Accepted undeliverable mail

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Accepted undeliverable mail

Terry Carmen
Does anybody have any idea why my postfix server accepted mail for the  
non-existent user "<[hidden email]>" (no alias by  
that name either)?

Postfix accepted the mail, ran it though amavis/spamassassin, then  
couldn't deliver it (nonexistent user) and generated an NDR, which  
was, of course itself undeliverable, since it's in response to spam.

Anybody have any idea how this is happening?

Thanks,

Terry

------------
local_recipient_maps = unix:passwd.byname $alias_maps
alias_maps = hash:/etc/aliases

There is no user or alias named "squirrel".

Feb  2 06:54:05 wormhole postfix/smtpd[9544]: connect from  
168-143-88-137-compute-ag1-ash01.opsourcecloud.net[168.143.88.137]
Feb  2 06:54:05 wormhole postfix/smtpd[9544]: 539C430134:  
client=168-143-88-137-compute-ag1-ash01.opsourcecloud.net[168.143.88.137]
Feb  2 06:54:05 wormhole postfix/cleanup[9547]: 539C430134: warning:  
header Subject:  
=?UTF-8?Q?Crazy=20Discounts=20on=20Newest=20Wares=20from=20Roset?=?    
       =?UTF-8?Q?ta=20Stone=20eSpec
Feb  2 06:54:05 wormhole postfix/cleanup[9547]: 539C430134:  
message-id=<20100202$5e8dbf3a$a9cb8cf$[hidden email]>
Feb  2 06:54:05 wormhole postfix/qmgr[27035]: 539C430134:  
from=<[hidden email]>, size=19830, nrcpt=1 (queue active)
Feb  2 06:54:05 wormhole amavis[9250]: (09250-04) LMTP::10024  
/var/amavis/tmp/amavis-20100202T060238-09250:  
<[hidden email]> -> <[hidden email]>  
SIZE=19830 Receive
Feb  2 06:54:05 wormhole postfix/smtpd[9544]: disconnect from  
168-143-88-137-compute-ag1-ash01.opsourcecloud.net[168.143.88.137]
Feb  2 06:54:05 wormhole amavis[9250]: (09250-04) Checking:  
YZBiS18Qurwh [168.143.88.137] <[hidden email]> ->  
<[hidden email]>
Feb  2 06:54:06 wormhole postfix/smtpd[9551]: connect from  
localhost[127.0.0.1]
Feb  2 06:54:06 wormhole postfix/smtpd[9551]: BCFF83013A:  
client=localhost[127.0.0.1]
Feb  2 06:54:06 wormhole postfix/cleanup[9547]: BCFF83013A:  
message-id=<20100202$5e8dbf3a$a9cb8cf$[hidden email]>
Feb  2 06:54:06 wormhole postfix/smtpd[9551]: disconnect from  
localhost[127.0.0.1]
Feb  2 06:54:06 wormhole postfix/qmgr[27035]: BCFF83013A:  
from=<[hidden email]>, size=20837, nrcpt=1 (queue active)
Feb  2 06:54:06 wormhole amavis[9250]: (09250-04) FWD via SMTP:  
<[hidden email]> ->  
<[hidden email]>,BODY=7BIT 250 2.0.0 Ok, id=09250-04,  
from MTA([127.0.0.1]:1002
Feb  2 06:54:06 wormhole amavis[9250]: (09250-04) Passed SPAMMY,  
[168.143.88.137] [168.143.88.137] <[hidden email]> ->  
<[hidden email]>, Message-ID: <20100202$5e8d
Feb  2 06:54:06 wormhole postfix/lmtp[9548]: 539C430134:  
to=<[hidden email]>,  
relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=0.44/0/0/1.3,  
dsn=2.0.0, status=sent (250 2
Feb  2 06:54:06 wormhole postfix/qmgr[27035]: 539C430134: removed
Feb  2 06:54:06 wormhole postfix/smtp[9552]: BCFF83013A:  
to=<[hidden email]>, relay=none, delay=0.05,  
delays=0/0/0.04/0, dsn=5.4.6, status=bounced (mail for webmail.cnysuppo
Feb  2 06:54:06 wormhole postfix/cleanup[9547]: D76193013C:  
message-id=<[hidden email]>
Feb  2 06:54:06 wormhole postfix/bounce[9553]: BCFF83013A: sender  
non-delivery notification: D76193013C
Feb  2 06:54:06 wormhole postfix/qmgr[27035]: D76193013C: from=<>,  
size=22785, nrcpt=1 (queue active)
Feb  2 06:54:06 wormhole postfix/qmgr[27035]: BCFF83013A: removed
Feb  2 06:54:37 wormhole postfix/smtp[9554]: connect to  
mail.getprimestar.com[172.31.32.250]:25: Connection timed out
Feb  2 06:54:37 wormhole postfix/smtp[9554]: D76193013C:  
to=<[hidden email]>, relay=none, delay=30,  
delays=0.07/0/30/0, dsn=4.4.1, status=deferred (connect to  
mail.getprimestar.com
Feb  2 06:57:25 wormhole postfix/anvil[9545]: statistics: max  
connection rate 1/60s for (smtp:168.143.88.137) at Feb  2 06:54:05
Feb  2 06:57:25 wormhole postfix/anvil[9545]: statistics: max  
connection count 1 for (smtp:168.143.88.137) at Feb  2 06:54:05

