Why am I accepting this email?

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Why am I accepting this email?

D'Arcy Cain
The following is in my logs.  I have no server called nan.vex.net and no
user called aida.wanda.  I don't see anything in main.cf that looks like
a wild card entry.  Can anyone suggest why I would be accepting this
message in the first place?  I really don't want to back-scatter.

May 22 20:11:59 smaug postfix/smtpd[5457]: BBA8F3F9F1CA: client=mx-n07.wc1.phx1.stabletransit.com[207.246.241.253]
May 22 20:11:59 smaug postfix/cleanup[8796]: BBA8F3F9F1CA: message-id=<[hidden email]>
May 22 20:12:00 smaug postfix/qmgr[347]: BBA8F3F9F1CA: from=<[hidden email]>, size=22692, nrcpt=1 (queue active)
May 22 20:12:00 smaug postfix/smtp[9232]: BBA8F3F9F1CA: to=<[hidden email]>, relay=none, delay=0.34, delays=0.33/0.01/0/0, dsn=5.4.6, status=bounced (mail for nan.vex.net loops back to myself)
May 22 20:12:00 smaug postfix/bounce[3630]: BBA8F3F9F1CA: sender non-delivery notification: 1D2793F9F1D8
May 22 20:12:00 smaug postfix/qmgr[347]: BBA8F3F9F1CA: removed

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:[hidden email]
VoIP: sip:[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

Benny Pedersen-2
D'Arcy Cain skrev den 2017-05-24 15:25:
> The following is in my logs.

provide postconf -n to get more help
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

D'Arcy Cain
On 2017-05-24 09:30 AM, Benny Pedersen wrote:
> D'Arcy Cain skrev den 2017-05-24 15:25:
>> The following is in my logs.
>
> provide postconf -n to get more help

I knew I forgot something.

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:[hidden email]
VoIP: sip:[hidden email]

postconf-n.txt (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

Wietse Venema
D'Arcy Cain:
> On 2017-05-24 09:30 AM, Benny Pedersen wrote:
> > D'Arcy Cain skrev den 2017-05-24 15:25:
> >> The following is in my logs.
> >
> > provide postconf -n to get more help
>
> I knew I forgot something.

Postfix before 3.0 by default accepts for relay all domains listed in
mydestination (including vex.net) and subdomains (nan.vex.net).

Suggestion: set relay_domains in main.cf, empty or with domains that you want to relay.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

D'Arcy Cain
On 2017-05-24 09:53 AM, Wietse Venema wrote:

> D'Arcy Cain:
>> On 2017-05-24 09:30 AM, Benny Pedersen wrote:
>>> D'Arcy Cain skrev den 2017-05-24 15:25:
>>>> The following is in my logs.
>>>
>>> provide postconf -n to get more help
>>
>> I knew I forgot something.
>
> Postfix before 3.0 by default accepts for relay all domains listed in
> mydestination (including vex.net) and subdomains (nan.vex.net).
>
> Suggestion: set relay_domains in main.cf, empty or with domains that you want to relay.

I use mynetworks to specify who can send email through us so I set
relay_domains to empty.  Thanks.

I still don't understand why I accepted the email anyway.  The user
didn't exist.

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:[hidden email]
VoIP: sip:[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

Wietse Venema
D'Arcy Cain:

> On 2017-05-24 09:53 AM, Wietse Venema wrote:
> > D'Arcy Cain:
> >> On 2017-05-24 09:30 AM, Benny Pedersen wrote:
> >>> D'Arcy Cain skrev den 2017-05-24 15:25:
> >>>> The following is in my logs.
> >>>
> >>> provide postconf -n to get more help
> >>
> >> I knew I forgot something.
> >
> > Postfix before 3.0 by default accepts for relay all domains listed in
> > mydestination (including vex.net) and subdomains (nan.vex.net).
> >
> > Suggestion: set relay_domains in main.cf, empty or with domains that you want to relay.
>
> I use mynetworks to specify who can send email through us so I set
> relay_domains to empty.  Thanks.
>
> I still don't understand why I accepted the email anyway.  The user
> didn't exist.

Because relay recipients are blocked only when relay_recipient_maps
lists the 'valid' recipients; this is not a required setting.

We could make such a table required, along with local_recipient_maps
and a number of other changes, and make the new defaults conditional
on compatibility_level>=3.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

D'Arcy Cain
On 2017-05-24 11:11 AM, Wietse Venema wrote:
>> I still don't understand why I accepted the email anyway.  The user
>> didn't exist.
>
> Because relay recipients are blocked only when relay_recipient_maps
> lists the 'valid' recipients; this is not a required setting.

