Erros with mailing list expansion

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Erros with mailing list expansion

System Support
 I have to two spearate postfix installations where I have a postfix server that does some initial processing - such as address re-writing, signing, and mailing list expansion.  One of them works as expected, and the other fails when doing the mailing list expansion.  Specifically:

If I send an e-mail to '[hidden email]' it works correctly.  If I send an e-mail to 'mail-list' when mail-list is defined in the aliases file as mail-list:  [hidden email] it does not work and the relay host respones Transaction failed: Missing final '@domain'

Here is a copy of the log for both cases:

Fails: to mail-list -> [hidden email]

Feb  3 14:00:45 Falcon postfix/smtpd[10509]: warning: hostname MailServer.Net1.myserver.com does not resolve to address 10.168.1.23: Name or service not known
Feb  3 14:00:45 Falcon postfix/smtpd[10509]: connect from unknown[10.168.1.23]
Feb  3 14:00:45 Falcon postfix/smtpd[10509]: A450A139221: client=unknown[10.168.1.23]
Feb  3 14:00:45 Falcon postfix/cleanup[10511]: A450A139221: message-id=<[hidden email]>
Feb  3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221: from=<[hidden email]>, size=717, nrcpt=1 (queue active)
Feb  3 14:00:45 Falcon postfix/smtpd[10509]: disconnect from unknown[10.168.1.23]
Feb  3 14:00:45 Falcon postfix/cleanup[10511]: B7B19139238: message-id=<[hidden email]>
Feb  3 14:00:45 Falcon postfix/local[10512]: A450A139221: to=<[hidden email]>, orig_to=<WPNY>, relay=local, delay=0.12, delays=0.08/0.01/0/0.03, dsn=2.0.0, status=sent (forwarded as B7B19139238)
Feb  3 14:00:45 Falcon postfix/qmgr[9871]: B7B19139238: from=<[hidden email]>, size=880, nrcpt=1 (queue active)
Feb  3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221: removed
Feb  3 14:00:46 Falcon postfix/smtp[10513]: B7B19139238: to=<[hidden email]>, relay=email-smtp.us-east-1.amazonaws.com[184.73.222.29]:25, delay=0.88, delays=0.03/0.03/0.7/0.12, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[184.73.222.29] said: 554 Transaction failed: Missing final '@domain' (in reply to end of DATA command))
Feb  3 14:00:46 Falcon postfix/cleanup[10511]: E324413923C: message-id=<[hidden email]>
Feb  3 14:00:46 Falcon postfix/bounce[10514]: B7B19139238: sender non-delivery notification: E324413923C
Feb  3 14:00:46 Falcon postfix/qmgr[9871]: E324413923C: from=<>, size=2967, nrcpt=1 (queue active)
Feb  3 14:00:46 Falcon postfix/qmgr[9871]: B7B19139238: removed
Feb  3 14:00:47 Falcon postfix/smtp[10513]: E324413923C: to=<[hidden email]>, relay=email-smtp.us-east-1.amazonaws.com[54.243.69.182]:25, delay=0.61, delays=0.04/0/0.56/0.01, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[54.243.69.182] said: 501 Invalid MAIL FROM address provided (in reply to MAIL FROM command))
Feb  3 14:00:47 Falcon postfix/qmgr[9871]: E324413923C: removed

Besides the non-delivery notification, the non-delivery notification is not delivered because the
from=<> although the original from appears to be set correctly.

Works:  to:  [hidden email]

Feb  3 14:01:24 Falcon postfix/smtpd[10509]: warning: hostname MailServer.Net1.myserver.com does not resolve to address 10.168.1.23: Name or service not known
Feb  3 14:01:24 Falcon postfix/smtpd[10509]: connect from unknown[10.168.1.23]
Feb  3 14:01:24 Falcon postfix/smtpd[10509]: 62C4F139221: client=unknown[10.168.1.23]
Feb  3 14:01:24 Falcon postfix/cleanup[10511]: 62C4F139221: message-id=<[hidden email]>
Feb  3 14:01:24 Falcon postfix/qmgr[9871]: 62C4F139221: from=<[hidden email]>, size=745, nrcpt=1 (queue active)
Feb  3 14:01:24 Falcon postfix/smtpd[10509]: disconnect from unknown[10.168.1.23]
Feb  3 14:01:25 Falcon postfix/smtp[10513]: 62C4F139221: to=<[hidden email]>, relay=email-smtp.us-east-1.amazonaws.com[107.21.238.216]:25, delay=0.81, delays=0.08/0/0.49/0.24, dsn=2.0.0, status=sent (250 Ok 0000014b50d18bb8-fc6a1ab8-11c5-4133-b423-16b14685b673-000000)
Feb  3 14:01:25 Falcon postfix/qmgr[9871]: 62C4F139221: removed

