[postfix-users] Postfix lasst mail ohne From zu.

Uwe Driessen driessen at fblan.de
So Apr 26 02:29:22 CEST 2009 

> -----Original Message-----
> From: postfix-users-bounces at de.postfix.org [mailto:postfix-users-bounces at de.postfix.org]
> On Behalf Of Andres Gonzalez Pareja
> Sent: Saturday, April 25, 2009 11:27 PM
> To: Mailing-Liste der deutschsprachigen Postfix Gemeinschaft
> Subject: Re: [postfix-users] Postfix lasst mail ohne From zu.
> 
> Uwe Driessen wrote:
> >> On Behalf Of Andres Gonzalez Pareja
> >> Hallo alle zusammen.
> >>
> >> Ich verstehe nicht warum unser Mailgateway Mail mit lehren FROM in manchen fällen
> >> zulasst.
> >
> > Das gehört zum Spiel. Sender non delivery usw. werden darüber ausgetauscht
> >
> >
> >> Das hier ist mein postconf -n output:
> >>
> >>
> >> Und nun folgt ein Ausschnitt vom postfix-debug-mail-log:
> >
> >
> > Fahr mal deine vvvv zurück so was macht man nur wenn man das wirklich braucht.
> > Schickt mal einen normalen maillog auszug (von beginn des connect bis zum connection
> > close)
> > In der Regel kann man bei solchen "Fehlern" das ohne vvvv erkennen.
> >
> > Die Beschreibung wo dein "wirkliches" Problem liegt wäre hilfreicher.
> >
> > Hast du Probleme mit unerwünschten Mails? Dann sucht man evtl. mal in deinen
> Restriktionen
> > ob da die eine oder andere Prüfung noch hilfreich ist.
> 
> Hallo Uwe,
> Danke für die Antwort.
> 
> Das Problem ist das diese Email nicht zugestellt werden darf weil die domain nicht
> existiert, das gelingt auch in 3 von 4 versuchten Sendungen in der  gleichen conection
> nur eins davon nicht. Deshalb auch das debug-log. Du siehst "NOQUEUE: reject" aber in
> der 6en Linie wird trotzdem einmal zugestellt.
> Hofe kannst mir weiterhelfen.
> 
> Hier ein normales log:
> 
> 
> Apr 19 00:25:06 mx53 postfix/smtpd[23734]: connect from 68.AAA-AAA-AAA-
> AAA.staticIP.AAAA.net[DDD.DD.DDD.DD]
> Apr 19 00:25:07 mx53 postfix/smtpd[23734]: NOQUEUE: reject: RCPT from 68.AAA-AAA-AAA-
> AAA.staticIP.AAAA.net[DDD.DD.DDD.DD]: 450 4.1.8 <root at server.AAAAAA.org>: Sender address
> rejected: Domain not found; from=<root at server.AAAAAA.org> to=<hans at aaaaaaaaa.aa>
> proto=ESMTP helo=<server.AAAAAA.org>
> Apr 19 00:25:07 mx53 postfix/smtpd[23734]: CC7AB400A1: client=68.AAA-AAA-AAA-
> AAA.staticIP.AAAA.net[DDD.DD.DDD.DD]
> Apr 19 00:25:08 mx53 postfix/cleanup[23856]: CC7AB400A1: message-
> id=<200904150614.n3F6EbU0022638 at server.AAAAAA.org>
> Apr 19 00:25:08 mx53 postfix/qmgr[2864]: CC7AB400A1: from=<>, size=3262, nrcpt=1 (queue
> active)
> Apr 19 00:25:08 mx53 postfix/smtp[23857]: CC7AB400A1: to=<hans at aaaaaaaaa.aa>,
> relay=ddd.dd.ddd.d[ddd.dd.ddd.d]:25, delay=0.83, delays=0.8/0/0.01/0.03, dsn=2.0.0,
> status=sent (250 2.0.0 n3IMPGXT030509 Message accepted for delivery)
> Apr 19 00:25:08 mx53 postfix/qmgr[2864]: CC7AB400A1: removed
> Apr 19 00:25:08 mx53 postfix/smtpd[23734]: NOQUEUE: reject: RCPT from 68.AAA-AAA-AAA-
> AAA.staticIP.AAAA.net[DDD.DD.DDD.DD]: 450 4.1.8 <root at server.AAAAAA.org>: Sender address
> rejected: Domain not found; from=<root at server.AAAAAA.org> to=<hans at aaaaaaaaa.aa>
> proto=ESMTP helo=<server.AAAAAA.org>
> Apr 19 00:25:09 mx53 postfix/smtpd[23734]: NOQUEUE: reject: RCPT from 68.AAA-AAA-AAA-
> AAA.staticIP.AAAA.net[DDD.DD.DDD.DD]: 450 4.1.8 <root at server.AAAAAA.org>: Sender address
> rejected: Domain not found; from=<root at server.AAAAAA.org> to=<hans at aaaaaaaaa.aa>
> proto=ESMTP helo=<server.AAAAAA.org>
> Apr 19 00:25:09 mx53 postfix/smtpd[23734]: NOQUEUE: reject: RCPT from 68.AAA-AAA-AAA-
> AAA.staticIP.AAAA.net[DDD.DD.DDD.DD]: 450 4.1.8 <root at server.AAAAAA.org>: Sender address
> rejected: Domain not found; from=<root at server.AAAAAA.org> to=<hans at aaaaaaaaa.aa>
> proto=ESMTP helo=<server.AAAAAA.org>
> Apr 19 00:25:10 mx53 postfix/smtpd[23734]: NOQUEUE: reject: RCPT from 68.AAA-AAA-AAA-
> AAA.staticIP.AAAA.net[DDD.DD.DDD.DD]: 450 4.1.8 <root at server.AAAAAA.org>: Sender address
> rejected: Domain not found; from=<root at server.AAAAAA.org> to=<hans at aaaaaaaaa.aa>
> proto=ESMTP helo=<server.AAAAAA.org>
> Apr 19 00:25:10 mx53 postfix/smtpd[23734]: disconnect from 68.AAA-AAA-AAA-
> AAA.staticIP.AAAA.net[DDD.DD.DDD.DD]
> 