So would this setting make sense?

relay_recipient_maps = $virtual_maps, $alias_maps

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:[hidden email]
VoIP: sip:[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

Benny Pedersen-2
D'Arcy Cain skrev den 2017-05-24 17:17:

> On 2017-05-24 11:11 AM, Wietse Venema wrote:
>>> I still don't understand why I accepted the email anyway.  The user
>>> didn't exist.
>>
>> Because relay recipients are blocked only when relay_recipient_maps
>> lists the 'valid' recipients; this is not a required setting.
>
> So would this setting make sense?
>
> relay_recipient_maps = $virtual_maps, $alias_maps

no no no

relay domains is remote mta, and virtual is localy, virtualy can be
forwarded, but its not same master services

use this relay as a backup mx if needed, not for anything localy

if not using backup mx, make that map empty but defined solves it
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

Paul Schmehl-2
In reply to this post by D'Arcy Cain
--On May 24, 2017 at 9:25:30 AM -0400 D'Arcy Cain <[hidden email]> wrote:

> The following is in my logs.  I have no server called nan.vex.net and no
> user called aida.wanda.  I don't see anything in main.cf that looks like
> a wild card entry.  Can anyone suggest why I would be accepting this
> message in the first place?  I really don't want to back-scatter.
>
> May 22 20:11:59 smaug postfix/smtpd[5457]: BBA8F3F9F1CA:
> client=mx-n07.wc1.phx1.stabletransit.com[207.246.241.253] May 22 20:11:59
> smaug postfix/cleanup[8796]: BBA8F3F9F1CA:
> message-id=<[hidden email]>
> May 22 20:12:00 smaug postfix/qmgr[347]: BBA8F3F9F1CA:
> from=<[hidden email]>, size=22692, nrcpt=1 (queue active) May 22

This message was accepted.                          ^^^^^^^^^^^^^

> 20:12:00 smaug postfix/smtp[9232]: BBA8F3F9F1CA:
> to=<[hidden email]>, relay=none, delay=0.34,
> delays=0.33/0.01/0/0, dsn=5.4.6, status=bounced (mail for nan.vex.net
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> loops back to myself) May 22 20:12:00 smaug postfix/bounce[3630]:
^^^^^^^^^^^^^^^^^^^^^^^
> BBA8F3F9F1CA: sender non-delivery notification: 1D2793F9F1D8 May 22
> 20:12:00 smaug postfix/qmgr[347]: BBA8F3F9F1CA: removed

This message was rejected.


"The man who never looks into a newspaper is better informed than he who
reads them, inasmuch as he who knows nothing is nearer the truth than he
whose mind is filled with falsehoods and errors."  -  Thomas Jefferson

Paul Schmehl ([hidden email])
Independent Researcher
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

Viktor Dukhovni
In reply to this post by D'Arcy Cain

> On May 24, 2017, at 11:17 AM, D'Arcy Cain <[hidden email]> wrote:
>
>> Because relay recipients are blocked only when relay_recipient_maps
>> lists the 'valid' recipients; this is not a required setting.
>
> So would this setting make sense?
>
> relay_recipient_maps = $virtual_maps, $alias_maps

Mailboxes listed in virtual_alias_maps ($virtual_maps is obsolete)
are automatically valid for every address class and need not be
listed in relay_recipient_maps and the like.

The lookup keys in $alias_maps are presumably just "bare" localpart
addresses ("user" not "[hidden email]"), so not useful here either.

If there are no valid relay recipients, set "relay_domains =" and
then you don't need relay_recipient_maps.  If there are valid
relay domains, create a table that lists them (by full address).

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

Wietse Venema
In reply to this post by D'Arcy Cain
D'Arcy Cain:

> On 2017-05-24 11:11 AM, Wietse Venema wrote:
> >> I still don't understand why I accepted the email anyway.  The user
> >> didn't exist.
> >
> > Because relay recipients are blocked only when relay_recipient_maps
> > lists the 'valid' recipients; this is not a required setting.
>
> So would this setting make sense?
>
> relay_recipient_maps = $virtual_maps, $alias_maps

As the name implies, relay_recipient_maps is for recipients that
are relayed.

Recipients in virtual mailbox domains are not relayed.

Recipients in alias maps are not relayed.

Therefore the answer is NO.

        Wietse

> --
> D'Arcy J.M. Cain
> System Administrator, Vex.Net
> http://www.Vex.Net/ IM:[hidden email]
> VoIP: sip:[hidden email]
>
Reply | Threaded
Open this post in threaded view
|

Re: Why am I accepting this email?

Bill Cole-3
In reply to this post by D'Arcy Cain
On 24 May 2017, at 9:25, D'Arcy Cain wrote:

> I have no server called nan.vex.net

But your DNS says that mail for any addresses @nan.vex.net that might
exist are handled by mail.vex.net, regardless of whether that name
represents an actual server or whether mail.vex.net actually can handle
those addresses. The same is true of any hostname under vex.net,
implying a wildcard MX record.

I expect that you have or at least have had a reason for that wildcard
record but you may want to reconsider it.