Tom Diehl wrote: > Hi, > > I have a machine running postfix 2.2.8. I recently noticed that it is > putting > messages in the queue for non-existent users and then trying to send > bounce > messages. Can someone please look at the following postconf -n output > and tell > me what I have screwed up? I really want to stop this but I am not > seeing the problem. > > (foghorn pts2) # postconf -n alias_database = > hash:/etc/postfix/aliases hash:/etc/postfix/local.maps/local.aliases > alias_maps = hash:/etc/postfix/aliases > hash:/etc/postfix/local.maps/local.aliases biff = no body_checks = > pcre:/etc/postfix/common.maps/body_checks bounce_queue_lifetime = 6h > content_filter = smtp-amavis:[127.0.0.1]:10024 > debug_peer_level = 2 > disable_vrfy_command = yes > header_checks = pcre:/etc/postfix/common.maps/header_checks > local_recipient_maps = > mime_header_checks = regexp:/etc/postfix/common.maps/mime_header_checks > mydestination = $myhostname localhost.$mydomain $mydomain > mail.$mydomain myhostname = mail.tntechs.com > mynetworks = 192.168.0.0/24 127.0.0.0/8 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.2.8-documentation/readme > relay_domains = $mydestination > /etc/postfix/stnhbr.maps/relay_domains.stnhbr smtp_helo_name = > mail.tntechs.com > smtpd_client_restrictions = > smtpd_helo_restrictions = > smtpd_recipient_restrictions = permit_mynetworks > check_recipient_access > hash:/etc/postfix/common.maps/hosted_email_domains check_sender_access > hash:/etc/postfix/common.maps/sender_checks reject_non_fqdn_sender > reject_non_fqdn_recipient reject_unknown_sender_domain > reject_unknown_recipient_domain reject_unauth_destination > check_recipient_access hash:/etc/postfix/common.maps/spamtrap > hash:/etc/postfix/tntechs.maps/recipient_checks > hash:/etc/postfix/stnhbr.maps/recipient_checks > hash:/etc/postfix/sitelink.maps/recipient_checks > reject_unauth_pipelining reject_invalid_hostname > reject_non_fqdn_hostname reject_rbl_client zen.spamhaus.org > reject_rbl_client bl.spamcop.net reject_unauth_destination permit
This is a large one (formatting for readability:) smtpd_recipient_restrictions = > permit_mynetworks > check_recipient_access hash:/etc/postfix/common.maps/hosted_email_domains > check_sender_access hash:/etc/postfix/common.maps/sender_checks I hope there are no OKs in those maps. Doing so may lead to an open relay especially in the check_sender_access. This could also be the source of Backscatter. What is in those maps? (if either of your restriction classes, please post them as well) > reject_non_fqdn_sender > reject_non_fqdn_recipient > reject_unknown_sender_domain > reject_unknown_recipient_domain > reject_unauth_destination > check_recipient_access hash:/etc/postfix/common.maps/spamtrap > hash:/etc/postfix/tntechs.maps/recipient_checks > hash:/etc/postfix/stnhbr.maps/recipient_checks > hash:/etc/postfix/sitelink.maps/recipient_checks These three are checking using the depreciated, implied access check. check_*_access takes exactly 1 argument. > reject_unauth_pipelining This is rather pointless in this setup and more effective in data_restrictions. > reject_invalid_hostname > reject_non_fqdn_hostname > reject_rbl_client zen.spamhaus.org > reject_rbl_client bl.spamcop.net > reject_unauth_destination > permit The last 2 lines have no effect because you already checked for reject_unauth_destination and there is an explicit permit at the end. > smtpd_restriction_classes = match_client_domain > must_come_from_hosted_email > smtpd_sender_restrictions = check_sender_access > hash:/etc/postfix/common.maps/sender_whitelist > hash:/etc/postfix/common.maps/spoof_sender_map > Are you trying to whitelist against your spoof_sender_map? If not, then it has no purpose. Brian
