Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

jean52
The closest thread I could find for this is almost 10 years old:
http://postfix.1071664.n5.nabble.com/Customize-configure-postfix-with-multiple-recipients-td45030.html#a45035From
that thread, my Postfix is somehow not handling the email properly as the
rejection done early on seems to result in setting the From to null / <> for
all other emails.I could reproduce every time  I am sending an email to a
list of contacts containing 1 invalid address (bad domain).Main email
providers respond differently to it:   - Googlemail blocks it and shouts
that "this message is not RFC 5322 compliant."  - Microsoft accepts the
email but it's empty.From the logs I see that the From header has been
removed even before it reached the opendkim / opendmarc milters.*If I send
the same email to all valid recipients, all is well.*Here are the logs after
sanitizing (hopefully still readable):Jul 23 09:44:35 myhost
postfix/smtpd[26369]: connect from
XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137]Jul 23 09:44:35 myhost
postfix/smtpd[26369]: Anonymous TLS connection established from
XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137]: TLSv1.2 with cipher
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)Jul 23 09:44:35 myhost
postfix/smtpd[26369]: CEC231003:
client=XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137], sasl_method=PLAIN,
sasl_username=[hidden email] 23 09:44:35 myhost
postfix/smtpd[26369]: CEC231003: reject: RCPT from
XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137]: 450 4.1.2
<[hidden email]>: *Recipient address rejected: Domain not found*;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<[XXX.XXX.XXX.119]>Jul 23 09:44:36 myhost postfix/cleanup[26374]:
CEC231003: message-id=<>Jul 23 09:44:36 myhost opendkim[32642]: *CEC231003:
can't determine message sender; accepting*Jul 23 09:44:36 myhost
opendmarc[619]: CEC231003: RFC5322 requirement error: missing From field;
acceptingJul 23 09:44:36 myhost postfix/qmgr[26269]: CEC231003:
from=<[hidden email]>, size=213, nrcpt=2 (queue active)Jul 23
09:44:36 myhost postfix/smtp[26375]: Untrusted TLS connection established to
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25: TLSv1.2 with cipher
ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)Jul 23 09:44:36 myhost
postfix/smtpd[26369]: disconnect from
XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137] ehlo=2 starttls=1 auth=1
mail=1 rcpt=2/3 data=1 quit=1 commands=9/10Jul 23 09:44:36 myhost
postfix/smtp[26375]: CEC231003: to=<[hidden email]>,
relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.99,
delays=0.4/0.01/0.16/0.43, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1
[2a01:4f8:10a:2493:b827:a8ff:fe4b:b71c      11] Our system has 550-5.7.1
detected that this message is not RFC 5322 compliant: 550-5.7.1 'From'
header is missing. 550-5.7.1 To reduce the amount of spam sent to Gmail,
this message has been 550-5.7.1 blocked. Please visit 550-5.7.1
https://support.google.com/mail/?p=RfcMessageNonCompliant 550 5.7.1 and
review RFC 5322 specifications for more information. y4si40902182wrr.356 -
gsmtp (in reply to end of DATA command))Jul 23 09:44:36 myhost
postfix/smtp[26375]: CEC231003: to=<[hidden email]>,
relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.99,
delays=0.4/0.01/0.16/0.43, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1
[2a01:4f8:10a:2493:b827:a8ff:fe4b:b71c      11] Our system has 550-5.7.1
detected that this message is not RFC 5322 compliant: 550-5.7.1 'From'
header is missing. 550-5.7.1 To reduce the amount of spam sent to Gmail,
this message has been 550-5.7.1 blocked. Please visit 550-5.7.1
https://support.google.com/mail/?p=RfcMessageNonCompliant 550 5.7.1 and
review RFC 5322 specifications for more information. y4si40902182wrr.356 -
gsmtp (in reply to end of DATA command))Jul 23 09:44:36 myhost
postfix/cleanup[26374]: CAA341B99:
message-id=<[hidden email]>Jul 23 09:44:36
myhost postfix/qmgr[26269]: CAA341B99: from=<>, size=4503, nrcpt=1 (queue
active)Jul 23 09:44:36 myhost postfix/bounce[26376]: CEC231003: sender
non-delivery notification: CAA341B99Jul 23 09:44:36 myhost
postfix/qmgr[26269]: CEC231003: removedJul 23 09:44:37 myhost
postfix/pipe[26377]: CAA341B99: to=<[hidden email]>, relay=dovecot,
delay=0.24, delays=0.12/0/0/0.12, dsn=2.0.0, status=sent (delivered via
dovecot service)Jul 23 09:44:37 myhost postfix/qmgr[26269]: CAA341B99:
removed



