On Fri, Feb 08, 2013 at 04:06:57PM +0100, Titanus Eramius wrote: > Please note that the last time I asked about the behavior of Postfix it > turned out I had misunderstood the concept of relaying mail. It might > be the case again. > > I'm running the mailserver that serves this domain + a few others, > the mailserver at ubuntudanmark.dk and the mailservers at nt-data.dk. > > So I'm running these servers, with this relation: > mx01.aptget.dk <-- Not a backup MX > mx01.ubuntudanmark.dk <-- Not a backup MX > mx01.nt-data.dk <-- Backup MX for mx01.aptget.dk and > mx01.ubuntudanmark.dk > mx02.nt-data.dk <-- Backup MX for mx01.nt-data.dk > > The setup is entirely virtual, using MySQL to store aliases, addressees > etc. The problem is, that *I think* the backup MX' can be used to > spread backscatter. I routinely looks at the Postfix logging, and found > these entries yesterday from mx01.nt-data.dk: > > --- > titanus@ntdata:/var/log$ grep "048341743609" mail.log.1 > > Feb 7 22:12:48 ntdata postfix/pickup[24843]: 048341743609: uid=5005 > from=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>
pickup(8) picks up mail which was sent via sendmail(1). This is a local/system user's process (UID 5005, specifically) sending the mail. Your misunderstanding this time seems to be that you think it came from the network and could thus be rejected. If this seems to be some kind of abuse, it could be that something you're running on the server has been compromised; web/php scripts being the most common vector. > Feb 7 22:12:48 ntdata postfix/cleanup[30176]: 048341743609: > message-id=<gi63z8-uskq93...@tdhhadcuneunhvooig.alumni.insead.edu> > > Feb 7 22:12:48 ntdata postfix/qmgr[20252]: 048341743609: > from=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>, size=5268, > nrcpt=1 (queue active) > > Feb 7 22:12:48 ntdata postfix/smtp[30181]: 048341743609: > to=<a...@ubuntudanmark.dk>, > relay=mx01.ubuntudanmark.dk[31.192.231.5]:25, delay=0.71, > delays=0/0.04/0.17/0.5, dsn=5.1.1, status=bounced (host > mx01.ubuntudanmark.dk[31.192.231.5] said: 550 5.1.1 > <a...@ubuntudanmark.dk>: Recipient address rejected: User unknown in > virtual mailbox table (in reply to RCPT TO command)) > > Feb 7 22:12:48 ntdata postfix/bounce[30182]: 048341743609: sender > non-delivery notification: B201D1743608 > > Feb 7 22:12:48 ntdata postfix/qmgr[20252]: 048341743609: removed > --- > > Then mx01.nt-data.dk tries to send a bounce to gmail: > > --- > Feb 7 22:12:52 ntdata postfix/smtp[30183]: B201D1743608: > to=<jimmiedcu...@gmail.com>, > orig_to=<SRS0=3u76=L7=gmail.com=jimmiedcu...@nt-data.dk>, Here you have virtually aliased this sender (now a bounce recipient) address to jimmiedcu...@gmail.com. > relay=gmail-smtp-in.l.google.com[173.194.71.26]:25, delay=3.4, > delays=0.01/0.01/0.29/3, dsn=5.1.1, status=bounced (host > gmail-smtp-in.l.google.com[173.194.71.26] said: 550-5.1.1 The email > account that you tried to reach does not exist. Please try 550-5.1.1 > double-checking the recipient's email address for typos or 550-5.1.1 > unnecessary spaces. Learn more at 550 5.1.1 > http://support.google.com/mail/bin/answer.py?answer=6596 > bc7si9536557lbb.184 - gsmtp (in reply to RCPT TO command)) > --- > > The address a...@ubuntudanmark.dk does not exist - Neither at > mx01.nt-data.dk nor at mx01.ubuntudanmark.dk, so I would like > mx01.nt-data.dk to reject messages to it. I've tried with other > non-existent addresses trough telnet, and mx01.nt-data.dk accepts them, > as long as they are to one of the backup domains, and then bounces them > (so currently they are disabled in the database). There is no possible mechanism within Postfix to reject mail submitted via the sendmail command. > Following is postconf -n, the content of the 2 relay_* MySQL-files, and > the structure of their database. If more is needed, then please let me > know and I'll include it. > > Any pointers, examples or explanations will be appreciated. I've read > in the documentation for virtual hosting and backup MX', but the answer > seems to evades me. FWIW, generally a backup MX is a bad idea. Why did you want it? [snip] -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
