I changed my config and added/changed in main.cf
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
reject_unverified_recipient, permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
address_verify_poll_count = ${stress?1}${stress:3}
address_verify_poll_delay = 3s
address_verify_map = btree:$data_directory/verify_cache
relay_recipient_maps = mysql:/etc/postfix/files/mysql_pn.cf
I did a test
postmap /etc/postfix/files/mysql_pn.cf
systemctl restart postfix
THEN
[root@mta5 postfix]# telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 mta5.uits.uconn.edu ESMTP Postfix (2.10.1)
ehlo uconn.edu
250-mta5.uits.uconn.edu
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
quit
221 2.0.0 Bye
[root@mta5 postfix]# mlgrep 2F56E3000A39 /var/log/maillog
Nov 7 14:49:02 mta5 postfix/cleanup[32604]: 2F56E3000A39:
message-id=<[email protected]>
Nov 7 14:49:02 mta5 postfix/qmgr[31379]: 2F56E3000A39:
from=<[email protected]>, size=284, nrcpt=1 (queue active)
Nov 7 14:49:02 mta5 postfix/smtp[32607]: 2F56E3000A39:
to=<[email protected]>,
relay=darwin-eeb-uconn-edu.mail.protection.outlook.com[207.46.163.106]:25,
delay=0.39, delays=0.01/0.02/0.23/0.14, dsn=2.1.5, status=deliverable (250
2.1.5 Recipient OK)
Nov 7 14:49:02 mta5 postfix/qmgr[31379]: 2F56E3000A39: removed
MY QUESTION:
Why do logs show " status=deliverable" ? I get this no matter if "TO" is real
or a fake address BTW.
Is it due to the relay[207.46.163.106] blindly accepting all mail with "TO" of
[email protected] ?
Have I misinterpreted how to use relay_recipient_maps =
mysql:/etc/postfix/files/mysql_pn.cf ?? From logs I think postfix is not using
this setting....
-ANGELO FAZZINA
ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
[email protected]
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
-----Original Message-----
From: [email protected] <[email protected]> On
Behalf Of Wietse Venema
Sent: Wednesday, November 7, 2018 11:38 AM
To: Postfix users <[email protected]>
Subject: Re: looking for any options to better deal with mail looping
Fazzina, Angelo:
> Hi, I have a domain that has MX point to O365 and then O365 relays
> mail to Postfix server. Currently, Postfix does a lookup in a
> MySql table to know where to relay the email to, AFA next hop. If
> not found in table Postfix looks up MX and relays the email.
Postfix should first verfy that the recipient exists, before accepting
the mail. Perhaps you can use the MySQL table with relay_recipient_maps.
For more info on inbound recipient validation:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.postfix.org%2FSTANDARD_CONFIGURATION_README.html&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C6af734f1e965454dce3008d644cf81a0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636772055359110475&sdata=T1YWt5JhrZOFA3vvfgqfawCBeFGJBeGE0bAHUlwEaYA%3D&reserved=0
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.postfix.org%2FADDRESS_VERIFICATION_README.html&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C6af734f1e965454dce3008d644cf81a0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636772055359110475&sdata=xGbSWP8WYDX%2BpiCjOFVbpz%2F1BMsYpbzXLRhcf3CCo14%3D&reserved=0
Basically, have a list of valid recipients, or dynamically build
a cache with reject_unverified_recipient.
Wietse
