Hello, we are hitting a wall with address verification to a backend
server that does not like double-bounce@domain as the address
verification sender. We have tried to change the parameter from its
default value to null sender (<>) and an explicit address via postconf
and by editing main.cf with "postfix reload" and with a full restart but
the probes continue to reach the backend as double-bounce@$maydomain.
We have even added double-bounce as a masquerade exception with no success.
We are using postfix 3.5.25
Relevant log line:
Jun 11 13:18:46 frontmta postfix/smtpd[1111697]: NOQUEUE: reject: RCPT
from mail.example.net[192.168.0.2]: 550 5.1.1 <[email protected]>:
Recipient address rejected: undeliverable
address: host backmta.example.com[172.16.3.14] said: 550 5.1.0
<[email protected]>:
Sender address rejected: example.com (in reply to RCPT TO command);
from=<[email protected]> to=
<[email protected]> proto=ESMTP helo=<mail.example.net>
[root@frontmta ~]# postconf -n
address_verify_map = btree:/var/lib/postfix/verify
address_verify_relayhost =
address_verify_sender = [email protected]
address_verify_transport_maps = hash:/etc/postfix/add_vrf_transport_maps
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
dkim_milter = inet:127.0.0.1:8891
dmarc_milter = inet:127.0.0.1:8893
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_size_limit = 104857600
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
masquerade_exceptions = root, postfix, double-bounce
message_size_limit = 104857600
meta_directory = /etc/postfix
mydestination = $myhostname
mydomain = example.com
mynetworks = 127.0.0.0/8, 172.16.0.0/1, 10.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $dkim_milter
parent_domain_matches_subdomains =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = example.com
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_bind_address = 172.16.200.2
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_security_level = may
smtpd_authorized_xclient_hosts = 172.16.200.14
smtpd_client_restrictions = reject_unauth_pipelining,
check_client_access hash:/etc/postfix/cliacc,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client zombie.dnsbl.sorbs.net, permit
smtpd_delay_reject = yes
smtpd_discard_ehlo_keywords = vrfy
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
check_client_access hash:/etc/postfix/heloacc,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
smtpd_milters = $dkim_milter $dmarc_milter
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
check_policy_service unix:private/policy-spf,
smtpd_sender_restrictions = permit_mynetworks,
check_sender_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/denylist,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_unauth_pipelining,
permit
smtpd_tls_cert_file = /etc/pki/tls/certs/fullchain.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
strict_rfc821_envelopes = yes
tcp_windowsize = 65535
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
unverified_recipient_reject_code = 550
virtual_maps = hash:/etc/postfix/virtual1 hash:/etc/postfix/virtual2
Ideas anyone? Thanks!
--
Victoriano Giralt Retired sysadmin
==================================================================
Note: signature.asc is the electronic signature of present message
A: Yes.
Q: Are you sure ?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting annoying in email ?
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
