Problem with recipient verification

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with recipient verification

Jeremy Bowen-5
Hi

I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d
appended below)

I have a small server handling 5 domains and I'm having trouble with one of my virtual domains
wrt recipient verification.

Mail to 4 of the domains behaves correctly and is either accepted if the email address exists
or is rejected with a "550 Mailbox unknown".

The other domain (just added) attempts to connect to my ISP (relayhost) and rejects with a:
450 4.1.1 <[hidden email]>: Recipient address rejected: unverified address: connect to
AAAAA.net.nz[XXX.XX.242.10]:24: Connection refused
(see /var/log/mail excerpt below)

Fair enough that this is being refused, but why is postfix probing my relayhost ? It should be
verifying the address locally like it does with all the other domains. I've read the ADDRESS
VERIFICATION README file but I cannot figure out why this one domain is behaving differently to
all the others.

Each domain is listed identically in my /etc/postfix/vdomains file on a line by itself.
(I've also tried with hash:/etc/postfix/vdomains and adding an OK to the end and postmap'ing
the vdomains file + reload, to no effect.)

I'm running with Cyrus IMAP and using essentially the: "Non-Postfix mailbox store: separate
domains, non-UNIX accounts" configuration from the VIRTUAL README.

Any assistance would be appreciated. Thanks



============= /var/log/mail===========================================
Nov 15 21:33:31 aeryn postfix/cleanup[1566]: 67AFAD0621: message-
id=<[hidden email]>
Nov 15 21:33:31 aeryn postfix/qmgr[1425]: 67AFAD0621: from=<[hidden email]>,
size=266, nrcpt=1 (queue active)
Nov 15 21:33:31 aeryn postfix/lmtp[1568]: 67AFAD0621: to=<[hidden email]>,
orig_to=<[hidden email]>, relay=aeryn.AAAAAAA.AA[/var/lib/imap/socket/lmtp], del
ay=0.3, delays=0.01/0.04/0.22/0.04, dsn=2.1.5, status=deliverable (250 2.1.5 ok)
Nov 15 21:33:31 aeryn postfix/qmgr[1425]: 67AFAD0621: removed
Nov 15 21:33:31 aeryn postfix/smtpd[1543]: NOQUEUE: reject: RCPT from unknown[DDD.DDD.157.227]:
450 4.1.1 <[hidden email]>: Recipient address rejected: unverified
 address: connect to myisp.net.nz[DDD.DD.242.10]:24: Connection refused;
from=<[hidden email]> to=<[hidden email]> proto=SMTP helo=<AAAAAAAA.co.nz>
Nov 15 21:33:48 aeryn postfix/master[1110]: terminating on signal 15





