On Wed, Mar 28, 2012 at 12:26:47AM -0500, I wrote: > On Tue, Mar 27, 2012 at 09:43:27PM -0400, Wietse Venema wrote: > > Wietse Venema: > > > /dev/rob0: > > > > On Tue, Mar 27, 2012 at 04:10:59PM -0500, I wrote: > > > > > On Tue, Mar 27, 2012 at 10:21:14PM +0200, Sebastian > > > > > Wiesinger wrote: > > > > > > I have a setup with handles a few virtual domains. For > > > > > > one domain only I want mails not to be rejected with an > > > > > > an 5xx error code but be deferred with a 4xx error code. > > > > > > Is that possible? > > > > > > > > > > main.cf : > > > > > smtpd_client_restrictions = check_recipient_access > > > > > hash:/etc/postfix/deferred_recipient[, ... ] > > > > > > > > > > deferred_recipient : > > > > > > > > > > example.com defer_if_reject > > > > > [ ... ] > > > > > > > > That of course turns any rejection which comes after this > > > > restriction into a deferral, and that's not quite what you > > > > said you want. There are ways to apply it only to unknown > > > > recipients. I would move any spam-blocking restriction to > > > > smtpd_client_restrictions, after any necessary permit_* > > > > restrictions and before check_recipient_access. Then the > > > > unknown recipient rejection, which happens in > > > > smtpd_recipient_restrictions, will be subject to > > > > defer_if_reject. > > > > > > You will need to specify an explicit "reject_unknown_recipient" > > (typo: "reject_unlisted_recipient") > > > > at the end of smtpd_recipient_restrictions. > > > > It would be worthwhile if someone can check if this is needed. > > This is interesting. In my preliminary tests, the defer_if_reject > does not work, neither with nor without reject_unlisted_recipient > specified. It seems that the explicit test is also not playing > along. Client restrictions find the defer_if_reject, and in > recipient restrictions, reject_unlisted_recipient calls >>> > CHECKING RECIPIENT MAPS <<<. > > The address I tried was an unlisted virtual alias where the domain > was in virtual_alias_domains. The following verbose log excerpt > shows from smtpd_client_restrictions through the end of smtpd > connection, with defer_if_reject as above and > reject_unlisted_recipient in smtpd_recipient_restrictions.
I have reviewed this with more lucidity and alertness, but I have not found any mistake. It seems that the built-in rejection of unknown users is bound only by the global soft_bounce and these per-class settings, to wit: unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 550 unknown_virtual_alias_reject_code = 550 unknown_virtual_mailbox_reject_code = 550 Therefore a *possible* hack (if relay_domains is not otherwise in use) would be for the OP to put that domain in relay_domains, take it out of the prior address class (virtual_whichever_domains), and set an appropriate value for relay_recipient_maps and relay_transport. That's an ugly hack, because it disables the use of relay_domains as designed, but it would work for sites which don't need relay_domains. This hack could be amended to coexist with real relay_domains, but quite a few variables make it impractical to outline the various possibilities. Other choices might include replacing the built-in unknown recipient checking with manual check_recipient_access lookups. But I can't say for sure whether or not that defer lookup result would override the built-in unknown recipient rejection. Without investing more time to test it, I would guess not, as per my understanding that 5xx trumps 4xx in rejection logic. TBH, I would have expected that defer_if_reject would convert the per-class unknown recipient settings into 4xx. Least surprising. Sebastian, good luck, HTH. Wietse, sorry for the additional work. :) > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: >>> START Client host > RESTRICTIONS <<< > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: > name=check_recipient_access > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: check_mail_access: > non...@example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: ctable_locate: leave existing > entry key non...@example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: check_access: > non...@example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: check_domain_access: > example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: check_table_result: > hash:/etc/postfix/defer_unknown defer_if_reject example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: > name=check_recipient_access status=0 > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: >>> END Client host > RESTRICTIONS <<< > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: >>> START Recipient address > RESTRICTIONS <<< > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: > name=permit_mynetworks > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: permit_mynetworks: localhost > 127.0.0.1 > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_hostname: localhost ~? > 192.168.8.0/22 > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_hostaddr: 127.0.0.1 ~? > 192.168.8.0/22 > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: localhost: > no match > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: 127.0.0.1: > no match > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: > name=permit_mynetworks status=0 > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: > name=reject_unauth_destination > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: reject_unauth_destination: > non...