OK, version is wrong. Did RTFM however assumed (wrongly) that the newer versions will work. I installed the latest official release which was postfix-2.0.3.tar.gz at the time. It is now postfix-2.0.4.tar.gz.
I did comment reject_unverified_sender of course as soon as I sensed trouble. Shouldn't SAV work on the latest official versions? Any config changes that can be done with out downgrading postfix? 2.0.0.xxxxxxxx.tar.gz versions don't exist on the postfix site anymore. Thanks, Eric ----- Original Message ----- From: "Len Conrad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 27, 2003 10:14 AM Subject: [IMGate] Re: reject_unverified_sender blocks good mail > > > >I installed IMGate a couple days ago. > >I started out using the default IMGate main.cf file. Spam started being > >blocked immediately. However it seems like it's over blocking. I discovered > >that legitimate emails were blocked as well by the > >"reject_unverified_sender" command. > > there is no command or reject text like that. but I know what you are > "paraphrasing. > > those maillog messages come from > > reject_unverified_sender, > > aka SAV, sender address verfication, and there are 4 messages: > > Feb 26 00:08:50 mx4 postfix/smtp[84491]: 1D7153EE44A: > to=<[EMAIL PROTECTED]>, relay=mx01.earthlink.net[207.217.120.29], > delay=0, status=deliverable (250 <[EMAIL PROTECTED]>... Recipient ok > > ... SAV has succeeded. > > Feb 26 23:45:14 mx4 postfix/smtpd[71231]: 1ACCB3EE412: reject: RCPT from > unknown[64.39.45.141]: 450 <[EMAIL PROTECTED]>: Sender address > rejected: unverified sender address: Address verification in progress; > from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> > proto=SMTP helo=<max.sm-inter.net> > > ... SAV was started the first time the sender connected under SAV, but SAV > was not able to V during the SMTP session (9 second window, IIRC), so the > sender is rejected while the verify daemon keeps on trying. SAV may > finally get the first messages above for sender or the last two below > > Feb 26 11:31:40 mx4 postfix/smtpd[21846]: B6F9F3EE438: reject: RCPT from > unknown[66.179.48.91]: 450 <[EMAIL PROTECTED]>: Sender address > rejected: unverified sender address: connect to > www.macfixit.com[66.179.48.115]: Operation timed out; > from=<[EMAIL PROTECTED]> to=<bill@ > myokokogen.org> proto=ESMTP helo=<www.macfixit.com> > > ... SAV says this sender is unverifiable because the the MX for his > @sender.domain did not respond. So the sender stays rejected with a 450. > > Feb 26 03:48:58 mx4 postfix/smtpd[97286]: E19F73EE424: reject: RCPT from > baracuda.amis.net[212.18.32.4]: 450 <[EMAIL PROTECTED]>: > Sender address rejected: undeliverable sender address: host > relay4.mailru.com[80.68.244.41] said: 553 5.3.0 > <[EMAIL PROTECTED]>... No such user (in reply to RCPT TO > command); from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> > proto=ESMTP helo=<baracuda.amis.net> > > ... SAV rejects the sender with 450 because the MX for his @sender.domain > said that the sender does not exist on the MX. You can change the 450 to a > 5xx with in main.cf here: > > unverified_sender_reject_code = 450 > > so, to summarize > > 1. SAV starts for sender: > > 1a. the MX approves the sender in that sender's initial SMTP connection, > and postfix accepts his message, no reject. > > 1b. SAV fails to get an initial response from MX in 9 secs during the > initila SMTP session, so "in progress". the sender is 450 rejected but > usually in the next few seconds, SAV gets a verify from the MX and sender > is marked as verified and the when the remote MTA retries, the msg will be > accepted. The sender and recipient will not see any rejects, since the 450 > reject causes the remote MTA to retry. > > 2. MX does not respond, sender rejected as "unverifiable". > > 3. MX responds negatiely, sender rejected as "undeliverable" > > Note that the [EMAIL PROTECTED] is not "credible" at any time because it > can be forged. A spammer can be forging a verifiable sender's address (SAV > accepts the msg), or a non-existent sender (SAV rejects). > > >Here's an example of an Ipswich support incoming message being blocked: > > > >Feb 20 17:18:22 mx1 postfix/smtpd[522]: connect from > >imail.ipswitch.com[156.21.1.5] > >Feb 20 17:18:22 mx1 postfix/smtpd[522]: E8723248A6: > >client=imail.ipswitch.com[156.21.1.5] > >Feb 20 17:18:51 mx1 postfix/smtpd[522]: warning: unknown smtpd restriction: > >"reject_unverified_sender" > > you did not RTFM, aka my LONG README.txt in the IMGate set of files, where > I say : > > "28. Starting with postfix "mail_version = 1.1.12-trace-20021202", a new > feature called SAV, "sender address verification" has been added. It adds > significant new rejects to IMGate's basic config, so it is activated in > main.cf." > > and in main.cf: > > # config file works with postfix-2.0.0-20030101.tar.gz > # and recent versions around there > > and you are not running the right version of postfix. either run the right > version, or remove from main.cf this line: > > reject_unverified_sender, > > postfix reload > > > >Feb 20 17:18:51 mx1 postfix/smtpd[522]: E8723248A6: reject: RCPT from > >imail.ipswitch.com[156.21.1.5]: 451 Server configuration error; > >from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP > >helo=<ipswitch.com> > > your wrong version of postfix will 450 EVERY sender because you have > misconfigured main.cf with an SMTPD restriction that doesn't exist (in that > version of postfix).. > > Len > > >