=========postconf -n=============================
address_verify_map = btree:/var/lib/postfix/verify                                                                            
alias_maps = hash:/etc/aliases                                                                                                
broken_sasl_auth_clients = yes                                                                                                
canonical_maps = hash:/etc/postfix/canonical                                                                                  
command_directory = /usr/sbin                                                                                                
config_directory = /etc/postfix                                                                                              
content_filter = smtp-amavis:[127.0.0.1]:10028                                                                                
daemon_directory = /usr/lib/postfix                                                                                          
data_directory = /var/lib/postfix                                                                                            
debug_peer_level = 2                                                                                                          
defer_transports =                                                                                                            
disable_dns_lookups = no                                                                                                      
disable_vrfy_command = yes                                                                                                    
header_checks = regexp:/etc/postfix/header_checks                                                                            
html_directory = no                                                                                                          
local_destination_concurrency_limit = 5                                                                                      
local_destination_recipient_limit = 300                                                                                      
local_recipient_maps =                                                                                                        
mail_owner = postfix                                                                                                          
mail_spool_directory = /var/mail                                                                                              
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp                                                                      
mailq_path = /usr/bin/mailq                                                                                                  
manpage_directory = /usr/share/man                                                                                            
masquerade_classes = envelope_sender, header_sender, header_recipient                                                        
masquerade_exceptions = root                                                                                                  
mydestination = $myhostname, localhost.$mydomain, $mydomain                                                                  
mynetworks = 192.168.0.0/16, 127.0.0.0/8                                                                                      
myorigin = $mydomain                                                                                                          
newaliases_path = /usr/sbin/sendmail                                                                                          
proxy_interfaces = DD.DDD.129.240                                                                                            
queue_directory = /var/spool/postfix                                                                                          
readme_directory = /usr/share/doc/packages/postfix/README_FILES                                                              
relay_domains = /etc/postfix/mxbackups
relayhost = [AAAAA.net.nz]
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_helo_name = smtp.smartpoint.co.nz
smtp_tls_cert_file = /etc/postfix/newcert.pem
smtp_tls_key_file = /etc/postfix/newreq.pem
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,        permit_sasl_authenticated,        
reject_invalid_helo_hostname,        reject_non_fqdn_hostname,        permit
smtpd_proxy_ehlo = $myorigin
smtpd_recipient_restrictions = permit_mynetworks,        reject_unauth_pipelining,        
permit_sasl_authenticated,        reject_unauth_destination,        reject_non_fqdn_sender,        
reject_non_fqdn_recipient,        reject_unknown_sender_domain,        
reject_unknown_recipient_domain,      reject_unverified_recipient,        check_helo_access
hash:/etc/postfix/helo_access,        reject_rbl_client sbl.spamhaus.org,        
reject_rbl_client bl.spamcop.net,        permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = aeryn
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/random
transport_maps = hash:/etc/postfix/transport
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Eero Volotinen-2
Jeremy Bowen wrote:
> Hi
>
> I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d
> appended below)
>
> I have a small server handling 5 domains and I'm having trouble with one of my virtual domains
> wrt recipient verification.

Why you even use address verification, if all users are on local machine?


--
Eero
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Jeremy Bowen-5
Eero Volotinen wrote:
> Jeremy Bowen wrote:
>> Hi
>>
>> I'm running Postfix v2.5.6 which I compiled myself from unmodified
>> sources. (postconf -d appended below)
>>
>> I have a small server handling 5 domains and I'm having trouble with
>> one of my virtual domains wrt recipient verification.
> Why you even use address verification, if all users are on local machine?
Sorry, I forgot to mention that one domain is used for a few mailing
lists handled by a mailman installation running on a separate server.
This is handled by an entry in the transport file.

Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Eero Volotinen-2
Jeremy Bowen wrote:

> Eero Volotinen wrote:
>> Jeremy Bowen wrote:
>>> Hi
>>>
>>> I'm running Postfix v2.5.6 which I compiled myself from unmodified
>>> sources. (postconf -d appended below)
>>>
>>> I have a small server handling 5 domains and I'm having trouble with
>>> one of my virtual domains wrt recipient verification.
>> Why you even use address verification, if all users are on local machine?
> Sorry, I forgot to mention that one domain is used for a few mailing
> lists handled by a mailman installation running on a separate server.
> This is handled by an entry in the transport file.

Well, sounds like configuration problem? maybe you missed postmap the
transport file? Is that domain listed in my domains?

--
Eero
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Barney Desmond
In reply to this post by Jeremy Bowen-5
2009/11/15 Jeremy Bowen <[hidden email]>:
>>> I'm running Postfix v2.5.6 which I compiled myself from unmodified
>>> sources. (postconf -d appended below)

I don't seem to have the original for this, perhaps the thread got
broken somewhere, but gmail shouldn't have lost it. Anyway, you need
to post the output of `postconf -n` (settings that are non-default) -
read the help, it tells you that -d shows the defaults, which are
useless for diagnosis. I'm not sure where people get this from...

