Hi, I am still lost with how this all works together, sadly. Do you see
obvious errors or am I misunderstanding the limits of what can be done ?
I am not sure yet what is relevant
My current settings:
relay_recipient_maps = mysql:/etc/postfix/files/mysql_pn.cf
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
check_recipient_access
hash:/etc/postfix/files/sender_relay_domains,
reject_unverified_recipient,
permit_mynetworks,
permit_sasl_authenticate
smtpd_relay_restrictions = check_recipient_access
hash:/etc/postfix/maps/block_to, permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination
[root@mta5 files]# more sender_relay_domains
## -ALF This should allow Listerv addresses even though they are not in PerName
DB
listserv.uconn.edu DUNNO
[root@mta5 maps]# more transport
# Domains *relayed* by pn.uconn.edu and which map to the hosts' A record.
ad.uconn.edu smtp:[uconn-edu.mail.protection.outlook.com]
darwin.eeb.uconn.edu smtp:[darwin.eeb.uconn.edu]
listserv.uconn.edu smtp:[listserv.uconn.edu]
My goal is to allow all mail TO anyth...@listserv.uconn.edu but still check
recipient for other domains like darwin.eeb.uconn.edu
MY testing:
Connected to localhost.
Escape character is '^]'.
220 mta5.uits.uconn.edu ESMTP Postfix (2.10.1)
ehlo uconn.edu
250-mta5.uits.uconn.edu
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:ang...@uconn.edu
250 2.1.0 Ok
rcpt to:b...@darwin.eeb.uconn.edu
450 4.1.1 <b...@darwin.eeb.uconn.edu>: Recipient address rejected: unverified
address: Address verification in progress
rcpt to:k...@darwin.eeb.uconn.edu
250 2.1.5 Ok
rcpt to:spa...@listserv.uconn.edu
450 4.1.1 <spa...@listserv.uconn.edu>: Recipient address rejected: unverified
address: Address verification in progress
quit
221 2.0.0 Bye
Connection closed by foreign host.
-ANGELO FAZZINA
ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
ang...@uconn.edu
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
-----Original Message-----
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On
Behalf Of Noel Jones
Sent: Friday, November 16, 2018 4:10 PM
To: postfix-users@postfix.org
Subject: Re: looking for any options to better deal with mail looping
On 11/16/2018 2:41 PM, Fazzina, Angelo wrote:
> Hi again,
> Even though my configuration does what I need it to do, it seems to have
> broken something else that needs to still work.
> Did I forget something or just did this wrong ?
> Will this setting allow whitelisting something to help the issue
> "smtpd_sender_restrictions"
> I maybe just confusing the processing Postfix does AFA envelope TO and FROM
> and header TO and FROM...?
The To: From: headers have no relation to postfix delivery. All
delivery is based on envelope addresses.
>
> Here is the test showing what is broken:
>...
> 250 2.1.0 Ok
> rcpt to:uconn_employee...@listserv.uconn.edu
> 450 4.1.1 <uconn_employee...@listserv.uconn.edu>: Recipient address rejected:
> unverified address: Address verification in progress
>...
Nothing wrong here. The address verification is in progress and the
client is free to retry delivery. Presumably the verification
completed a few seconds later. This will be noted in the log.
If you wish to exempt some recipient from verification, add a
check_recipient_access map before the reject_unverified_recipient
> Here is my current config in main.cf :
> smtpd_recipient_restrictions = reject_unknown_recipient_domain,
> reject_unverified_recipient, permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination
Typically, reject_unverified_recipient would be after
reject_unauth_destination to prevent verifying random internet
recipients, or in a check_recipient_access map to limit the scope of
the checks. Something like:
dontverif...@example.com DUNNO
listserv.example.com DUNNO
example.com reject_unverified_recipient
> relay_recipient_maps = hash:/etc/postfix/files/sender_relay_domains,
> mysql:/etc/postfix/files/mysql_pn.cf
> [root@mta5 files]# more sender_relay_domains
> @listserv.uconn.edu OK
relay_recipient_maps does not exempt addresses from the
reject_unverified_recipient check. See the above example for how to
exempt addresses from verification.
>
> Here is [most of] the headers of a real email that gets delivered to my
> first.l...@uconn.edu address even though it does not appear anywhere in the
> headers :
Headers are irrelevant for this discussion. Postfix logs will show
what is happening.
-- Noel Jones
