Unverified Recipients

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Unverified Recipients

Software Info
Hi All
I am trying to set up Unverified Recipients on Postfix postfix-3.4.8,1 on FreeBSD. I configured a cache file for the unverified addresses. I reloaded postfix but I am not seeing any file in the location I specified in the address_verify_map parameter. I cannot seem to figure out why. Please note my relevant settings below. Any help would be appreciated.

#Verify Settings
address_verify_map = btree:/var/db/postfix/verify
unverified_recipient_reject_reason = Address lookup failure

smtpd_recipient_restrictions =
   reject_non_fqdn_recipient,
   reject_unknown_recipient_domain,
   check_client_access hash:/usr/local/etc/postfix/internal_networks,
   check_sender_access hash:/usr/local/etc/postfix/not_our_domain_as_sender,
   permit_mynetworks,
   reject_unauth_destination,
   reject_unknown_client_hostname,
   reject_unknown_reverse_client_hostname,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   reject_unverified_recipient,
   permit
Reply | Threaded
Open this post in threaded view
|

RE: Unverified Recipients

Software Info

Hi All

I finally found some information and I admit I am wondering how to get all the features I want working. I saw a response that suggested that recipient_restrictions will only work when the email goes through the smtpd daemon since the reject_unverified_recipient setting is found in the smtpd_recipient_restrictions. That does seem to make sense. I have mailman on the box and opendkim both working and I would love if I could also get recipient verification working. Not sure what else to do. Really would appreciate some assistance. Thanks in advance.

 

Regards

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Monday, December 2, 2019 5:55 PM
To: [hidden email]
Subject: Unverified Recipients

 

Hi All

I am trying to set up Unverified Recipients on Postfix postfix-3.4.8,1 on FreeBSD. I configured a cache file for the unverified addresses. I reloaded postfix but I am not seeing any file in the location I specified in the address_verify_map parameter. I cannot seem to figure out why. Please note my relevant settings below. Any help would be appreciated.

 

#Verify Settings
address_verify_map = btree:/var/db/postfix/verify
unverified_recipient_reject_reason = Address lookup failure

 

smtpd_recipient_restrictions =
   reject_non_fqdn_recipient,
   reject_unknown_recipient_domain,
   check_client_access hash:/usr/local/etc/postfix/internal_networks,
   check_sender_access hash:/usr/local/etc/postfix/not_our_domain_as_sender,
   permit_mynetworks,
   reject_unauth_destination,
   reject_unknown_client_hostname,
   reject_unknown_reverse_client_hostname,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   reject_unverified_recipient,
   permit

 

Reply | Threaded
Open this post in threaded view
|

Re: Unverified Recipients

Noel Jones-2
On 12/6/2019 10:27 AM, Peter Fraser wrote:

> Hi All
>
> I finally found some information and I admit I am wondering how to
> get all the features I want working. I saw a response that suggested
> that recipient_restrictions will only work when the email goes
> through the smtpd daemon since the *reject_unverified_recipient*
> setting is found in the *smtpd_recipient_restrictions*. That does
> seem to make sense. I have mailman on the box and opendkim both
> working and I would love if I could also get recipient verification
> working. Not sure what else to do. Really would appreciate some
> assistance. Thanks in advance.
>
> Regards
>
> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
> *From: *Software Info <mailto:[hidden email]>
> *Sent: *Monday, December 2, 2019 5:55 PM
> *To: *[hidden email] <mailto:[hidden email]>
> *Subject: *Unverified Recipients
>
> Hi All
>
> I am trying to set up Unverified Recipients on Postfix
> postfix-3.4.8,1 on FreeBSD. I configured a cache file for the
> unverified addresses. I reloaded postfix but I am not seeing any
> file in the location I specified in the address_verify_map
> parameter. I cannot seem to figure out why. Please note my relevant
> settings below. Any help would be appreciated.
>
> #Verify Settings
> address_verify_map = btree:/var/db/postfix/verify
> unverified_recipient_reject_reason = Address lookup failure
>
> smtpd_recipient_restrictions =
>     reject_non_fqdn_recipient,
>     reject_unknown_recipient_domain,

>     check_client_access hash:/usr/local/etc/postfix/internal_networks,

What does this map do?

>     check_sender_access
> hash:/usr/local/etc/postfix/not_our_domain_as_sender,

What does this map do?