@example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: permit_auth_destination: > non...@example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: ctable_locate: leave existing > entry key non...@example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: > name=reject_unauth_destination status=0 > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: > name=reject_unlisted_recipient > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: >>> CHECKING RECIPIENT MAPS <<< > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: ctable_locate: leave existing > entry key non...@example.com > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: > recipient_canonical_maps: non...@example.com: not found > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_string: example.com ~? > sqlite:/etc/postfix/query/dom-local.query(0,lock|fold_fix) > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: > /etc/postfix/query/dom-local.query: Searching with query SELECT Domain.name > FROM Domain WHERE Domain.class=1?AND Domain.active!=0 AND Domain.name IS > 'example.com' > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: example.com: > no match > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: > recipient_canonical_maps: @example.com: not found > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: mail_addr_find: > non...@example.com -> (not found) > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: canonical_maps: > non...@example.com: not found > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_string: example.com ~? > sqlite:/etc/postfix/query/dom-local.query(0,lock|fold_fix) > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: > /etc/postfix/query/dom-local.query: Searching with query SELECT Domain.name > FROM Domain WHERE Domain.class=1?AND Domain.active!=0 AND Domain.name IS > 'example.com' > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: example.com: > no match > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: canonical_maps: > @example.com: not found > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: mail_addr_find: > non...@example.com -> (not found) > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: > /etc/postfix/query/maps-valias.query: Searching with query SELECT > TA.localpart || (CASE WHEN VA.extension IS NOT NULL? THEN '-' || > VA.extension ELSE '' END) ||? (CASE WHEN TD.id=0 THEN '' ELSE '@' || TD.name > END)?FROM Alias AS VA? JOIN Address AS TA ON (VA.target = TA.id)? JOIN > Domain AS TD ON (TA.domain = TD.id)? JOIN Address AS AA ON (VA.address = > AA.id)? JOIN Domain AS AD ON (AA.domain = AD.id)?WHERE AA.localpart || '@' > || AD.name IS 'non...@example.com'?AND VA.active!=0 > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: virtual_alias_maps: > non...@example.com: not found > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_string: example.com ~? > sqlite:/etc/postfix/query/dom-local.query(0,lock|fold_fix) > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: > /etc/postfix/query/dom-local.query: Searching with query SELECT Domain.name > FROM Domain WHERE Domain.class=1?AND Domain.active!=0 AND Domain.name IS > 'example.com' > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: match_list_match: example.com: > no match > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: dict_sqlite_lookup: > /etc/postfix/query/maps-valias.query: > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: maps_find: virtual_alias_maps: > @example.com: not found > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: mail_addr_find: > non...@example.com -> (not found) > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: NOQUEUE: reject: RCPT from > localhost[127.0.0.1]: 550 5.1.1 <non...@example.com>: Recipient address > rejected: User unknown in virtual alias table; from=<r...@example.com> > to=<non...@example.com> proto=ESMTP helo=<localhost> > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: generic_checks: > name=reject_unlisted_recipient status=2 > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: mac_parse: See your own > postmaster for help, or?http://nospam4.nodns4.us/ for more information about > the?policies of this site. > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: > localhost[127.0.0.1]: > 550-5.1.1 <non...@example.com>: Recipient address rejected: User unknown in > virtual alias table > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: > localhost[127.0.0.1]: 550 > 5.1.1 See your own postmaster for help, or?http://nospam4.nodns4.us/ for more > information about the?policies of this site. > Mar 27 23:53:05 chestnut postfix/smtpd[16757]: watchdog_pat: 0x721200 > Mar 27 23:53:13 chestnut postfix/smtpd[16757]: < localhost[127.0.0.1]: quit > Mar 27 23:53:13 chestnut postfix/smtpd[16757]: > localhost[127.0.0.1]: 221 > 2.0.0 Bye > > > It's late ... past my bedtime ... and I might have made a mistake. > I'll try it again tomorrow. > > > > > The implicit "unknown recipient" test at the end is not part of > > > smtpd_recipient_restrictions, and this implicit test currently does > > > not play along with any defer_if features requested from within > > > smtpd_recipient_restrictions. > > > > > > I suppose this could (should) be changed without breaking things, > > > but making this 100% safe will take half a day and I don't have > > > that time at the moment. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