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

jean52
Reformatting:


The closest thread I could find for this is almost 10 years old:
http://postfix.1071664.n5.nabble.com/Customize-configure-postfix-with-multiple-recipients-td45030.html#a45035

From that thread, my Postfix is somehow not handling the email properly as the rejection done early on seems to result in setting the From to null / <> for all other emails.I could reproduce every time I am sending an email to a list of contacts containing 1 invalid address (bad domain).Main email providers respond differently to it:

- Googlemail blocks it and shouts that "this message is not RFC 5322 compliant."
- Microsoft accepts the email but it's empty.From the logs I see that the From header has been
removed even before it reached the opendkim / opendmarc milters.

If I send the same email to all valid recipients, all is well.

Here are the logs after
sanitizing (hopefully still readable):

https://paste.nomagic.uk/?64941d4ece0dd182#c6LDkCHhuAuAKy465IOo4zW6iQBdq6p0/q9s25hQ38g=



On 23 July 2019 11:56:56 BST, jean52 <[hidden email]> wrote:
The closest thread I could find for this is almost 10 years old:
http://postfix.1071664.n5.nabble.com/Customize-configure-postfix-with-multiple-recipients-td45030.html#a45035From
that thread, my Postfix is somehow not handling the email properly as the
rejection done early on seems to result in setting the From to null / <> for
all other emails.I could reproduce every time I am sending an email to a
list of contacts containing 1 invalid address (bad domain).Main email
providers respond differently to it: - Googlemail blocks it and shouts
that "this message is not RFC 5322 compliant." - Microsoft accepts the
email but it's empty.From the logs I see that the From header has been
removed even before it reached the opendkim / opendmarc milters.*If I send
the same email to all valid recipients, all is well.*Here are the logs after
sanitizing (hopefully still readable):Jul 23 09:44:35 myhost
postfix/smtpd[26369]: connect from
XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137]Jul 23 09:44:35 myhost
postfix/smtpd[26369]: Anonymous TLS connection established from
XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137]: TLSv1.2 with cipher
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)Jul 23 09:44:35 myhost
postfix/smtpd[26369]: CEC231003:
client=XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137], sasl_method=PLAIN,
sasl_username=[hidden email] 23 09:44:35 myhost
postfix/smtpd[26369]: CEC231003: reject: RCPT from
XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137]: 450 4.1.2
<[hidden email]>: *Recipient address rejected: Domain not found*;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<[XXX.XXX.XXX.119]>Jul 23 09:44:36 myhost postfix/cleanup[26374]:
CEC231003: message-id=<>Jul 23 09:44:36 myhost opendkim[32642]: *CEC231003:
can't determine message sender; accepting*Jul 23 09:44:36 myhost
opendmarc[619]: CEC231003: RFC5322 requirement error: missing From field;
acceptingJul 23 09:44:36 myhost postfix/qmgr[26269]: CEC231003:
from=<[hidden email]>, size=213, nrcpt=2 (queue active)Jul 23
09:44:36 myhost postfix/smtp[26375]: Untrusted TLS connection established to
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25: TLSv1.2 with cipher
ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)Jul 23 09:44:36 myhost
postfix/smtpd[26369]: disconnect from
XXX.XXX.XXX.137.threembb.co.uk[XXX.XXX.XXX.137] ehlo=2 starttls=1 auth=1
mail=1 rcpt=2/3 data=1 quit=1 commands=9/10Jul 23 09:44:36 myhost
postfix/smtp[26375]: CEC231003: to=<[hidden email]>,
relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.99,
delays=0.4/0.01/0.16/0.43, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1
[2a01:4f8:10a:2493:b827:a8ff:fe4b:b71c 11] Our system has 550-5.7.1
detected that this message is not RFC 5322 compliant: 550-5.7.1 'From'
header is missing. 550-5.7.1 To reduce the amount of spam sent to Gmail,
this message has been 550-5.7.1 blocked. Please visit 550-5.7.1
https://support.google.com/mail/?p=RfcMessageNonCompliant 550 5.7.1 and
review RFC 5322 specifications for more information. y4si40902182wrr.356 -
gsmtp (in reply to end of DATA command))Jul 23 09:44:36 myhost
postfix/smtp[26375]: CEC231003: to=<[hidden email]>,
relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.99,
delays=0.4/0.01/0.16/0.43, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1
[2a01:4f8:10a:2493:b827:a8ff:fe4b:b71c 11] Our system has 550-5.7.1
detected that this message is not RFC 5322 compliant: 550-5.7.1 'From'
header is missing. 550-5.7.1 To reduce the amount of spam sent to Gmail,
this message has been 550-5.7.1 blocked. Please visit 550-5.7.1
https://support.google.com/mail/?p=RfcMessageNonCompliant 550 5.7.1 and
review RFC 5322 specifications for more information. y4si40902182wrr.356 -
gsmtp (in reply to end of DATA command))Jul 23 09:44:36 myhost
postfix/cleanup[26374]: CAA341B99:
message-id=<[hidden email]>Jul 23 09:44:36
myhost postfix/qmgr[26269]: CAA341B99: from=<>, size=4503, nrcpt=1 (queue
active)Jul 23 09:44:36 myhost postfix/bounce[26376]: CEC231003: sender
non-delivery notification: CAA341B99Jul 23 09:44:36 myhost
postfix/qmgr[26269]: CEC231003: removedJul 23 09:44:37 myhost
postfix/pipe[26377]: CAA341B99: to=<[hidden email]>, relay=dovecot,
delay=0.24, delays=0.12/0/0/0.12, dsn=2.0.0, status=sent (delivered via
dovecot service)Jul 23 09:44:37 myhost postfix/qmgr[26269]: CAA341B99:
removed



