On 29 Feb 2016, at 2:43, Ruben Safir wrote:
Can I have input about this recommendation? Is there unreasonable
security
risk? I think not, but I want to double check
It's fine, assuming that you can trust everything else running on the
host that you're running Mailman and Postfix on not to find that config
and start spamming through the port 8000 listener. If you deem that a
problem (it MAY be but probably isn't) you could set up a more secure
rig for the interaction but that is probably not worth the frustration.
If the loopback is already in your port 25 $mynetworks, this is not
substantively adding to your risk.
If you want to understand what is/was causing trouble, consider these
three attempts by Mailman to pass Postfix messages:
On 28 Feb 2016, at 21:07, Ruben Safir wrote:
2016-02-28T17:16:08.921350-05:00 www postfix/smtpd[25547]: NOQUEUE:
reject: RCPT from www.mrbrklyn.com[96.57.23.82]: 450 4.1.2
<ak...@pionerd.org>: Recipient address rejected: Domain not found;
from=<hangout-boun...@nylxs.com> to=<ak...@pionerd.org> proto=ESMTP
helo=<www.mrbrklyn.com>
2016-02-28T17:16:08.967943-05:00 www postfix/smtpd[510]: NOQUEUE:
reject: RCPT from www.mrbrklyn.com[96.57.23.82]: 450 4.1.2
<mbro...@xooyooz.com>: Recipient address rejected: Domain not found;
from=<hangout-boun...@nylxs.com> to=<mbro...@xooyooz.com> proto=ESMTP
helo=<www.mrbrklyn.com>
2016-02-28T17:16:09.036828-05:00 www postfix/smtpd[510]: NOQUEUE:
reject: RCPT from www.mrbrklyn.com[96.57.23.82]: 450 4.1.2
<bput...@effective-tech.com>: Recipient address rejected: Domain not
found; from=<hangout-boun...@nylxs.com>
to=<bput...@effective-tech.com> proto=ESMTP helo=<www.mrbrklyn.com>
All three of those recipient domains are entirely bogus: they are not
currently registered. DNS yields an explicit NXDOMAIN from the relevant
GTLD servers for each of them. These messages should fail, hard, after
one try. If Postfix was configured to operate asynchronously it would be
finding the DNS problem AFTER accepting the messages from Mailman and
sending bounces back to hangout-boun...@nylxs.com. Instead you have
Postfix configured with reject_unknown_recipient_domain cahead of
permit_mynetworks, so it checks recipient domain DNS synchronously:
while the client waits. Then when Postfix tells Mailman it can't handle
the mail, it uses a transient failure code (450) which SHOULD cause the
sender (Mailman) to requeue and retry the message later. Often, 450
would be the right code, which is why it is the default. It's not good
in this case because it leaves the duty of requeueing & retrying to
Mailman, which is worse at that than Postfix. Mailman works best with a
*trusting* and *helpful* MTA between it and the net at large, handling
the subtleties that MTAs need to handle subtly. It does not cope well
with a MTA that tells it to come back later with addresses that really
should be causing hard bounces.