Reply | Threaded
Open this post in threaded view
|

Re: Accepted undeliverable mail

Charles Marcus
[hidden email] wrote:

> Postfix accepted the mail, ran it though amavis/spamassassin, then
> couldn't deliver it (nonexistent user) and generated an NDR, which was,
> of course itself undeliverable, since it's in response to spam.
>
> Anybody have any idea how this is happening?
>
> Thanks,
>
> Terry
>
> ------------
> local_recipient_maps = unix:passwd.byname $alias_maps
> alias_maps = hash:/etc/aliases
>
> There is no user or alias named "squirrel".

Per the welcome message you received when you joined the list:

TO REPORT A PROBLEM see:
http://www.postfix.org/DEBUG_README.html#mail

At a minimum, postfix version, output of postconf -n and unedited
NON-verbose logs exhibiting the problem should be provided...

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

Re: Accepted undeliverable mail

Terry Carmen
In reply to this post by Terry Carmen
Quoting [hidden email]:

> Does anybody have any idea why my postfix server accepted mail for  
> the non-existent user "<[hidden email]>" (no alias
> by that name either)?

I've narrowed it down to a problem with the way subdomains users are  
validated.

[hidden email] is properly rejected at the rcpt to: command,  
while [hidden email] is accepted, then causes an NDR.

Anybody have any ideas?

I have no valid subdomains, so simply rejecting anything sent to one  
would be just fine.

Thanks,

Terry


postconf -n:

alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
default_rbl_reply = $rbl_code Service unavailable; $rbl_class  
[$rbl_what] blocked using $rbl_domain.
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_command = /usr/local/libexec/dovecot/deliver
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 102400000
mydestination = $myhostname, cnysupport.com, bupkis.org
mydomain = cnysupport.com
myhostname = smtp.cnysupport.com
mynetworks = 127.0.0.1
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner_request_special = yes
queue_directory = /var/spool/postfix
readme_directory = no
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks,        
permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient, hash:/etc/postfix/whitelist, cidr:/etc/postfix/blacklist_cidr
reject_unknown_reverse_client_hostname,        
reject_unauth_pipelining,        reject_non_fqdn_recipient,        
reject_rbl_client zen.spamhaus.org
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_mynetworks          
permit_sasl_authenticated         reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/CA/cert.pem
smtpd_tls_key_file = /etc/CA/key.pem
smtpd_tls_loglevel = 0
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550



Reply | Threaded
Open this post in threaded view
|

Re: Accepted undeliverable mail

Noel Jones-2
On 2/6/2010 10:55 AM, [hidden email] wrote:

> Quoting [hidden email]:
>
>> Does anybody have any idea why my postfix server accepted mail for the
>> non-existent user "<[hidden email]>" (no alias
>> by that name either)?
>
> I've narrowed it down to a problem with the way subdomains users are
> validated.
>
> [hidden email] is properly rejected at the rcpt to: command,
> while [hidden email] is accepted, then causes an NDR.
>
> Anybody have any ideas?

Yes.  As you were already told, set in main.cf
relay_domains =
ie. set explicitly to an empty value.


