Postfix doesn't like "-" at the start of a mail address.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Postfix doesn't like "-" at the start of a mail address.

Jose Ildefonso Camargo Tolosa
Hi!

I'm installing postfix, and some of our old users (these were on M$
Exchange) have a format like this: -[hidden email] .....
postfix refues to deliver and leave this:

status=bounced (bad address syntax)

in the log file, and the sender receives a bounce.

I checked: rfc3696 and rfc2821 , and I don't see why is the "-" at the
beginning of the address an invalid character, the only invalid at the
start is ".".

Any ideas?

Ildefonso Camargo
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix doesn't like "-" at the start of a mail address.

Ralf Hildebrandt
* Jose Ildefonso Camargo Tolosa <[hidden email]>:
> Hi!
>
> I'm installing postfix, and some of our old users (these were on M$
> Exchange) have a format like this: -[hidden email] .....
> postfix refues to deliver and leave this:
>
> status=bounced (bad address syntax)

allow_min_user = yes

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
"As soon as we started programming, we found out to our surprise that
it wasn't as easy to get programs right as we had thought. Debugging had
to be discovered. I can remember the exact instant when I realized that
a large part of my life from then on was going to be spent in finding
mistakes in my own programs."-Maurice Wilkes
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix doesn't like "-" at the start of a mail address.

Victor Duchovni
On Tue, May 20, 2008 at 07:10:55PM +0200, Ralf Hildebrandt wrote:

> * Jose Ildefonso Camargo Tolosa <[hidden email]>:
> > Hi!
> >
> > I'm installing postfix, and some of our old users (these were on M$
> > Exchange) have a format like this: -[hidden email] .....
> > postfix refues to deliver and leave this:
> >
> > status=bounced (bad address syntax)
>
> allow_min_user = yes

Which is a band-aid, because the rest of the world would have to do
the same, and we saw just today that many systems would be vulnerable
if they did. So while the band-aid should be applied temporarily, with
all haste the users should be given new email addresses that avoid this
problem.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

resolv.conf

Bahadir Tonguc / Supramar
dear friends,

in my resolv.conf file, it is shown;

search domain.com
nameserver 192.168.1.1
++

However I usually have below error returned

Host or domain name not found. Name service error for
    name=domain.com type=MX: Host not found, try again
++

Is that normal or should I manually edit the file, writing i.e. my ISP's
nameservers ??

Thanks
Bahadir


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix doesn't like "-" at the start of a mail address.

Jose Ildefonso Camargo Tolosa
In reply to this post by Victor Duchovni
Hi!

Thank you both for your answers, really.


On 5/20/08, Victor Duchovni <[hidden email]> wrote:

> On Tue, May 20, 2008 at 07:10:55PM +0200, Ralf Hildebrandt wrote:
>
>  > * Jose Ildefonso Camargo Tolosa <[hidden email]>:
>  > > Hi!
>  > >
>  > > I'm installing postfix, and some of our old users (these were on M$
>  > > Exchange) have a format like this: -[hidden email] .....
>  > > postfix refues to deliver and leave this:
>  > >
>  > > status=bounced (bad address syntax)
>  >
>  > allow_min_user = yes

Yup, it works :) .

>
>
> Which is a band-aid, because the rest of the world would have to do
>  the same, and we saw just today that many systems would be vulnerable
>  if they did. So while the band-aid should be applied temporarily, with
>  all haste the users should be given new email addresses that avoid this
>  problem.

I see what problem you are talking about, but..... why should postfix
add a patch to prevent *other* software from breaking?..... there can
still be some addresses in the world which have "-" as the first
character, because other mail servers allow them!, but I can't send or
receive mail from these without this option (at least there is an
option, which is good).

>
>  --
>         Viktor.
>
>  Disclaimer: off-list followups get on-list replies or get ignored.
>  Please do not ignore the "Reply-To" header.
>
>  To unsubscribe from the postfix-users list, visit
>  http://www.postfix.org/lists.html or click the link below:
>  <mailto:[hidden email]?body=unsubscribe%20postfix-users>
>
>  If my response solves your problem, the best way to thank me is to not
>  send an "it worked, thanks" follow-up. If you must respond, please put
>  "It worked, thanks" in the "Subject" so I can delete these quickly.
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

spf record

Bahadir Tonguc / Supramar
My ISP has mx records for its own and also for my office server

Office = mail.domain.com = static IP
ISP = mail2.domain.com = ISP's IP

So I dont run DNS server at the office but only smtp server.
It seems we have done some wrong with spf records. Is below okay ?

For mail.domain.com TXT record :
"v=spf1 ip4:xx.xxx.xxx.x   a:mail.domain.com -all"

Thanks
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Postfix doesn't like "-" at the start of a mail address.

Victor Duchovni
In reply to this post by Jose Ildefonso Camargo Tolosa
On Tue, May 20, 2008 at 03:46:47PM -0430, Jose Ildefonso Camargo Tolosa wrote:

> > Which is a band-aid, because the rest of the world would have to do
> >  the same, and we saw just today that many systems would be vulnerable
> >  if they did. So while the band-aid should be applied temporarily, with
> >  all haste the users should be given new email addresses that avoid this
> >  problem.
>
> I see what problem you are talking about, but..... why should postfix
> add a patch to prevent *other* software from breaking?