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

Matus UHLAR - fantomas
On 23.07.19 13:27, Jean wrote:

>The closest thread I could find for this is almost 10 years old:
>http://postfix.1071664.n5.nabble.com/Customize-configure-postfix-with-multiple-recipients-td45030.html#a45035
>
>From that thread, my Postfix is somehow not handling the email properly as the rejection done early on seems to result in setting the From to null / <> for all other emails.I could reproduce every time I am sending an email to a list of contacts containing 1 invalid address (bad domain).Main email providers respond differently to it:
>
> - Googlemail blocks it and shouts that "this message is not RFC 5322 compliant."
>- Microsoft accepts the email but it's empty.From the logs I see that the From header has been
>removed even before it reached the opendkim / opendmarc milters.
>
>If I send the same email to all valid recipients, all is well.
>
>Here are the logs after
>sanitizing (hopefully still readable):
>
>https://paste.nomagic.uk/?64941d4ece0dd182#c6LDkCHhuAuAKy465IOo4zW6iQBdq6p0/q9s25hQ38g=

much better.

can you try to post the mail itself somewhere?
It seems that it's somehow broken. Maybe a empty line at the beginning, which causes all headers and the rest to be handled as body?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

jean52
The mail was not stored on the server nor in the queue, it would stay in my local outbox and try to resend periodically.

After disabling 'reject_unknown_recipient_domain' the new mails are being sent as expected, with a notification for the nonexisting domain and the rest delivered correctly.

I am doing additional testing and will report my findings. My guess is that this reject rule is not at the right place.