   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Accepted undeliverable mail

Terry Carmen
Quoting Noel Jones <[hidden email]>:

> On 2/6/2010 10:55 AM, [hidden email] wrote:
>> Quoting [hidden email]:
>>
>>> Does anybody have any idea why my postfix server accepted mail
for the
>>> non-existent user "<[hidden email]>" (no alias
>>> by that name either)?
>>
>> I've narrowed it down to a problem with the way subdomains users
are
>> validated.
>>
>> [hidden email] is properly rejected at the rcpt to:
command,
>> while [hidden email] is accepted, then causes an
NDR.
>>
>> Anybody have any ideas?
>
> Yes.&nbsp; As you were already told, set in main.cf
> relay_domains =
> ie. set explicitly to an empty value.
>

That worked, however I was not "already told" anything, except Charles  
Marcus' recommendation to post postconf -n, which I did.

The subdomains weren't listed in mydestination, relay_domains was not  
set, which should default to mydestination.

In any case, According to  
http://www.postfix.org/postconf.5.html#relay_domains, the relay  
recipients are supposed to be validated against relay_recipient_maps.  
Since I don't have a relay_recipient_maps, it should reject anybody  
who isn't a local user.

It's working, and I appreciate the help, but I'm either  
misunderstanding the docs or something is behaving improperly.

Terry

Reply | Threaded
Open this post in threaded view
|

Re: Accepted undeliverable mail

Noel Jones-2
On 2/6/2010 1:58 PM, [hidden email] wrote:

> Quoting Noel Jones <[hidden email]>:
>
>> On 2/6/2010 10:55 AM, [hidden email] wrote:
>>> Quoting [hidden email]:
>>>
>>>> Does anybody have any idea why my postfix server accepted mail
> for the
>>>> non-existent user "<[hidden email]>" (no alias
>>>> by that name either)?
>>>
>>> I've narrowed it down to a problem with the way subdomains users
> are
>>> validated.
>>>
>>> [hidden email] is properly rejected at the rcpt to:
> command,
>>> while [hidden email] is accepted, then causes an
> NDR.
>>>
>>> Anybody have any ideas?
>>
>> Yes.&nbsp; As you were already told, set in main.cf
>> relay_domains =
>> ie. set explicitly to an empty value.
>>
>
> That worked, however I was not "already told" anything, except Charles
> Marcus' recommendation to post postconf -n, which I did.

My apologies, got you mixed up with another thread.

> The subdomains weren't listed in mydestination, relay_domains was not
> set, which should default to mydestination.
>
> In any case, According to
> http://www.postfix.org/postconf.5.html#relay_domains, the relay
> recipients are supposed to be validated against relay_recipient_maps.
> Since I don't have a relay_recipient_maps, it should reject anybody who
> isn't a local user.

relay_domains defaults to $mydestination and all subdomains of
domains listed there.

An empty relay_recipient_maps setting (the default) means "do
not validate relay recipients".  Validation is not performed
unless there is a map specified.

>
> It's working, and I appreciate the help, but I'm either misunderstanding
> the docs or something is behaving improperly.

The behavior you see is intended.  The docs are correct, but
maybe not explicit enough for everyone.  Documentation patches
are always welcomed, but not always accepted.

   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Accepted undeliverable mail

Terry Carmen
Quoting Noel Jones <[hidden email]>:


>> That worked, however I was not "already told" anything, except
Charles
>> Marcus' recommendation to post postconf -n, which I did.
>
> My apologies, got you mixed up with another thread.

No problem.


>
>> The subdomains weren't listed in mydestination, relay_domains was
not
>> set, which should default to mydestination.
>>
>> In any case, According to
>> http://www.postfix.org/postconf.5.html#relay_domains, the relay
>> recipients are supposed to be validated against
relay_recipient_maps.
>> Since I don't have a relay_recipient_maps, it should reject
anybody who
>> isn't a local user.
>
> relay_domains defaults to $mydestination and all subdomains of  
> domains listed there.

I missed the "subdomains" part.

> The behavior you see is intended.&nbsp; The docs are correct, but maybe
> not explicit enough for everyone.&nbsp; Documentation patches are
always
> welcomed, but not always accepted.

I'll pass on updating the docs. Considering that I misinterpreted  
them, I'm probably not the right person to submit a change.

Thanks again.

Terry