Here is my postconf:

INTERNAL_USERS = check_sender_access hash:$config_directory/internal_users, reject
alias_database = hash:$config_directory/aliases
alias_maps = hash:$config_directory/aliases
alternate_config_directories = /etc/postfix-amazon, /etc/postfix-in
append_at_myorigin = yes
append_dot_mydomain = yes
biff = no
canonical_maps = hash:$config_directory/canonical
command_directory = /usr/sbin
config_directory = .
daemon_directory = /usr/lib/postfix
data_directory = /var/spool/postfix-amazon/var/run
default_privs = nobody
empty_address_recipient = MAILER-DAEMON
header_checks = regexp:$config_directory/header_checks.dat
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = localhost, falcon
inet_protocols = ipv4
local_maps = hash:$config_directory/local
local_recipient_maps = $alias_maps $local_maps
mail_name = Falcon mail server
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 20480000
mydestination = $config_directory/local_destinations.dat
mydomain = myserver.com
myhostname = maila.myserver.com
mynetworks = $config_directory/mynetworks.dat
myorigin = maila.myserver.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix-amazon
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_delimiter = -
relayhost = email-smtp.us-east-1.amazonaws.com:25
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = regexp:$config_directory/sender_canonical.dat
sendmail_path = /usr/sbin/sendmail.posfix
setgid_group = maildrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix-amazon/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_restriction_classes = INTERNAL_USERS
syslog_facility = local3

My test e-mail address and server name were replaced with [hidden email] and myserver.com

Any help would be appreciated.

...don

support (at) MicroTechniques.com

Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Wietse Venema
System Support:
> Feb  3 14:00:45 Falcon postfix/qmgr[9871]: B7B19139238: from=<[hidden email]>, size=880, nrcpt=1 (queue active)
> Feb  3 14:00:46 Falcon postfix/smtp[10513]: B7B19139238: to=<[hidden email]>, relay=email-smtp.us-east-1.amazonaws.com[184.73.222.29]:25, delay=0.88, delays=0.03/0.03/0.7/0.12, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[184.73.222.29] said: 554 Transaction failed: Missing final '@domain' (in reply to end of DATA command))

You need to find out why the amazonaws.com server rejects mail from
[hidden email] to [hidden email].

I suspect that you can get the same result without using the mailing list,
by using the comand:

    echo To: [hidden email] | /usr/sbin/sendmail -f [hidden email] [hidden email]

> Feb  3 14:00:46 Falcon postfix/qmgr[9871]: E324413923C: from=<>, size=2967, nrcpt=1 (queue active)
> Feb  3 14:00:47 Falcon postfix/smtp[10513]: E324413923C: to=<[hidden email]>, relay=email-smtp.us-east-1.amazonaws.com[54.243.69.182]:25, delay=0.61, delays=0.04/0/0.56/0.01, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[54.243.69.182] said: 501 Invalid MAIL FROM address provided (in reply to MAIL FROM command))

The Internet SMTP mail standard (RFC 5321) requires that non-delivery
notifications have the null sender address.  You need to find out
why the amazonaws.com server rejects such email.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Wietse Venema
In reply to this post by System Support
System Support:
> Feb  3 14:00:45 Falcon postfix/cleanup[10511]: A450A139221: message-id=<[hidden email]>
> Feb  3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221: from=<[hidden email]>, size=717, nrcpt=1 (queue active)
> Feb  3 14:00:45 Falcon postfix/local[10512]: A450A139221: to=<[hidden email]>, orig_to=<WPNY>, relay=local, delay=0.12, delays=0.08/0.01/0/0.03, dsn=2.0.0, status=sent (forwarded as B7B19139238)

Viktor drew my attention to the "orig_to=<WPNY>" part of the logging.