>     permit_mynetworks,

Is all mail from $mynetworks? ie. no outside mail?


>     reject_unauth_destination,

Is there any mail left here? ie. did it all get rejected or
permitted by the above rules?


>     reject_unknown_client_hostname,

Careful; the above is a very strict rule and likely to reject legit
mail.

>     reject_unknown_reverse_client_hostname,
>     reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org>,
>     reject_rbl_client cbl.abuseat.org <http://cbl.abuseat.org>,
>     reject_rbl_client dul.dnsbl.sorbs.net <http://dul.dnsbl.sorbs.net>,

Please send plain text so the html markup doesn't bugger up the
message as above.

>     reject_unverified_recipient,

I'm guessing no mail makes it this far.

>     permit
>






   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Unverified Recipients

Software Info
Hi
Oh my, sorry about the html, my error.

To answer your questions
a) not_our_domain_as_sender has domains  - has send as domains that
are not allowed eg. example.com, test.com etc.
b) Yes, all mail comes from $mynetworks. It only handles outgoing email.
c) reject_unauth_destination - Most emails still make it past this rule.

Just a little more information:
This server runs mailman and only handles outgoing email. It has
opendkim running also as well as rate limiting to prevent being
blacklisted. For example, mail to yahoo is rate limited and in my
logs, I will see:
Dec  6 13:06:03 mail slow/smtp[77627]: 3179D139E76:
to=<[hidden email]>, relay=mta7.am0.yahoodns.net ...

Verify just doesn't get called, at least I don't see any reference to
it in the logs.

Regards
SI

On Fri, Dec 6, 2019 at 11:57 AM Noel Jones <[hidden email]> wrote:

>
> On 12/6/2019 10:27 AM, SI wrote:
> > Hi All
> >
> > I finally found some information and I admit I am wondering how to
> > get all the features I want working. I saw a response that suggested
> > that recipient_restrictions will only work when the email goes
> > through the smtpd daemon since the *reject_unverified_recipient*
> > setting is found in the *smtpd_recipient_restrictions*. That does
> > seem to make sense. I have mailman on the box and opendkim both
> > working and I would love if I could also get recipient verification
> > working. Not sure what else to do. Really would appreciate some
> > assistance. Thanks in advance.
> >
> > Regards
> >
> > Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
> > Windows 10
> >
> > *From: *Software Info <mailto:[hidden email]>
> > *Sent: *Monday, December 2, 2019 5:55 PM
> > *To: *[hidden email] <mailto:[hidden email]>
> > *Subject: *Unverified Recipients
> >
> > Hi All
> >
> > I am trying to set up Unverified Recipients on Postfix
> > postfix-3.4.8,1 on FreeBSD. I configured a cache file for the
> > unverified addresses. I reloaded postfix but I am not seeing any
> > file in the location I specified in the address_verify_map
> > parameter. I cannot seem to figure out why. Please note my relevant
> > settings below. Any help would be appreciated.
> >
> > #Verify Settings
> > address_verify_map = btree:/var/db/postfix/verify
> > unverified_recipient_reject_reason = Address lookup failure
> >
> > smtpd_recipient_restrictions =
> >     reject_non_fqdn_recipient,
> >     reject_unknown_recipient_domain,
>
> >     check_client_access hash:/usr/local/etc/postfix/internal_networks,
>
> What does this map do?
>
> >     check_sender_access
> > hash:/usr/local/etc/postfix/not_our_domain_as_sender,
>
> What does this map do?
>
> >     permit_mynetworks,
>
> Is all mail from $mynetworks? ie. no outside mail?
>
>
> >     reject_unauth_destination,
>
> Is there any mail left here? ie. did it all get rejected or
> permitted by the above rules?
>
>
> >     reject_unknown_client_hostname,
>
> Careful; the above is a very strict rule and likely to reject legit
> mail.
>
> >     reject_unknown_reverse_client_hostname,
> >     reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org>,
> >     reject_rbl_client cbl.abuseat.org <http://cbl.abuseat.org>,
> >     reject_rbl_client dul.dnsbl.sorbs.net <http://dul.dnsbl.sorbs.net>,
>
> Please send plain text so the html markup doesn't bugger up the
> message as above.
>
> >     reject_unverified_recipient,
>
> I'm guessing no mail makes it this far.
>
> >     permit
> >
>
>
>
>
>
>
>    -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Unverified Recipients

Noel Jones-2
On 12/6/2019 12:11 PM, Software Info wrote:
> Hi
> Oh my, sorry about the html, my error.
>
> To answer your questions
> a) not_our_domain_as_sender has domains  - has send as domains that
> are not allowed eg. example.com, test.com etc.
> b) Yes, all mail comes from $mynetworks. It only handles outgoing email.