This is what currently works, though ideally I would like to reactivate the reject rule at some point.

smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
##reject_unknown_recipient_domain,
permit_mynetworks,
check_policy_service inet:localhost:10022,
permit_sasl_authenticated,
check_policy_service unix:private/policy-spf,
permit



On 23 July 2019 14:25:54 BST, Matus UHLAR - fantomas <[hidden email]> wrote:
On 23.07.19 13:27, Jean wrote:
The closest thread I could find for this is almost 10 years old:
http://postfix.1071664.n5.nabble.com/Customize-configure-postfix-with-multiple-recipients-td45030.html#a45035

From that thread, my Postfix is somehow not handling the email properly as the rejection done early on seems to result in setting the From to null / <> for all other emails.I could reproduce every time I am sending an email to a list of contacts containing 1 invalid address (bad domain).Main email providers respond differently to it:

- Googlemail blocks it and shouts that "this message is not RFC 5322 compliant."
- Microsoft accepts the email but it's empty.From the logs I see that the From header has been
removed even before it reached the opendkim / opendmarc milters.

If I send the same email to all valid recipients, all is well.

Here are the logs after
sanitizing (hopefully still readable):

https://paste.nomagic.uk/?64941d4ece0dd182#c6LDkCHhuAuAKy465IOo4zW6iQBdq6p0/q9s25hQ38g=

much better.

can you try to post the mail itself somewhere?
It seems that it's somehow broken. Maybe a empty line at the beginning, which causes all headers and the rest to be handled as body?
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

Matus UHLAR - fantomas
On 23.07.19 15:29, Jean wrote:
>The mail was not stored on the server nor in the queue, it would stay in my local outbox and try to resend periodically.

even better. Show us the source message you are trying to send.

>After disabling 'reject_unknown_recipient_domain' the new mails are being sent as expected, with a notification for the nonexisting domain and the rest delivered correctly.
>
>I am doing additional testing and will report my findings. My guess is that this reject rule is not at the right place.

this reject is fine. Even end-users should not send mail to nonexistent
addresses.

Note that the mail is reported as invalid by google and your mail server
complains:

Jul 23 09:44:36 myhost opendkim[32642]: <b>CEC231003: can't determine message sender; accepting</b>
Jul 23 09:44:36 myhost opendmarc[619]: CEC231003: RFC5322 requirement error: missing From field; accepting

Jul 23 09:44:36 myhost postfix/smtp[26375]: CEC231003: to=<[hidden email]>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.99, delays=0.4/0.01/0.16/0.43, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1 [2a01:4f8:10a:2493:b827:a8ff:fe4b:b71c      11] Our system has 550-5.7.1 detected that this message is not RFC 5322 compliant: 550-5.7.1 'From' header is missing. 550-5.7.1 To reduce the amount of spam sent to Gmail, this message has been 550-5.7.1 blocked. Please visit 550-5.7.1  https://support.google.com/mail/?p=RfcMessageNonCompliant 550 5.7.1 and review RFC 5322 specifications for more information. y4si40902182wrr.356 - gsmtp (in reply to end of DATA command))

so there's something very bad with it.

>
>This is what currently works, though ideally I would like to reactivate the reject rule at some point.
>
>smtpd_recipient_restrictions =
>        reject_unauth_pipelining,
>        reject_non_fqdn_recipient,
>        ##reject_unknown_recipient_domain,
>        permit_mynetworks,
>        check_policy_service inet:localhost:10022,
>        permit_sasl_authenticated,
>        check_policy_service unix:private/policy-spf,
>        permit
>
>
>
>On 23 July 2019 14:25:54 BST, Matus UHLAR - fantomas <[hidden email]> wrote:
>>On 23.07.19 13:27, Jean wrote:
>>>The closest thread I could find for this is almost 10 years old:
>>>http://postfix.1071664.n5.nabble.com/Customize-configure-postfix-with-multiple-recipients-td45030.html#a45035
>>>
>>>From that thread, my Postfix is somehow not handling the email
>>properly as the rejection done early on seems to result in setting the
>>From to null / <> for all other emails.I could reproduce every time I
>>am sending an email to a list of contacts containing 1 invalid address
>>(bad domain).Main email providers respond differently to it:
>>>
>>> - Googlemail blocks it and shouts that "this message is not RFC 5322
>>compliant."
>>>- Microsoft accepts the email but it's empty.From the logs I see that
>>the From header has been
>>>removed even before it reached the opendkim / opendmarc milters.
>>>
>>>If I send the same email to all valid recipients, all is well.
>>>
>>>Here are the logs after
>>>sanitizing (hopefully still readable):
>>>
>>>https://paste.nomagic.uk/?64941d4ece0dd182#c6LDkCHhuAuAKy465IOo4zW6iQBdq6p0/q9s25hQ38g=
>>
>>much better.
>>
>>can you try to post the mail itself somewhere?
>>It seems that it's somehow broken. Maybe a empty line at the beginning,
>>which causes all headers and the rest to be handled as body?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

jean52
The content of the email was really not a concern, I could reproduce will
emails containing a simple 'test' text in it.  