Not other software, Postfix systems operated by naive administrators at
other Postfix sites. There are plenty of those, and Postfix protects
them from their folly, because the error in question is too easy to
make.

> ..... there can
> still be some addresses in the world which have "-" as the first
> character, because other mail servers allow them!, but I can't send or
> receive mail from these without this option (at least there is an
> option, which is good).

Change all such email addresses on your side to not start with "-".
Then these users will be able to send/receive email from other Postfix
systems. Just changing your side only solves a fraction of the problem.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spf record

Arturo 'Buanzo' Busleiman
In reply to this post by Bahadir Tonguc / Supramar
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Bahadir Tonguc / Supramar wrote:
| My ISP has mx records for its own and also for my office server
[...]
| It seems we have done some wrong with spf records. Is below okay ?

If the MX records are the only servers who are supposed to send eMail as domain.com, then this spf
records suffices:
"v=spf1 mx -all"

No need to be redundant. But it's usually better if you provide a real domain name instead of
"domain.com".

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIMzeeAlpOsGhXcE0RCpcsAJ97g5SwYkLOX+mr6AqDdlLUXPGCogCfYAGA
I6ZHIo2AGKbdNKwaOuspEhA=
=g4AP
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: resolv.conf

Kevin-58
In reply to this post by Bahadir Tonguc / Supramar
On Tue, May 20, 2008 at 12:23 PM, Bahadir Tonguc / Supramar
<[hidden email]> wrote:
> dear friends,
>
> in my resolv.conf file, it is shown;
>
> search domain.com
> nameserver 192.168.1.1
> ++
Try adding:

                 lookup file bind

to the top of your file.



> However I usually have below error returned
>
> Host or domain name not found. Name service error for
>    name=domain.com type=MX: Host not found, try again
> ++
>
> Is that normal or should I manually edit the file, writing i.e. my ISP's
> nameservers ??
>
> Thanks
> Bahadir
>
>
>

Kevin




--
http://www.alliedquotes.com :
Health Insurance Quotes for
Individuals, Groups & Small Business
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: resolv.conf

Andrew Ho
Kevin wrote:

> On Tue, May 20, 2008 at 12:23 PM, Bahadir Tonguc / Supramar
> <[hidden email]> wrote:
>  
>> dear friends,
>>
>> in my resolv.conf file, it is shown;
>>
>> search domain.com
>> nameserver 192.168.1.1
>> ++
>>    
> Try adding:
>
>                  lookup file bind
>
> to the top of your file.
>
>
>  
What are those two "+" in the /etc/resolv.conf?


>  
>> However I usually have below error returned
>>
>> Host or domain name not found. Name service error for
>>    name=domain.com type=MX: Host not found, try again
>> ++
>>
>> Is that normal or should I manually edit the file, writing i.e. my ISP's
>> nameservers ??
>>
>> Thanks
>> Bahadir
>>
>>
>>
>>    
>
> Kevin
>
>
>
>
>  

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spf record

Scott Kitterman-4
In reply to this post by Bahadir Tonguc / Supramar
> My ISP has mx records for its own and also for my office server
>
> Office = mail.domain.com = static IP
> ISP = mail2.domain.com = ISP's IP
>
> So I dont run DNS server at the office but only smtp server.
> It seems we have done some wrong with spf records. Is below okay ?
>
> For mail.domain.com TXT record :
> "v=spf1 ip4:xx.xxx.xxx.x   a:mail.domain.com -all"
>
This is rather off topic for the Postfix list.  I would suggest that if
you try the spf-help mailing list, there are a number of people there
willing to help with such questions with good knowledge of the topic.  For
subscription information, see:

http://www.openspf.org/Forums

Scott K
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: resolv.conf

Olivier Nicole
In reply to this post by Bahadir Tonguc / Supramar
Hi,

> in my resolv.conf file, it is shown;
>
> search domain.com
> nameserver 192.168.1.1
> ++
>
> However I usually have below error returned
>
> Host or domain name not found. Name service error for
>     name=domain.com type=MX: Host not found, try again

This is a DNS issue, not a postfix issue.

In the definition of the zone for domain.com, there should be one
reccord saying what is the MX (Mail eXchange) to use for that domain.

Any SMTP server will need that information to send any mail
@domain.com (some SMTP servers may try to send the message to the IP
address found for domain.com, if such an IP address exists and the MX
is missing).

Of course the MX reccord must correspond to the name of a valid
machine, that is running an SMTP server.

On most Unixes, the command:

dig domain.com mx

will give you the MX reccord if it exists.

Bests,

Olivier
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spf record

mouss-2
In reply to this post by Bahadir Tonguc / Supramar
Bahadir Tonguc / Supramar wrote:

> My ISP has mx records for its own and also for my office server
>
> Office = mail.domain.com = static IP
> ISP = mail2.domain.com = ISP's IP
>
> So I dont run DNS server at the office but only smtp server.
> It seems we have done some wrong with spf records. Is below okay ?
>
> For mail.domain.com TXT record :
> "v=spf1 ip4:xx.xxx.xxx.x   a:mail.domain.com -all"
>
> Thanks
>  

Please do not hijack threads. when you ask a new question, do not reply
to an unrelated message. use the "compose" button instead.


If you want to set an SPF record for your domain, you need to know all
the IPs that may send your mail. If you relay via your ISP, you need to
know the list of IPs of the outgoing servers of your ISP. For that, you
need to ask your ISP.


Loading...