>>> I have a small server handling 5 domains and I'm having trouble with one
>>> of my virtual domains wrt recipient verification.
>>
>> Why you even use address verification, if all users are on local machine?
>
> Sorry, I forgot to mention that one domain is used for a few mailing lists
> handled by a mailman installation running on a separate server. This is
> handled by an entry in the transport file.

That sounds like that domain is a candidate for classification as a
relay_domain. Apologies if this has been mentioned before, but is that
how you've got it configured? If you don't change too many settings,
you generally already get recipient verification for designated
"local" domains.
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Jeremy Bowen-5


Barney Desmond wrote:
2009/11/15 Jeremy Bowen [hidden email]:
  
I'm running Postfix v2.5.6 which I compiled myself from unmodified
sources. (postconf -d appended below)
        

Anyway, you need to post the output of `postconf -n` (settings that are non-default) -
read the help, it tells you that -d shows the defaults, which are
useless for diagnosis. I'm not sure where people get this from...
  
Actually the output I posted was from postconf -n. The "-d" was a typo. Sorry for the confusion.

Sorry, I forgot to mention that one domain is used for a few mailing lists
handled by a mailman installation running on a separate server. This is
handled by an entry in the transport file.
    

That sounds like that domain is a candidate for classification as a
relay_domain. Apologies if this has been mentioned before, but is that
how you've got it configured? If you don't change too many settings,
you generally already get recipient verification for designated
"local" domains.
  
That part of the system isn't the problem and is working perfectly well. (Yes, it is a relay, handled in the transport file)

I have a prolem with the new domain I added to the server and it is this new domain which is doing verification probes to my ISP.


Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Eero Volotinen-2

> That part of the system isn't the problem and is working perfectly well.
> (Yes, it is a relay, handled in the transport file)
>
> I have a prolem with the new domain I added to the server and it is this
> new domain which is doing verification probes to my ISP.

So, you need to add that domain to mydestination= parameter?

--
Eero
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Jeremy Bowen-5
>> I have a prolem with the new domain I added to the server and it is this
>> new domain which is doing verification probes to my ISP.
>
>So, you need to add that domain to mydestination= parameter?

It's added to my vdomains file as per:
virtual_mailbox_domains = /etc/postfix/vdomains

(And Yes, I've done all the relevant "postmap" and "posfix reload"
commands)
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Wietse Venema
Jeremy Bowen:
> >> I have a prolem with the new domain I added to the server and it is this
> >> new domain which is doing verification probes to my ISP.
> >
> >So, you need to add that domain to mydestination= parameter?
>
> It's added to my vdomains file as per:
> virtual_mailbox_domains = /etc/postfix/vdomains

If you specify /etc/postfix/vdomains then postmap is not required,
and some parts of Postfix never find out that the file has changed
until "postfix reload".

postmap is required with, for example, hash:/etc/postfix/vdomains
instead of /etc/postfix/vdomains.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Eero Volotinen-2
In reply to this post by Jeremy Bowen-5
Jeremy Bowen wrote:

>>> I have a prolem with the new domain I added to the server and it is this
>>> new domain which is doing verification probes to my ISP.
>> So, you need to add that domain to mydestination= parameter?
>
> It's added to my vdomains file as per:
> virtual_mailbox_domains = /etc/postfix/vdomains
>
> (And Yes, I've done all the relevant "postmap" and "posfix reload"
> commands)
>

Well, I think it is not virtual domain, if it is relayed via smtp?

As you can see from documentation:

  virtual_mailbox_domains ($virtual_mailbox_maps)
               Postfix is final destination for the specified list
               of   domains;  mail  is  delivered  via  the  $vir-
               tual_transport mail delivery transport.