After further testing and trying from a different endpoint/platform, it
turns out I am not getting the same behaviour from all clients/MUA.

Re-enabling 'reject_unknown_recipient_domain', if I send another test email
from my webmail, I get a notification from the webmail that the email was
not sent due to a bad address. The email is not sent to anyone and I have to
edit/fix my list of recipients before being able to send the email.

If I test from K9-Mail on Android, I get the same error as yesterday, the
sending of the email is considered failed but stays in the Outbox, where it
keeps trying to send the email periodically, but with a header that is now
actually broken, missing several fields.

From one of the recipients'mail server I received a notification mentioning:

Missing required header field: "Date"
Missing required header field: "From"
MIME error: error: unexpected end of header

So, my guess is that the issue resides with K9-Mail way of handling the
reject server response, as it somehow mangles its own header.

Does that make sense?



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

Christos Chatzaras
Can you add this line to your main.cf and check if it solves the issue?

default_destination_recipient_limit = 1

> On 24 Jul 2019, at 15:22, jean52 <[hidden email]> wrote:
>
> The content of the email was really not a concern, I could reproduce will
> emails containing a simple 'test' text in it.  
>
> After further testing and trying from a different endpoint/platform, it
> turns out I am not getting the same behaviour from all clients/MUA.
>
> Re-enabling 'reject_unknown_recipient_domain', if I send another test email
> from my webmail, I get a notification from the webmail that the email was
> not sent due to a bad address. The email is not sent to anyone and I have to
> edit/fix my list of recipients before being able to send the email.
>
> If I test from K9-Mail on Android, I get the same error as yesterday, the
> sending of the email is considered failed but stays in the Outbox, where it
> keeps trying to send the email periodically, but with a header that is now
> actually broken, missing several fields.
>
> From one of the recipients'mail server I received a notification mentioning:
>
> Missing required header field: "Date"
> Missing required header field: "From"
> MIME error: error: unexpected end of header
>
> So, my guess is that the issue resides with K9-Mail way of handling the
> reject server response, as it somehow mangles its own header.
>
> Does that make sense?
>
>
>
> --
> Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

jean52
@Chistros I just tried, but that does not change this issue, still getting a
mangled/broken header, again showing early on in dkim/dmarc milters results
(= no changes):


Jul 24 15:31:24 postfix/smtpd[1758]: connect from
***.226.threembb.co.uk[***.226]
Jul 24 15:31:24 postfix/smtpd[1758]: Anonymous TLS connection established
from 92.40.249.226.threembb.co.uk[***.226]: TLSv1.2 with cipher
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jul 24 15:31:25 postfix/smtpd[1758]: 27584FA3:
client=***.226.threembb.co.uk[***.226], sasl_method=PLAIN,
sasl_username=p***@***.fr
Jul 24 15:31:25 postfix/smtpd[1758]: 27584FA3: reject: RCPT from
***.226.threembb.co.uk[***226]: 450 4.1.2 <[hidden email]>: Recipient
address rejected: Domain not found; from=<p***@***.fr> to=<nobody@gmail72
.com> proto=ESMTP helo=<[10.***]>

Jul 24 15:31:25 postfix/cleanup[1579]: 27584FA3: message-id=<>
Jul 24 15:31:25 opendkim[19808]: 27584FA3: can't determine message sender;
accepting
Jul 24 15:31:25 opendmarc[619]: 27584FA3: RFC5322 requirement error: missing
From field; accepting

