.188.166]: Connection timed out)
I don't want to attempt to deliver, relay, or bounce to email addresses
in example.{tld} for obvious reasons. I don't even want to do MX
lookups for them. I have to accept mail with u...@example.com From
addresses for local delivery, from outside to valid local addresses and
from mynetworks and auth'd connections for relay to valid external
addresses, discarding (or redirecting to postmaster local account) any
undeliverable reports from MAILER_DAEMON or bounces.
Unaware that the RFCs allowed this to be a problem, I cannot now find
the solution in the chaff of problem reports and FAQs that are simply
using "example.com" as an example, rather than being concerned with the
actual pseudo-domain itself. I would like information on how to
properly
handle example.{tld} in Postfix.