There's your answer. If all mail originates in $mynetworks, no mail
gets past permit_mynetworks.

> c) reject_unauth_destination - Most emails still make it past this rule.
>
> Just a little more information:
> This server runs mailman and only handles outgoing email. It has
> opendkim running also as well as rate limiting to prevent being
> blacklisted. For example, mail to yahoo is rate limited and in my
> logs, I will see:
> Dec  6 13:06:03 mail slow/smtp[77627]: 3179D139E76:
> to=<[hidden email]>, relay=mta7.am0.yahoodns.net ...
>
> Verify just doesn't get called, at least I don't see any reference to
> it in the logs.

So you're trying to verify external recipients before you send mail
to them?  That seems kinda pointless; don't do that.

If you're trying to verify your mail list recipients, the mail list
software should handle that




   -- Noel Jones


>
> Regards
> SI
>
> On Fri, Dec 6, 2019 at 11:57 AM Noel Jones <[hidden email]> wrote:
>>
>> On 12/6/2019 10:27 AM, SI wrote:
>>> Hi All
>>>
>>> I finally found some information and I admit I am wondering how to
>>> get all the features I want working. I saw a response that suggested
>>> that recipient_restrictions will only work when the email goes
>>> through the smtpd daemon since the *reject_unverified_recipient*
>>> setting is found in the *smtpd_recipient_restrictions*. That does
>>> seem to make sense. I have mailman on the box and opendkim both
>>> working and I would love if I could also get recipient verification
>>> working. Not sure what else to do. Really would appreciate some
>>> assistance. Thanks in advance.
>>>
>>> Regards
>>>
>>> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
>>> Windows 10
>>>
>>> *From: *Software Info <mailto:[hidden email]>
>>> *Sent: *Monday, December 2, 2019 5:55 PM
>>> *To: *[hidden email] <mailto:[hidden email]>
>>> *Subject: *Unverified Recipients
>>>
>>> Hi All
>>>
>>> I am trying to set up Unverified Recipients on Postfix
>>> postfix-3.4.8,1 on FreeBSD. I configured a cache file for the
>>> unverified addresses. I reloaded postfix but I am not seeing any
>>> file in the location I specified in the address_verify_map
>>> parameter. I cannot seem to figure out why. Please note my relevant
>>> settings below. Any help would be appreciated.
>>>
>>> #Verify Settings
>>> address_verify_map = btree:/var/db/postfix/verify
>>> unverified_recipient_reject_reason = Address lookup failure
>>>
>>> smtpd_recipient_restrictions =
>>>      reject_non_fqdn_recipient,
>>>      reject_unknown_recipient_domain,
>>
>>>      check_client_access hash:/usr/local/etc/postfix/internal_networks,
>>
>> What does this map do?
>>
>>>      check_sender_access
>>> hash:/usr/local/etc/postfix/not_our_domain_as_sender,
>>
>> What does this map do?
>>
>>>      permit_mynetworks,
>>
>> Is all mail from $mynetworks? ie. no outside mail?
>>
>>
>>>      reject_unauth_destination,
>>
>> Is there any mail left here? ie. did it all get rejected or
>> permitted by the above rules?
>>
>>
>>>      reject_unknown_client_hostname,
>>
>> Careful; the above is a very strict rule and likely to reject legit
>> mail.
>>
>>>      reject_unknown_reverse_client_hostname,
>>>      reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org>,
>>>      reject_rbl_client cbl.abuseat.org <http://cbl.abuseat.org>,
>>>      reject_rbl_client dul.dnsbl.sorbs.net <http://dul.dnsbl.sorbs.net>,
>>
>> Please send plain text so the html markup doesn't bugger up the
>> message as above.
>>
>>>      reject_unverified_recipient,
>>
>> I'm guessing no mail makes it this far.
>>
>>>      permit
>>>
>>
>>
>>
>>
>>
>>
>>     -- Noel Jones