On 3/22/2016 10:03 PM, Rick Zeman wrote: > Oops, knew I forgot something, Noel. This is a (soft) bounce for a > recipient that does exist on the destination system, but not on the > postfix system, as the following telnet shows: > > Mar 22 22:32:32 miniserv postfix/smtpd[70673]: NOQUEUE: reject: RCPT > from pmta1.delivery8.ore.mailhop.org[54.191.158.99]: 450 4.1.1 > <t...@pointyears.net>: Recipient address rejected: User unknown in local > recipient table; from=<rze...@gmail.com> to=<t...@pointyears.net> > proto=ESMTP helo=<pmta1.delivery8.ore.mailhop.org> > ********
You sure mydestination is empty? At any rate, #main.cf: local_recipient_maps = should take care of this. -- Noel Jones > > $ telnet 192.168.1.5 587 > Trying 192.168.1.5... > Connected to 192.168.1.5. > Escape character is '^]'. > > 220 nw6.pointyears.net > ehlo gmail.com > 250-nw6.pointyears.net > 250-AUTH LOGIN > 250-8BITMIME > 250-SIZE > 250-DSN > 250 STARTTLS > mail from:<rze...@gmail.com> > 250 Ok > rcpt to:<t...@pointyears.net> > 250 Ok > Data > 354 Enter mail, end with "." on a line by itself > This will be accepted. > . > 250 Ok > > > This is accepted. > > ********* > This is a successful delivery: > > Mar 22 22:55:23 miniserv postfix/smtpd[71355]: connect from > pmta1.delivery7.ore.mailhop.org[54.186.27.61] > Mar 22 22:55:24 miniserv postfix/smtpd[71355]: Anonymous TLS > connection established from > pmta1.delivery7.ore.mailhop.org[54.186.27.61]: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits) > Mar 22 22:55:24 miniserv postfix/smtpd[71355]: 8BA43278ED90: > client=pmta1.delivery7.ore.mailhop.org[54.186.27.61] > Mar 22 22:55:24 miniserv postfix/cleanup[71361]: 8BA43278ED90: > message-id=<CAN1dBq075WKYYv7f5U4+wGY+Yby-3Ng=xmgpgx-ni8ereyw...@mail.gmail.com> > Mar 22 22:55:24 miniserv postfix/qmgr[68145]: 8BA43278ED90: > from=<rze...@gmail.com>, size=2582, nrcpt=1 (queue active) > Mar 22 22:55:24 miniserv postfix/smtpd[71355]: disconnect from > pmta1.delivery7.ore.mailhop.org[54.186.27.61] > Mar 22 22:55:25 miniserv postfix/smtpd[71365]: connect from > localhost[127.0.0.1] > Mar 22 22:55:25 miniserv postfix/smtpd[71365]: 48C83278ED96: > client=localhost[127.0.0.1] > Mar 22 22:55:25 miniserv postfix/cleanup[71361]: 48C83278ED96: > message-id=<CAN1dBq075WKYYv7f5U4+wGY+Yby-3Ng=xmgpgx-ni8ereyw...@mail.gmail.com> > Mar 22 22:55:25 miniserv postfix/smtpd[71365]: disconnect from > localhost[127.0.0.1] > Mar 22 22:55:25 miniserv postfix/qmgr[68145]: 48C83278ED96: > from=<rze...@gmail.com>, size=3046, nrcpt=1 (queue active) > Mar 22 22:55:25 miniserv postfix/smtp[71362]: 8BA43278ED90: > to=<rze...@pointyears.net>, relay=127.0.0.1[127.0.0.1]:10024, > delay=0.92, delays=0.5/0.09/0/0.33, dsn=2.0.0, status=sent (250 2.0.0 > from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as > 48C83278ED96) > Mar 22 22:55:25 miniserv postfix/qmgr[68145]: 8BA43278ED90: removed > Mar 22 22:55:25 miniserv postfix/smtp[71366]: Untrusted TLS connection > established to 192.168.1.5[192.168.1.5]:587: TLSv1 with cipher > AES256-SHA (256/256 bits) > Mar 22 22:55:25 miniserv postfix/smtp[71366]: 48C83278ED96: > to=<rze...@pointyears.net>, relay=192.168.1.5[192.168.1.5]:587, > delay=0.59, delays=0.01/0.03/0.54/0, dsn=2.0.0, status=sent (250 Ok) > Mar 22 22:55:25 miniserv postfix/qmgr[68145]: 48C83278ED96: removed > > On Tue, Mar 22, 2016 at 10:17 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: >> On 3/22/2016 8:54 PM, Rick Zeman wrote: >>> OS X Postfix system rebuilt as a relay with no local mailboxes, but >>> we're not passing inbound mail to the final destination except for the >>> few people who have local accounts on the postfix server. Soft bounce >>> is on....luckily (great safety net, Wietse). I have something that's >>> negating reject_unverified_recipient and I don't see what it is. Can >>> another set of eyes help? Thanks! >>> >> >> What do you mean by negating? Do you have postfix logs (NOT debug >> logs) demonstrating the unexpected behavior? >> >> >>> mydestination = >> >> No local domains. OK. >> >>> mydomain = pointyears.net >>> myhostname = miniserv.pointyears.net >>> mynetworks = 127.0.0.0/8, [::1]/128 , 192.168.1.0/24 >> >>> relay_domains = pointyears.net pointyears.org >> >> relay_domains with no relay_recipient_maps, so any user should be >> accepted, subject to later reject_unverified_recipient. >> >>> relayhost = smtp.comcast.net:587 >>> smtp_generic_maps = >>> regexp:/Library/Server/Mail/Config/postfix/generic.regexp >> >>> smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated >>> permit >> >> The above is basically a no-op; permit anything. That's OK, you can >> simplify by removing the line. >> >>> smtpd_recipient_restrictions = permit_sasl_authenticated >>> permit_mynetworks reject_unauth_destination >>> reject_unverified_recipient >> >> This looks reasonable. Addresses to a domain handled by postfix >> will trigger a recipient probe, unless from mynetworks or SASL AUTH. >> You testing from inside your network? >> >> >>> soft_bounce = yes >> >> And any reject will be turned into a 4xx defer. >> >>> >>> transport: >>> pointyears.net smtp:[192.168.1.5]:587 >>> pointyears.org smtp:[192.168.1.5]:587 >>> >> >> >> So what problem are you having? >> >> >> >> >> -- Noel Jones
