>I installed IMGate a couple days ago. >I started out using the default IMGate main.cf file. Spam started being >blocked immediately. However it seems like it's over blocking. I discovered >that legitimate emails were blocked as well by the >"reject_unverified_sender" command.
there is no command or reject text like that. but I know what you are "paraphrasing. those maillog messages come from reject_unverified_sender, aka SAV, sender address verfication, and there are 4 messages: Feb 26 00:08:50 mx4 postfix/smtp[84491]: 1D7153EE44A: to=<[EMAIL PROTECTED]>, relay=mx01.earthlink.net[207.217.120.29], delay=0, status=deliverable (250 <[EMAIL PROTECTED]>... Recipient ok ... SAV has succeeded. Feb 26 23:45:14 mx4 postfix/smtpd[71231]: 1ACCB3EE412: reject: RCPT from unknown[64.39.45.141]: 450 <[EMAIL PROTECTED]>: Sender address rejected: unverified sender address: Address verification in progress; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<max.sm-inter.net> ... SAV was started the first time the sender connected under SAV, but SAV was not able to V during the SMTP session (9 second window, IIRC), so the sender is rejected while the verify daemon keeps on trying. SAV may finally get the first messages above for sender or the last two below Feb 26 11:31:40 mx4 postfix/smtpd[21846]: B6F9F3EE438: reject: RCPT from unknown[66.179.48.91]: 450 <[EMAIL PROTECTED]>: Sender address rejected: unverified sender address: connect to www.macfixit.com[66.179.48.115]: Operation timed out; from=<[EMAIL PROTECTED]> to=<bill@ myokokogen.org> proto=ESMTP helo=<www.macfixit.com> ... SAV says this sender is unverifiable because the the MX for his @sender.domain did not respond. So the sender stays rejected with a 450. Feb 26 03:48:58 mx4 postfix/smtpd[97286]: E19F73EE424: reject: RCPT from baracuda.amis.net[212.18.32.4]: 450 <[EMAIL PROTECTED]>: Sender address rejected: undeliverable sender address: host relay4.mailru.com[80.68.244.41] said: 553 5.3.0 <[EMAIL PROTECTED]>... No such user (in reply to RCPT TO command); from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<baracuda.amis.net> ... SAV rejects the sender with 450 because the MX for his @sender.domain said that the sender does not exist on the MX. You can change the 450 to a 5xx with in main.cf here: unverified_sender_reject_code = 450 so, to summarize 1. SAV starts for sender: 1a. the MX approves the sender in that sender's initial SMTP connection, and postfix accepts his message, no reject. 1b. SAV fails to get an initial response from MX in 9 secs during the initila SMTP session, so "in progress". the sender is 450 rejected but usually in the next few seconds, SAV gets a verify from the MX and sender is marked as verified and the when the remote MTA retries, the msg will be accepted. The sender and recipient will not see any rejects, since the 450 reject causes the remote MTA to retry. 2. MX does not respond, sender rejected as "unverifiable". 3. MX responds negatiely, sender rejected as "undeliverable" Note that the [EMAIL PROTECTED] is not "credible" at any time because it can be forged. A spammer can be forging a verifiable sender's address (SAV accepts the msg), or a non-existent sender (SAV rejects). >Here's an example of an Ipswich support incoming message being blocked: > >Feb 20 17:18:22 mx1 postfix/smtpd[522]: connect from >imail.ipswitch.com[156.21.1.5] >Feb 20 17:18:22 mx1 postfix/smtpd[522]: E8723248A6: >client=imail.ipswitch.com[156.21.1.5] >Feb 20 17:18:51 mx1 postfix/smtpd[522]: warning: unknown smtpd restriction: >"reject_unverified_sender" you did not RTFM, aka my LONG README.txt in the IMGate set of files, where I say : "28. Starting with postfix "mail_version = 1.1.12-trace-20021202", a new feature called SAV, "sender address verification" has been added. It adds significant new rejects to IMGate's basic config, so it is activated in main.cf." and in main.cf: # config file works with postfix-2.0.0-20030101.tar.gz # and recent versions around there and you are not running the right version of postfix. either run the right version, or remove from main.cf this line: reject_unverified_sender, postfix reload >Feb 20 17:18:51 mx1 postfix/smtpd[522]: E8723248A6: reject: RCPT from >imail.ipswitch.com[156.21.1.5]: 451 Server configuration error; >from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP >helo=<ipswitch.com> your wrong version of postfix will 450 EVERY sender because you have misconfigured main.cf with an SMTPD restriction that doesn't exist (in that version of postfix).. Len
