RE: dns failure - postfix - avg - outlook

[Peter Macko]

> Date: Mon, 2 Nov 2009 08:46:43 -0600
> From: njo...@megan.vbhcs.org
> To: peter_ma...@msn.com; postfix-users@postfix.org
> Subject: Re: dns failure - postfix - avg - outlook
> 
> On 11/2/2009 8:38 AM, Peter Macko wrote:
> >
> >
> >  > Date: Mon, 2 Nov 2009 07:57:01 -0600
> >  > From: njo...@megan.vbhcs.org
> >  > To: postfix-users@postfix.org
> >  > Subject: Re: dns failure - postfix - avg - outlook
> >  >
> >  > On 11/2/2009 4:16 AM, Peter Macko wrote:
> >  > > > On 10/28/2009 7:23 PM, Peter Macko wrote:
> >  > > > > DNS that is used by postfix stopped working and consequently caused
> >  > > > > postfix respond to:
> >  > > > > 1. senders from outside: NOQUEUE: reject: RCPT from
> >  > > > > unknown[194.168.1.66]: 450 4.1.8
> >  > > > > 2. senders from inside (LAN): NOQUEUE: reject: RCPT from
> >  > > > > unknown[172.16.125.115]: 450 4.1.2
> >  > > > >
> >  > > > > 1. case looks Ok, mailservers from outside keep trying to
> > deliver the
> >  > > > > rejected messages.
> >  > > > > 2. case is not that good. Email clients on LAN e.g. outlook
> > generate
> >  > > > > failed delivery message 450 4.1.2.
> >  > > > > The problem is that I use AVG antivirus to check emails and it
> > will not
> >  > > > > generate any message in this case.
> >  > > > > In case of DNS failure, can I configure postfix to construct
> > standard
> >  > > > > message (failed delivery) for senders from LAN (local users of
> > postfix
> >  > > > > server) and
> >  > > > > for senders from outside (other email servers) to keep responding
> >  > > 450 4.1.8?
> >  > > > >
> >  > > >
> >  > > > Yes, don't subject internal or authenticated users to
> >  > > > reject_unknown_client_hostname checks.
> >  > > >
> >  > > > Make sure the permit_mynetworks and/or
> >  > > > permit_sasl_authenticated is listed first.
> >  > > >
> >  > > > If you need more help, refer to the list welcome message you
> >  > > > received when you signed up, or see
> >  > > > http://www.postfix.org/DEBUG_README.html#mail
> >  > > >
> >  > > >
> >  > > > -- Noel Jones
> >  > >
> >  > > Thanks, your advice was helpful.
> >  > > I still have one problem. When I send email from mynetworks to local
> >  > > user that does not exist,
> >  > > postfix does not construct error message.
> >  > >
> >  > > In maillog:
> >  > >
> >  > > Nov 2 11:01:05 mail postfix/smtpd[5083]: NOQUEUE: reject: RCPT from
> > unknown[A.A.A.A]: 550 5.1.1<u...@domain.eu>: Recipient address rejected:
> > User unknown in local recipient table; from=<us...@domain.eu>
> > to=<u...@domain.eu> proto=ESMTP helo=<oit03>
> >  >
> >  > You want postfix to generate a bounce back to the sender
> >  > rather than correctly refusing the mail? Why?
> >  >
> >  >
> >
> > Because the sender do not receive any notification, that he sent a
> > message to invalid user.
> >
> > Comment to maillog I used few lines abov:
> > I as USER2 send email to USER that do not exist. DOMAIN.eu is my local
> > domain.
> > In log-file I can find the line I have stated, but my mail client MS
> > Outlook will not notify me, I do not receive anything.
> > To be exact, MS Outlook would notified me, but I use AVG antivirus to
> > check emails and the antivirus do not communicate
> > the message rejection.
> 
> So AVG just throws away mail it cannot deliver?  Is that by 
> design or do you have some setting borked?
> 
> >  > > postconf -n
> >  > >
> >  > > smtpd_recipient_restrictions = permit_mynetworks,
> >  > > permit_sasl_authenticated,
> 
> Try putting right here:
>      reject_unauth_destination
>      reject_unlisted_recipient


I have tried it, but it is still the same.Thank you very much for your help.I 
am almost sure, that there is a bug in AVG andI think I have found a workaround.

> 
> 
>    -- Noel Jones
> 
> >  > > reject_invalid_helo_hostname,
> >  > > reject_non_fqdn_sender,
> >  > > reject_non_fqdn_recipient,
> >  > > reject_unknown_sender_domain,
> >  > > reject_unknown_recipient_domain,
> >  > > reject_unauth_destination,
> >  > > reject_rbl_client sbl.spamhaus.org,
> >  > > reject_rbl_client cbl.abuseat.org,
> >  > > reject_rbl_client dul.dnsbl.sorbs.net
> >  >
> >  > Better to move "reject_unauth_destination" to just after
> >  > "permit_sasl_authenticated". Rule of thumb is to put
> >  > reject_unauth_destination as early as possible.
> >  >
> >  > Consider replacing sbl.spamhaus.org and cbl.abuseat.org with
> >  > zen.spamhaus.org.
> >  > http://www.spamhaus.org/zen/
> >  >
> >  > -- Noel Jones
> >
> >
> > ------------------------------------------------------------------------
> > Windows Live: Make it easier for your friends to see what you’re up to
> > on Facebook.
> > <http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009>
> 
> 
                                          
_________________________________________________________________
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail 
you.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010