On Wed, May 23, 2012 at 05:55:03PM +0200, Georg Schönweger wrote: > i have a postfix server which is only used for sending emails to > the outside, no incoming emails are allowed (no MX record). I > recently opened port 587 in master.cf and now i'm asking myself > if it is ok to close port 25 completely? > AFAIK every mail server should accept incoming mails to > postmaster@myserver, but when i close port 25 this is not the > case anymore, isn't it?
All mail exchange happens on port 25. If an Internet domain doesn't have an MTA somewhere accepting mail for it on port 25, it will not receive mail. > and another question regarding port 25; > when my postfix server generates a bounce message (which happens when > sending a mail to non existend address) and sends it back to the > originally envelope sender, he uses "From: mailer-dae...@myserver.tld" > as sender of the bounce message. Does mailer-dae...@myserver.tld has to > be an existend mail account? You will find that mailer-daemon is a standard alias. It is probably in your /etc/aliases unless you removed it. > We recently had problems that on MX site of our email addresses > (hosted by a company) they rejected some of the bounce mails > generated by my server. Log shows following; > "status=bounced (host mx.myEmailHostedByCompany.tld[IP.IP.IP.IP] > said: 550 5.1.0 CfoC1j00P08HtnS01foCNg dominio non valido / invalid > domain (in reply to MAIL FROM command))" You did not show the complete logging for that mail. You say it was a bounce. If so, your hosting company may have a problem. Since, as one might presume, you are paying them for service, you should contact them now for support. Another thing that occurs to me is that they don't want to relay backscatter. If that's what happened, it's quite understandable, but the error message is misleading / wrong. If you have a backscatter problem, you need to fix that. > So i'm asking myself does this error message mean that > mailer-dae...@myserver.tld has to be existend It says, "in reply to MAIL FROM command". If as you say it was a bounce, then no, it probably has nothing to do with whether or not myserver.tld resolves. They have not yet seen the From: header at this point in SMTP. > (so i have to keep port 25 open on my server and see if this > account is ok)? Does myserver.tld need to have a MX record as well > in order to avoid the problem? This is all up to you, but yet, in general any domain which is used as sender in email should have an MTA somewhere accepting mail for it on port 25. If you don't want this hosted on the machine with the A record "myserver.tld", you can make an MX record for that name pointing to the desired host. > As far as i understand this error message means that the envelope > sender (which is empty (<>) for bounce mails) is not valid, which > is nonsense because every bounce message has an empty envelope > sender. Correct. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
