On Mon, Aug 10, 2020 at 01:39:55PM -0400, cfs_post...@insec.lofcom.com wrote:
> 1) May I assume every delivery must have a fully-qualified email > address, even those to MBOX files on the server? This question is too vague to have an answer (I have no idea what you're actually getting at). You should ask a more precise question, likely in relation to some particular context. > 2) The following occurred back when I was having bounce issues > because of the setting of $myorigin. According to the logs, when I > sent mail to webmas...@makodon.com, it is properly accepted from > the external machine (I assume because I have it in > virtual_alias_domains via a hash of sendmail's local-host-names > file) and then postfix disconnects from that machine. As described, that's an inbound connection from an SMTP client. Really the client disconnects from Postfix, by issuing the SMTP "QUIT" command. You've not posted any logs or configuration info, despite reading <http://www.postfix.org/DEBUG_README.html#mail>. It is rather unclear what you're actually trying to describe. > After disconnect, the user validuser is rewritten to In SMTP there's no concept of "user", there are envelope senders, and envelope recipients, not clear which you're talking about. Best guess is envelope recipient, which above was "webmaster", but below magically turned into "validuser". Also, $myorigin is only appended to unqualified addresses, and the above address already has a domain. You're indeed falling into the very trap I tried to steer you away from, that is, describing problems only in free-from prose, rather than clearly stated data (logs, configs, ...). > validu...@lofcom.com (bad $myorigin setting), that fails, then > postfix makes a connection to the sending machine and delivers the > bounce message. It doesn't hold the connection open to reject the > mail, but rather reports the bounce later with a new message. Indeed Postfix is not Sendmail. Delivery happens asynchronously, and in parallel for multiple recipients, with qmgr(8) managing scheduling and destination concurrency, master(8) handling per-transport process limits, ... http://www.postfix.org/OVERVIEW.html This outperforms Sendmail, is more modular and maintainable, less prone to turn minor bugs into major security issues, ... But indeed there is no delivery failure notification during the incoming SMTP connection. > Since I've intentionally forged all of these header fields for the > tests similar to spam forgeries, doesn't that reconnect imply that > postfix could cause backscatter spam? Am I doing something wrong > that would get postfix to follow to the ultimate delivery while the > connection is open and reject instead of bounce later? That's why Postfix has recipient validation. You should not be accepting inbound messages for non-existent recipients. Avoid wildcard rewrites that accept mail for all localparts, only to then bounce most of them. -- Viktor.