This looks like a bug that I fixed last October (change date:
20141024).  

Your list manager is configured to send mail to "WPNY" (no domain).

If you could change this to send mail to "[hidden email]",
then that could take care of the "missing @domain" problem.

On the other hand, if the problem is with missing domains in the
email message content, that will have to be fixed at the source.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Viktor Dukhovni
On Tue, Feb 03, 2015 at 03:45:21PM -0500, Wietse Venema wrote:

> System Support:
> > Feb  3 14:00:45 Falcon postfix/cleanup[10511]: A450A139221: message-id=<[hidden email]>
> > Feb  3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221: from=<[hidden email]>, size=717, nrcpt=1 (queue active)
> > Feb  3 14:00:45 Falcon postfix/local[10512]: A450A139221: to=<[hidden email]>, orig_to=<WPNY>, relay=local, delay=0.12, delays=0.08/0.01/0/0.03, dsn=2.0.0, status=sent (forwarded as B7B19139238)
>
> Viktor drew my attention to the "orig_to=<WPNY>" part of the logging.
>
> This looks like a bug that I fixed last October (change date:
> 20141024).  
>
> Your list manager is configured to send mail to "WPNY" (no domain).
>
> If you could change this to send mail to "[hidden email]",
> then that could take care of the "missing @domain" problem.
>
> On the other hand, if the problem is with missing domains in the
> email message content, that will have to be fixed at the source.

Perhaps making sure that the sending client matches

        $local_header_rewrite_clients

        http://www.postfix.org/postconf.5.html#local_header_rewrite_clients

might help, by qualifying the original input address with @$myorigin.

Something like:

    local_header_rewrite_clients = permit_mynetworks

or similar, might do the trick.  This would address unqualified
addresses in message headers, not sure how this interacts with DSN
"ORCPT".

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Wietse Venema
Viktor Dukhovni:

> On Tue, Feb 03, 2015 at 03:45:21PM -0500, Wietse Venema wrote:
>
> > System Support:
> > > Feb  3 14:00:45 Falcon postfix/cleanup[10511]: A450A139221: message-id=<[hidden email]>
> > > Feb  3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221: from=<[hidden email]>, size=717, nrcpt=1 (queue active)
> > > Feb  3 14:00:45 Falcon postfix/local[10512]: A450A139221: to=<[hidden email]>, orig_to=<WPNY>, relay=local, delay=0.12, delays=0.08/0.01/0/0.03, dsn=2.0.0, status=sent (forwarded as B7B19139238)
> >
> > Viktor drew my attention to the "orig_to=<WPNY>" part of the logging.
> >
> > This looks like a bug that I fixed last October (change date:
> > 20141024).  
> >
> > Your list manager is configured to send mail to "WPNY" (no domain).
> >
> > If you could change this to send mail to "[hidden email]",
> > then that could take care of the "missing @domain" problem.
> >
> > On the other hand, if the problem is with missing domains in the
> > email message content, that will have to be fixed at the source.
>
> Perhaps making sure that the sending client matches
>
> $local_header_rewrite_clients
>

No, it doesn't. orig_to is not subject to address rewriting.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

System Support
In reply to this post by Wietse Venema
Changinig from WPNY to [hidden email] did fix the problem.  I have not had to add
the domain in the past, but I was not relaying to Amazon, and Amazon does verify the source
address, and I guess that they require a fully qualified name.  And,  based on your other
response, I gather that it is not possible to have a rewrite rule to do this automatically.