Diese Maskierungen machen es ungleich schwerer das log zu lesen.

Wie viele Domains sind dahinter, gehören die alle zu Hauptdomain?
Sind das virtualdomains oder Relaydomains zu denen da zugestellt werden soll/wird?

relay_domains (default: $mydestination)
What destination domains (and subdomains thereof) this system will relay mail to.
Subdomain matching is controlled with the parent_domain_matches_subdomains parameter. For
details about how the relay_domains value is used, see the description of the
permit_auth_destination and reject_unauth_destination SMTP recipient restrictions. 

Domains that match $relay_domains are delivered with the $relay_transport mail delivery
transport. The SMTP server validates recipient addresses with $relay_recipient_maps and
rejects non-existent recipients. See also the relay domains address class in the
ADDRESS_CLASS_README file. 

Note: Postfix will not automatically forward mail for domains that list this system as
their primary or backup MX host. See the permit_mx_backup restriction in the postconf(5)
manual page. 

Specify a list of host or domain names, "/file/name" patterns or "type:table" lookup
tables, separated by commas and/or whitespace. Continue long lines by starting the next
line with whitespace. A "/file/name" pattern is replaced by its contents; a "type:table"
lookup table is matched when a (parent) domain appears as lookup key. Specify "!pattern"
to exclude a domain from the list. The form "!/file/name" is supported only in Postfix
version 2.4 and later. 

Verwendest du irgendwo catchall oder Adressrewriting's? (master.cf, Amavis einträge
überprüfen)

Du hast den Parameter unverified_recipient_reject_code noch auf dem default 450 stehen 

Mit unverified_recipient_reject_code = 550 werden ungültige Adressen sofort abgewiesen 

reject_unverified_recipient 
Reject the request when mail to the RCPT TO address is known to bounce, or when the
recipient address destination is not reachable. Address verification information is
managed by the verify(8) server; see the ADDRESS_VERIFICATION_README file for details. 

The unverified_recipient_reject_code parameter specifies the numerical response code when
an address is known to bounce (default: 450, change into 550 when you are confident that
it is safe to do so). 
The unverified_recipient_defer_code parameter specifies the numerical response code when
an address probe failed due to a temporary problem (default: 450). 
The unverified_recipient_tempfail_action parameter specifies the action after addres probe
failure due to a temporary problem (default: defer_if_permit). 
This feature is available in Postfix 2.1 and later.


Schau die auch mal die Parameter 
smtpd_soft_error_limit =
smtpd_hard_error_limit =
smtpd_error_sleep_time =
unknown_client_reject_code
unknown_address_reject_code
unknown_hostname_reject_code
unknown_client_reject_code
an 

http://www.postfix.org/postconf.5.html


smtpd_sender_restrictions = reject_non_fqdn_sender, 
	check_sender_access hash:/etc/postfix/sender_access, 
	reject_unknown_sender_domain

die Sender restriktionen  leeren und in den recipient_restriktionen einarbeiten.

z.B. 
smtpd_recipient_restrictions = reject_non_fqdn_sender, 
   reject_non_fqdn_sender,
   reject_unknown_sender_domain,
	reject_non_fqdn_recipient, 
	reject_unknown_recipient_domain, 
	check_sender_access hash:/etc/postfix/sender_access, 
	reject_unknown_sender_domain, 
	permit_mynetworks, 
	reject_unauth_destination, 
   check_sender_access hash:/etc/postfix/sender_access,
	reject_invalid_helo_hostname, 
	reject_non_fqdn_helo_hostname, 
	reject_rbl_client zen.spamhaus.org, 
	reject_rbl_client dnsbl.sorbs.net, 
	reject_rbl_client cbl.abuseat.org




Mit freundlichen Grüßen

Drießen

-- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: +49 06708 / 660045   Fax: +49 06708 / 661397

More information about the postfix-users mailing list