Hi all
Please note that the last time I asked about the behavior of Postfix it
turned out I had misunderstood the concept of relaying mail. It might
be the case again.
I'm running the mailserver that serves this domain + a few others,
the mailserver at ubuntudanmark.dk and the mailservers at nt-data.dk.
So I'm running these servers, with this relation:
mx01.aptget.dk <-- Not a backup MX
mx01.ubuntudanmark.dk <-- Not a backup MX
mx01.nt-data.dk <-- Backup MX for mx01.aptget.dk and
mx01.ubuntudanmark.dk
mx02.nt-data.dk <-- Backup MX for mx01.nt-data.dk
The setup is entirely virtual, using MySQL to store aliases, addressees
etc. The problem is, that *I think* the backup MX' can be used to
spread backscatter. I routinely looks at the Postfix logging, and found
these entries yesterday from mx01.nt-data.dk:
---
titanus@ntdata:/var/log$ grep "048341743609" mail.log.1
Feb 7 22:12:48 ntdata postfix/pickup[24843]: 048341743609: uid=5005
from=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>
Feb 7 22:12:48 ntdata postfix/cleanup[30176]: 048341743609:
message-id=<gi63z8-uskq93...@tdhhadcuneunhvooig.alumni.insead.edu>
Feb 7 22:12:48 ntdata postfix/qmgr[20252]: 048341743609:
from=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>, size=5268,
nrcpt=1 (queue active)
Feb 7 22:12:48 ntdata postfix/smtp[30181]: 048341743609:
to=<a...@ubuntudanmark.dk>,
relay=mx01.ubuntudanmark.dk[31.192.231.5]:25, delay=0.71,
delays=0/0.04/0.17/0.5, dsn=5.1.1, status=bounced (host
mx01.ubuntudanmark.dk[31.192.231.5] said: 550 5.1.1
<a...@ubuntudanmark.dk>: Recipient address rejected: User unknown in
virtual mailbox table (in reply to RCPT TO command))
Feb 7 22:12:48 ntdata postfix/bounce[30182]: 048341743609: sender
non-delivery notification: B201D1743608
Feb 7 22:12:48 ntdata postfix/qmgr[20252]: 048341743609: removed
---
Then mx01.nt-data.dk tries to send a bounce to gmail:
---
Feb 7 22:12:52 ntdata postfix/smtp[30183]: B201D1743608:
to=<jimmiedcu...@gmail.com>,
orig_to=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>,
relay=gmail-smtp-in.l.google.com[173.194.71.26]:25, delay=3.4,
delays=0.01/0.01/0.29/3, dsn=5.1.1, status=bounced (host
gmail-smtp-in.l.google.com[173.194.71.26] said: 550-5.1.1 The email
account that you tried to reach does not exist. Please try 550-5.1.1
double-checking the recipient's email address for typos or 550-5.1.1
unnecessary spaces. Learn more at 550 5.1.1
http://support.google.com/mail/bin/answer.py?answer=6596
bc7si9536557lbb.184 - gsmtp (in reply to RCPT TO command))
---
The address a...@ubuntudanmark.dk does not exist - Neither at
mx01.nt-data.dk nor at mx01.ubuntudanmark.dk, so I would like
mx01.nt-data.dk to reject messages to it. I've tried with other
non-existent addresses trough telnet, and mx01.nt-data.dk accepts them,
as long as they are to one of the backup domains, and then bounces them
(so currently they are disabled in the database).
Following is postconf -n, the content of the 2 relay_* MySQL-files, and
the structure of their database. If more is needed, then please let me
know and I'll include it.
Any pointers, examples or explanations will be appreciated. I've read
in the documentation for virtual hosting and backup MX', but the answer
seems to evades me.
Thanks
ntdata:/etc/postfix# postconf -n
alias_maps = hash:/etc/aliases
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 4
disable_vrfy_command = yes
inet_interfaces = all
maximal_queue_lifetime = 15
myhostname = ntdata.nt-data.dk
mynetworks = 127.0.0.0/8
recipient_canonical_classes = envelope_recipient
recipient_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf,
tcp:127.0.0.1:10002
relay_domains = proxy:mysql:/etc/postfix/relay_domains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/relay_recipient_maps.cf
sender_canonical_classes = envelope_sender
sender_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf,
tcp:127.0.0.1:10001
smtp_tls_security_level = may
smtp_tls_session_cache_database =
btree:$data_directory/smtp_tls_session_cache
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
smtpd_helo_required = yes
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rbl_client truncate.gbudb.net,
reject_unauth_destination,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/self-signed/smtpd.crt
smtpd_tls_key_file = /etc/ssl/self-signed/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:$data_directory/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000
ntdata:/etc/postfix# cat relay_domains.cf
user = postfix
password =
dbname = postfix
query = SELECT description FROM domain WHERE domain='%s' AND
backupmx='1' AND active='1';
ntdata:/etc/postfix# cat relay_recipient_maps.cf
user = postfix
password =
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active='1';
mysql> use postfix;
mysql> desc domain;
+-------------+--------------+------+-----+---------------------+------
| Field | Type | Null | Key | Default | Extra
+-------------+--------------+------+-----+---------------------+------
| domain | varchar(255) | NO | PRI | NULL |
| description | varchar(255) | NO | | NULL |
| aliases | int(10) | NO | | 0 |
| mailboxes | int(10) | NO | | 0 |
| maxquota | bigint(20) | NO | | 0 |
| quota | bigint(20) | NO | | 0 |
| transport | varchar(255) | NO | | NULL |
| backupmx | tinyint(1) | NO | | 0 |
| created | datetime | NO | | 0000-00-00 00:00:00 |
| modified | datetime | NO | | 0000-00-00 00:00:00 |
| active | tinyint(1) | NO | | 1 |
+-------------+--------------+------+-----+---------------------+------
mysql> desc alias;
+----------+--------------+------+-----+---------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------+--------------+------+-----+---------------------+-------+
| address | varchar(255) | NO | PRI | NULL | |
| goto | text | NO | | NULL | |
| domain | varchar(255) | NO | MUL | NULL | |
| created | datetime | NO | | 0000-00-00 00:00:00 | |
| modified | datetime | NO | | 0000-00-00 00:00:00 | |
| active | tinyint(1) | NO | | 1 | |
+----------+--------------+------+-----+---------------------+-------+