On 3 Feb 2015 at 15:45, Wietse Venema wrote:

> System Support:
> > Feb  3 14:00:45 Falcon postfix/cleanup[10511]: A450A139221: message-id=<[hidden email]>
> > Feb  3 14:00:45 Falcon postfix/qmgr[9871]: A450A139221: from=<[hidden email]>, size=717, nrcpt=1 (queue active)
> > Feb  3 14:00:45 Falcon postfix/local[10512]: A450A139221: to=<[hidden email]>, orig_to=<WPNY>, relay=local, delay=0.12, delays=0.08/0.01/0/0.03, dsn=2.0.0, status=sent (forwarded as B7B19139238)
>
> Viktor drew my attention to the "orig_to=<WPNY>" part of the logging.
>
> This looks like a bug that I fixed last October (change date:
> 20141024).  
>
> Your list manager is configured to send mail to "WPNY" (no domain).
>
> If you could change this to send mail to "[hidden email]",
> then that could take care of the "missing @domain" problem.
>
> On the other hand, if the problem is with missing domains in the
> email message content, that will have to be fixed at the source.
>
> Wietse
>

...don

support (at) microtechniques.com

Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Wietse Venema
System Support:
> Changinig from WPNY to [hidden email] did fix the problem.
> I have not had to add the domain in the past, but I was not relaying
> to Amazon, and Amazon does verify the source
> address, and I guess that they require a fully qualified name.
> And,  based on your other response, I gather that it is not possible
> to have a rewrite rule to do this automatically.

Amazon was objecting to this SMTP command:

    RCPT TO:<[hidden email]> ORPT=rfc822;WPNY

That is, the problem was not with the recipient address, but with
the ORPT parameter for delivery status notifications.

The alternative would be to disable Postfix DSN support with:

/etc/postfix/main.cf:
    smtp_discard_ehlo_keywords = dsn, silent_discard

so that it would send:

    RCPT TO:<[hidden email]>

but that would be a blunt tool.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Viktor Dukhovni
In reply to this post by System Support
On Tue, Feb 03, 2015 at 04:13:23PM -0500, System Support wrote:

> Changinig from WPNY to [hidden email] did fix the problem.  I have not had to add
> the domain in the past, but I was not relaying to Amazon, and Amazon does verify the source
> address, and I guess that they require a fully qualified name.  And,  based on your other
> response, I gather that it is not possible to have a rewrite rule to do this automatically.

That depends on whether Amazon is objecting to "ORCPT" or message
headers.  If you want to definitively know what the problem is,
you'd have to test with messages carefully crafted to have just
the "To:" header or just the "RCPT TO" envelope address unqualified.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Wietse Venema
Viktor Dukhovni:

> On Tue, Feb 03, 2015 at 04:13:23PM -0500, System Support wrote:
>
> > Changinig from WPNY to [hidden email] did fix the problem.  I have not had to add
> > the domain in the past, but I was not relaying to Amazon, and Amazon does verify the source
> > address, and I guess that they require a fully qualified name.  And,  based on your other
> > response, I gather that it is not possible to have a rewrite rule to do this automatically.
>
> That depends on whether Amazon is objecting to "ORCPT" or message
> headers.  If you want to definitively know what the problem is,
> you'd have to test with messages carefully crafted to have just
> the "To:" header or just the "RCPT TO" envelope address unqualified.

Postfix will rewrite the To: header. He has append_at_myorigin=yes.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Errors with mailing list expansion

System Support
In reply to this post by Wietse Venema
Thanks.  I do not see the ORPT option in my log.  Is it implied by one of the other entries?

As far as the 'blunt tool',  all of the mail processed by this instance will be relayed to Amazon.  
What are the disadvantages of the smtp_discard_ehlo_keywords that you suggested in that
case?


On 3 Feb 2015 at 16:41, Wietse Venema wrote:

> System Support:
> > Changinig from WPNY to [hidden email] did fix the problem.
> > I have not had to add the domain in the past, but I was not relaying
> > to Amazon, and Amazon does verify the source
> > address, and I guess that they require a fully qualified name.
> > And,  based on your other response, I gather that it is not possible
> > to have a rewrite rule to do this automatically.
>
> Amazon was objecting to this SMTP command:
>
>     RCPT TO:<[hidden email]> ORPT=rfc822;WPNY
>
> That is, the problem was not with the recipient address, but with
> the ORPT parameter for delivery status notifications.
>
> The alternative would be to disable Postfix DSN support with:
>
> /etc/postfix/main.cf:
>     smtp_discard_ehlo_keywords = dsn, silent_discard
>
> so that it would send:
>
>     RCPT TO:<[hidden email]>
>
> but that would be a blunt tool.
>
> Wietse
>

...don

support (at) microtechniques.com

Reply | Threaded
Open this post in threaded view
|

Re: Errors with mailing list expansion

Viktor Dukhovni
On Tue, Feb 03, 2015 at 05:28:24PM -0500, System Support wrote:

> As far as the 'blunt tool',  all of the mail processed by this instance will be relayed to Amazon.  
> What are the disadvantages of the smtp_discard_ehlo_keywords that you suggested in that
> case?

