On 1/24/2012 10:01 AM, Ralf Hildebrandt wrote:
> * Robert Fitzpatrick <rob...@webtent.org>:
>> I have a Postfix 2.8.5 server that is a gateway transport for several
>> domains and it is sending backscatter when the transport map destination
>> rejects user unknown.
>
> User relay_recipient_maps OR use reject_unverified_recipient in
> smtpd_*_restrictions.
>
Thanks. I am using check_recipient_access to retrieve the
reject_unverified_recipient now with LDAP to verify only my own
transport domains...
> mx1# postmap -q x@transportdomain
> ldap:/usr/local/etc/postfix/ldap/verification.cf
> reject_unverified_recipient
Further examination of the MAILER_DAEMON messages show the transport
destination server rejecting the message...
<stahl1970@transportdomain>: host x.x.x.x[x.x.x.x] said: 550 5.1.1 User
unknown (in reply to RCPT TO command)
Should this be rejecting with a MAILER_DAEMON message or do I have
something wrong or perhaps in the wrong order? Here is my complete
postconf....
mx1# postconf -n
address_verify_map = btree:$data_directory/verify
address_verify_negative_cache = no
address_verify_poll_count = 1
alias_maps = hash:/usr/local/etc/postfix/aliases
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
canonical_maps = ldap:/usr/local/etc/postfix/ldap/canonical.cf
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
html_directory = /usr/local/share/doc/postfix
mail_owner = postfix
mailbox_size_limit = 102400000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maximal_backoff_time = 1000s
maximal_queue_lifetime = 1d
message_size_limit = 51200000
mynetworks = 127.0.0.0/8
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = ldap:/usr/local/etc/postfix/ldap/transport.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP Mail Exchange
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_restrictions = permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, check_client_access
cidr:/usr/local/etc/postfix/relay_clients, check_client_access
ldap:/usr/local/etc/postfix/ldap/relay_clients.cf, check_client_access
hash:/usr/local/etc/postfix/client_checks, reject_unauth_destination,
reject_non_fqdn_sender, reject_non_fqdn_recipient, check_helo_access
hash:/usr/local/etc/postfix/helo_checks, check_recipient_access
pcre:/usr/local/etc/postfix/recipient_checks.pcre,
check_recipient_access ldap:/usr/local/etc/postfix/ldap/verification.cf,
reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks check_sender_access
hash:/usr/local/etc/postfix/sender_access reject_unknown_sender_domain
smtpd_tls_CAfile = /usr/local/etc/postfix/cacert.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/mx1.webtent.net-cert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/mx1.webtent.net-key.pem
smtpd_tls_security_level = may
smtpd_use_tls = yes
transport_maps = ldap:/usr/local/etc/postfix/ldap/transport.cf
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
--
Robert <rob...@webtent.org>