That domain is delivered via smtp, not via:

virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp

Maybe you just need to remove it from virtual_mailbox_maps and add it to
mydestination =



--
Eero
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Jeremy Bowen-5
In reply to this post by Wietse Venema
On 11/15/2009, "(Wietse Venema)" <[hidden email]> wrote:
>If you specify /etc/postfix/vdomains then postmap is not required,
>and some parts of Postfix never find out that the file has changed
>until "postfix reload".
>
>postmap is required with, for example, hash:/etc/postfix/vdomains
>instead of /etc/postfix/vdomains.

Thanks. Yes, I know this. I'm not a newbie. I was just trying to
pre-empt a
bunch of replies telling me I needed to remap/reload. I detailed this in
my
original post.

What is the logic behind where the verification probe is sent ? 4 out of 5
domains (all configured identically as far as I can tell) operate
correctly
and the probe seems to be handled locally. The other domain passes the
verification probe to my upstream (relayhost).

For the domain handling my mailing lists (relay[] entry in transport)
verification probes are sent correctly to the mailman server.
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Jeremy Bowen-5
In reply to this post by Eero Volotinen-2
On 11/15/2009, "Eero Volotinen" <[hidden email]> wrote:
>  virtual_mailbox_domains ($virtual_mailbox_maps)
>               Postfix is final destination for the specified list
>               of   domains;  mail  is  delivered  via  the  $vir-
>               tual_transport mail delivery transport.
>
>That domain is delivered via smtp, not via:

No. I think I've confused you with the different domains.
1) Mailing list domain is a relay domain. Behaves correctly. External
verify
2) Problem domain. Virtual domain. Locally handled. Verify via upstream.
3) Other domains. Virtual domains. Locally handled. Verify local.

>virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp

The problem domain is (should be) handled by lmtp.
Other identically configured domains are handled by lmtp and appear to be
doing verification correctly.

There is something different about one domain which causes it to send
verification upstream.
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Wietse Venema
In reply to this post by Jeremy Bowen-5
Jeremy Bowen:
> What is the logic behind where the verification probe is sent ?
> 4 out of 5 domains (all configured identically as far as I can
> tell) operate correctly and the probe seems to be handled locally.
> The other domain passes the verification probe to my upstream
> (relayhost).

You configured one domain in a different manner than the four domains.

To convince yourself, you could add a sixth domain (such as
"example.com") and see how Postfix tries to handle it.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Jeremy Bowen-5
On 11/15/2009, "(Wietse Venema)" <[hidden email]> wrote:
>You configured one domain in a different manner than the four domains.
>
>To convince yourself, you could add a sixth domain (such as
>"example.com") and see how Postfix tries to handle it.

OK, Just added example.com to /etc/postfix/vdomains.
Added
[hidden email] jeremy
to /etc/postfix/virtual

and
[hidden email] OK
to /etc/postfix/vmailbox

Ran postmap virtual, postmap vmailbox, postfix reload
Tested a message to [hidden email]
Accepted OK and delivered to my mailbox.

Tested a message to [hidden email] got a:
550 5.1.1 <[hidden email]>: Recipient address rejected: undeliverable
address:
in the SMTP conversation and a
"...[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown"
in my /var/log/mail

This seems to work as expected.

I really cannot explain what is going on here.
Reply | Threaded
Open this post in threaded view
|

Re: Problem with recipient verification

Jeremy Bowen-5
On 11/15/2009, "Jeremy Bowen" <[hidden email]> wrote:
>On 11/15/2009, "(Wietse Venema)" <[hidden email]> wrote:
>>You configured one domain in a different manner than the four domains.
>>
>>To convince yourself, you could add a sixth domain (such as
>>"example.com") and see how Postfix tries to handle it.
>
>OK, Just added example.com to /etc/postfix/vdomains.

[snip]

>I really cannot explain what is going on here.

No actually I can. I am an idiot.
Found the issue after grep'ing my /etc/postfix directory and diff'ing
the
example.com and problem domain occurrences.

Previously this domain was hosted on another server. I still had an old
entry in my transport file which was forwarding it. Doh!

Thanks for all the pointers.