Hi, I need help with one of my postfix servers and the set up is complicated. We host this server for one of our clients and they generate a lot of mail. This server receives mail from internal applications via the load balancer and never receives mail from external users.
We do use domain keys and I've created an internal black list by scanning the logs and compiling a blacklist.db file as well as a permanent blacklist that is created by scanning 4 days of blacklist logs. (This way, temporary failures aren't blacklisted forever). It's important to us to not generate unwanted emails or backscatter. Email recipients have to opt in and do have an opt out option through the customer's site. My problem is, email addresses that I know are in the permanent blacklist are still being delivered. To make matters worse, my incoming mail queue grows out of control (though I'm not seeing a lot bounces and defers in the queues). My mail service is very slow -- mail doesn't get delivered for hours, sometimes days. Domain keys are signing and I'm worried that email is lining up to get signed before the restrictions are applied. So is it possible to have postfix apply the smtp_recipient_restrictions before passing the email to dkfilter? (The customer is unable to use dkim) It seems silly to sign an email that I want discarded. My blacklist used to work, but appears to no longer be honored -- can someone take a look at my conf file and see if I've got everything in the right order? I've reviewed http://www.postfix.org/postconf.5.html and http://www.postfix.org/SMTPD_ACCESS_README.html but I'm still not getting it right. Thank you for your time, mail2:/var/spool/postfix root# uname -a Darwin mail2.back.my_company.com 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:57:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_PPC Power Macintosh mail2:/var/spool/postfix root# postconf -n 2bounce_notice_recipient = postmaster alias_maps = hash:/etc/aliases always_bcc = append_at_myorigin = no append_dot_mydomain = no bounce_notice_recipient = myclientpostmaster bounce_queue_lifetime = 0 command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 enable_server_options = yes html_directory = no inet_interfaces = all mail_owner = _postfix mailbox_size_limit = 0 mailbox_transport = cyrus mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maximal_queue_lifetime = 1d message_size_limit = 10240000 mydestination = $myhostname,localhost.$mydomain mydomain = myclientmail.mycompany.com mydomain_fallback = localhost myhostname = myclientmail.mycompany.com mynetworks = 127.0.0.1/32,10.1.0.0/16,192.168.3.0/24,172.16.0.0/12,10.1.18.24,192.168.0.0/16 mynetworks_style = host newaliases_path = /usr/bin/newaliases owner_request_special = no queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtp_destination_concurrency_limit = 50 smtpd_client_restrictions = smtpd_enforce_tls = no smtpd_pw_server_security_options = plain,login,cram-md5,gssapi smtpd_recipient_restrictions = reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_blacklist, hash:/etc/postfix/perm_blacklist, hash:/etc/postfix/hold, check_sender_access hash:/etc/postfix/sender_access, permit_sasl_authenticated, permit_mynetworks smtpd_sasl_auth_enable = yes smtpd_tls_key_file = smtpd_tls_loglevel = 0 smtpd_use_pw_server = yes smtpd_use_tls = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual_alias virtual_transport = lmtp:unix:/var/imap/socket/lmtp debug_peer_list = 127.0.0.1 I am postmapping my directories: LICENSE TLS_LICENSE relocated access master.cf.default sasl aliases main.cf.system_default sender_access aliases.db obsolete_files sender_access.db bounce.cf.default perm_blacklist canonical perm_blacklist.db transport header_checks postfix-files transport.system_default hold post-install hold.db postfix-script main.cf recipient_blacklist master.cf recipient_blacklist.0.gz virtual_alias recipient_blacklist.1.gz virtual_alias.db recipient_blacklist.2.gz virtual recipient_blacklist.3.gz recipient_blacklist.db mail2:/var/spool/postfix root# ls -l total 24 drwx------ 19 _postfix wheel 646 Dec 8 17:11 active drwx------ 4 _postfix wheel 136 Dec 8 17:11 bounce -rwxrwxrwx 1 root wheel 125 Nov 2 16:55 check drwx------ 2 _postfix wheel 68 Aug 22 2005 corrupt -rwxrwxrwx 1 root wheel 124 Dec 8 16:01 count drwx------ 18 _postfix wheel 612 Nov 2 16:36 defer drwx------ 18 _postfix wheel 612 Mar 16 2007 deferred drwx------ 3 _postfix wheel 102 Nov 30 07:54 flush drwx------ 2 _postfix wheel 68 Aug 22 2005 hold drwx------ 46246 _postfix wheel 37223948 Dec 8 17:11 incoming drwx------ 57617 _postfix wheel 57664578 Dec 6 12:50 incoming.1206 drwx------ 60089 _postfix wheel 6499474 Dec 6 22:36 incoming.old -rwxrwxrwx 1 root wheel 604 Dec 7 15:45 mailbyUser drwx-wx--- 2 _postfix _postdrop 68 Dec 8 16:58 maildrop drwxr-xr-x 20 root wheel 680 Oct 19 18:10 pid drwx------ 26 _postfix wheel 884 Dec 8 09:29 private drwx--x--- 7 _postfix _postdrop 238 Dec 8 08:59 public drwx------ 2 _postfix wheel 68 Aug 22 2005 saved drwx------ 17 _postfix wheel 578 Nov 19 2009 trace Here is an email for a user that I know is on the blacklist: Dec 8 17:13:32 mail2 postfix/smtp[63218]: 1E2488D6B572: to= myclient_custo...@gmx.co.uk, relay=127.0.0.1[127.0.0.1]:10027, conn_use=3, delay=11319, delays=11318/0.11/0.01/1.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as BD21E8DA15B7)