I generally disable DNS at border MTAs.  Mail leaving my organization
sends any success DSN notices as soon as the message is handed off
to the responsible MX host.  Mail coming in has the DSN notices
sent by the remote MTA.

So this can be a reasonable setting.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Errors with mailing list expansion

Wietse Venema
In reply to this post by System Support
System Support:
> Thanks.  I do not see the ORPT option in my log.  Is it implied
> by one of the other entries?

Postfix normally does not log SMTP commands. That would be alot of logging.

> As far as the 'blunt tool',  all of the mail processed by this
> instance will be relayed to Amazon.  What are the disadvantages
> of the smtp_discard_ehlo_keywords that you suggested in that
> case?

You don't have to use it. Leave it alone.

        Wietse

>
> On 3 Feb 2015 at 16:41, Wietse Venema wrote:
>
> > System Support:
> > > Changinig from WPNY to [hidden email] did fix the problem.
> > > I have not had to add the domain in the past, but I was not relaying
> > > to Amazon, and Amazon does verify the source
> > > address, and I guess that they require a fully qualified name.
> > > And,  based on your other response, I gather that it is not possible
> > > to have a rewrite rule to do this automatically.
> >
> > Amazon was objecting to this SMTP command:
> >
> >     RCPT TO:<[hidden email]> ORPT=rfc822;WPNY
> >
> > That is, the problem was not with the recipient address, but with
> > the ORPT parameter for delivery status notifications.
> >
> > The alternative would be to disable Postfix DSN support with:
> >
> > /etc/postfix/main.cf:
> >     smtp_discard_ehlo_keywords = dsn, silent_discard
> >
> > so that it would send:
> >
> >     RCPT TO:<[hidden email]>
> >
> > but that would be a blunt tool.
> >
> > Wietse
> >
>
> ...don
>
> support (at) microtechniques.com
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Viktor Dukhovni
In reply to this post by Wietse Venema
On Tue, Feb 03, 2015 at 04:51:21PM -0500, Wietse Venema wrote:

> > That depends on whether Amazon is objecting to "ORCPT" or message
> > headers.  If you want to definitively know what the problem is,
> > you'd have to test with messages carefully crafted to have just
> > the "To:" header or just the "RCPT TO" envelope address unqualified.
>
> Postfix will rewrite the To: header. He has append_at_myorigin=yes.

Even if the client is "remote" (no match in local_header_rewrite_clients)?

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Wietse Venema
Viktor Dukhovni:

> On Tue, Feb 03, 2015 at 04:51:21PM -0500, Wietse Venema wrote:
>
> > > That depends on whether Amazon is objecting to "ORCPT" or message
> > > headers.  If you want to definitively know what the problem is,
> > > you'd have to test with messages carefully crafted to have just
> > > the "To:" header or just the "RCPT TO" envelope address unqualified.
> >
> > Postfix will rewrite the To: header. He has append_at_myorigin=yes.
>
> Even if the client is "remote" (no match in local_header_rewrite_clients)?

So your idea is the SMTP client sent "RCPT TO:<WPNY>" and "To: WPNY"?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Erros with mailing list expansion

Viktor Dukhovni
On Tue, Feb 03, 2015 at 07:23:09PM -0500, Wietse Venema wrote:

> > > Postfix will rewrite the To: header. He has append_at_myorigin=yes.
> >
> > Even if the client is "remote" (no match in local_header_rewrite_clients)?
>
> So your idea is the SMTP client sent "RCPT TO:<WPNY>" and "To: WPNY"?

Yes, and I don't which caused the problem.

--
        Viktor.