Jul 24 15:31:25 postfix/qmgr[1457]: 27584FA3: from=<p***@***.fr>, size=34,
nrcpt=2 (queue active)
Jul 24 15:31:25 postfix/smtp[1663]: Untrusted TLS connection established to
gmail-smtp-in.l.google.com[2a00:1450:400c:c04::1b]:25: TLSv1.2 with cipher
ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)
Jul 24 15:31:25 postfix/smtpd[1758]: disconnect from
92.40.249.226.threembb.co.uk[92.40.249.226] ehlo=2 starttls=1 auth=1 mail=1
rcpt=2/3 data=1 quit=1 commands=9/10

Jul 24 15:31:25 dahlia postfix/smtp[1663]: 27584FA3: to=<j***@gmail.com>,
relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c04::1b]:25, delay=0.79,
delays=0.57/0/0.11/0.11, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c04::1b] said: 550-5.7.1
[2a01:4f8:10a:2493:b827:a8ff:fe4b:b71c      11] Our system has 550-5.7.1
detected that this message is not RFC 5322 compliant: 550-5.7.1 'From'
header is missing. 550-5.7.1 To reduce the amount of spam sent to Gmail,
this message has been 550-5.7.1 blocked. Please visit 550-5.7.1
https://support.google.com/mail/?p=RfcMessageNonCompliant 550 5.7.1 and
review RFC 5322 specifications for more information. 135si37543938wmb.130 -
gsmtp (in reply to end of DATA command))

However again, from the webmail the reject from Postfix results in full stop
until the recipients list is fixed by sender.

I'll test from Thunderbird tonight, but this looks like a K9-Mail issue
(using the stock version installed on /e/).



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

Wietse Venema
jean52:
> Jul 24 15:31:25 postfix/smtpd[1758]: 27584FA3:
> client=***.226.threembb.co.uk[***.226], sasl_method=PLAIN,
> sasl_username=p***@***.fr
> Jul 24 15:31:25 postfix/smtpd[1758]: 27584FA3: reject: RCPT from
> ***.226.threembb.co.uk[***226]: 450 4.1.2 <[hidden email]>: Recipient
> address rejected: Domain not found; from=<p***@***.fr> to=<nobody@gmail72
> .com> proto=ESMTP helo=<[10.***]>

You can avoid this by not rejecting unknown domains in mail from
an authenticated client.

Option 1: insert 'permit_sasl_authenticated' to the main.cf line that
blocks unknown recipient domains.

Option 2: exclude authenticated clients from things that block
unknown recipient domains:

In master.cf:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

In main.cf:
mua_client_restrictions =
mua_helo_restrictions =
mua_sender_restrictions =

And have clients send mail to port 587 (submission) or 465 (smtps) instead
of port 25.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

jean52
Yes, I reached the same conclusion, and used 'Option 1' eventually:

smtpd_recipient_restrictions =
  reject_unauth_pipelining,
  permit_sasl_authenticated,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  permit_mynetworks,
  check_policy_service inet:localhost:10022,
  check_policy_service unix:private/policy-spf,
  permit

My problem is 'fixed', though it's interesting to see that I could reproduce
only on K9-Mail. I tested on Sogo webmail and Thunderbird, both handle the
reject message properly and request you to fix it.

Testing with swaks, I can see the 450 returned by the server (reverting
workaround rules beforehand):
 ~> RCPT TO:<[hidden email]>
<~* 450 4.1.2 <[hidden email]>: Recipient address rejected: Domain not
found

But swaks handles it properly and the other recipients receive the email.

I'll keep the workaround, it'll make it K9 proofed for my users and won't
change much for others.

Thanks to all for your help.



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

Matus UHLAR - fantomas
On 24.07.19 10:37, jean52 wrote:

>Testing with swaks, I can see the 450 returned by the server (reverting
>workaround rules beforehand):
> ~> RCPT TO:<[hidden email]>
><~* 450 4.1.2 <[hidden email]>: Recipient address rejected: Domain not
>found
>
>But swaks handles it properly and the other recipients receive the email.
>
>I'll keep the workaround, it'll make it K9 proofed for my users and won't
>change much for others.

maybe sending bugreport is worth trying:
https://github.com/k9mail/k-9/issues

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
Reply | Threaded
Open this post in threaded view
|

Re: Sending to multiple recipients fails entirely if any of the RCPT is rejected (unknown domain)

jean52