Hi Viktor,
On Thu, 9 May 2019, Viktor Dukhovni wrote:
On May 9, 2019, at 1:13 PM, Andreas Thienemann <andr...@bawue.net> wrote:
I have the following items in my config:
http://www.postfix.org/DEBUG_README.html#mail
fair enough...
Problem description:
smtpd_recipient_restrictions seems to be working different than expected.
I would expect addresses listed in check_recipient_access tables to be
bounced.
I would have expected a client sending to bounce-t...@example.org to get
554 test-bounce successful Mail bounced.
Instead I am seeing an error that seems to come from
recipient verification:
-> RCPT TO:<test-bou...@example.org>
<** 550 5.1.1 <test-bou...@example.org>: Recipient address rejected:
undeliverable address: host mailin01.lan[private/dovecot-lmtp]
said: 550 5.1.1 <test-bou...@example.org> User doesn't exist:
test-bou...@example.org (in reply to RCPT TO command)
log extract:
May 9 20:02:18 mailin01 postfix/smtpd[32352]: connect from
localhost[127.0.0.1]
May 9 20:02:52 mailin01 postfix/smtpd[32352]: NOQUEUE: reject: RCPT from
localhost[127.0.0.1]: 550 5.1.1 <bounce-t...@example.org>: Recipient
address rejected: undeliverable address: host
mailin01.lan[private/dovecot-lmtp] said: 550 5.1.1
<bounce-t...@example.org> User doesn't exist: bounce-t...@example.org (in
reply to RCPT TO command); from=<t...@example.com>
to=<bounce-t...@example.org> proto=ESMTP helo=<mailin01.lan>
May 9 20:02:52 mailin01 postfix/smtpd[32352]: disconnect from
localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4
postconf -n output:
[root@mailin01 ~]# postconf -n
address_verify_relayhost =
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases hash:/etc/postfix/mailinglist_aliases
append_dot_mydomain = no
biff = no
enable_original_recipient = yes
inet_interfaces = 10.1.1.38, 127.0.0.1
inet_protocols = ipv4
local_recipient_maps = proxy:mysql:/etc/postfix/local_recipients.cf $alias_maps
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:private/dovecot-lmtp
message_size_limit = 41943040
milter_connect_macros = j {daemon_name} {daemon_addr} v _
milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} b r v Z
mydestination = mailin01.mx.example.net, localhost.localdomain, localhost,
example.org, example.net, srs.example.net
myhostname = mailin01.mx.example.net
mynetworks = 127.0.0.0/8
non_smtpd_milters = { inet:localhost:10005, connect_timeout=10s,
default_action=accept }
proxy_read_maps = $local_recipient_maps $smtpd_sender_restrictions
$smtpd_recipient_restrictions $virtual_alias_maps $virtual_alias_domains
$virtual_mailbox_maps $transport_maps $relay_domains
readme_directory = no
recipient_canonical_classes = envelope_recipient,header_recipient
recipient_canonical_maps = tcp:127.0.0.1:10002
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/relay_hostnames.cf
proxy:mysql:/etc/postfix/relay_domains.cf /etc/postfix/mailinglist_relay
relayhost = [relay01.mx.example.net]
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 60
smtpd_client_event_limit_exceptions = 127.0.0.1 10.1.1.67
smtpd_error_sleep_time = 0
smtpd_hard_error_limit = 4
smtpd_milters = { unix:/run/spamass-milter/postfix/sock, connect_timeout=10s,
default_action=accept } { inet:localhost:10003, connect_timeout=10s,
default_action=accept } { inet:localhost:10004, connect_timeout=10s,
default_action=accept } { inet:localhost:10006, connect_timeout=10s,
default_action=accept } { inet:localhost:10007, connect_timeout=10s,
default_action=accept }
smtpd_recipient_restrictions = check_recipient_access
proxy:mysql:/etc/postfix/bounce_spam_alias.cf check_recipient_access
proxy:mysql:/etc/postfix/bounce_routes.cf reject_unknown_recipient_domain
reject_unverified_recipient reject_unlisted_recipient
smtpd_relay_restrictions = reject_unauth_destination
reject_unverified_recipient
smtpd_sasl_auth_enable = no
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_client_access inline:{10.1.1.67=OK}
reject_unknown_sender_domain proxy:mysql:/etc/postfix/sender_access_example.cf
smtpd_soft_error_limit = 2
smtpd_tls_CAfile = /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/mailin01.mx.example.net.crt
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_key_file = /etc/postfix/ssl/mailin01.mx.example.net.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL MD5
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
transport_maps = hash:/etc/postfix/transport
proxy:mysql:/etc/postfix/transport.cf
unverified_recipient_reject_code = 550
virtual_alias_domains = proxy:mysql:/etc/postfix/virtual_domains.cf
proxy:mysql:/etc/postfix/virtual_hostnames.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_aliases.cf
proxy:mysql:/etc/postfix/virtual_transport.cf
postconf --Mf output:
smtp inet n - n - - smtpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - n n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
I hope that the postconf -n output makes things clearer.
cheers,
Andreas
