CT wrote:
Noel Jones wrote:
On 4/18/2010 4:40 PM, groups wrote:
Noel Jones wrote, On 04/18/2010 04:20 PM:
On 4/18/2010 4:16 PM, groups wrote:
Postfix logs help you know what happened to a particular message.
Look
in your logs for bounces (sender=<>) arriving from your
relayhost, and
see what postfix does with it. No need to wonder where they went.
-- Noel Jones
A lot of the send only hosts have only an IP (not in DNS)
Look in the logs for the IP to find associated QUEUEIDs.
Apr 18 16:01:24 mailhost postfix/qmgr[3283]: 5BE9956799: from=<>,
size=89424, nrcpt=1 (queue active)
Look in the logs for other entries with that same QUEUEID 5BE9956799
to see other information associated with that transaction.
only 1 entry per transaction ID..
notthing in
/var/spool/postfix ...
ok.. and found something interesting..
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 04C2A56799: from=<>,
size=83199, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 2B54756799: from=<>,
size=83614, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 4D99856799: from=<>,
size=84029, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 7B1F756799: from=<>,
size=84444, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 9BD4456799: from=<>,
size=84859, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: BF6DC56799: from=<>,
size=85274, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: E147056799: from=<>,
size=85689, nrcpt=1 (queue active)
All have the same invalid recipient..
These show the sender and number of recipients = 1; the recipient
address is listed in a different log line.
That seems like an awful lot of bounces in a short period of time.
Sending lots of mail to undeliverable addresses is a red flag that
something is wrong -- such as a badly outdated mail list, or a
compromised machine spewing spam.
One of your tasks is to investigate why there are so many bounces,
and find a way to reduce them. Sending large amounts of
undeliverable mail will have a bad effect on your server's reputation
and may eventually lead to blacklisting.
Almost looks like it is "ping-ponging" back and forth between the
*master-relay* and my relay..
Messages with the null sender "<>" are never bounced, they must be
delivered or discarded.
Bounces are always sent with the null sender.
This prevents bounces from ever looping (except in rare cases of
stupid user tricks such as a .forward that rewrites <> to something
else -- don't do that).
Further information about those messages can be found in the logs.
I have seen this invalid recipient on the old Sendmail box.. and
it ended up in my queue then expires.. (the sender host has been out of
the office when I tried to contact them)
so it looks like I have something not right..
there is nothing in mailq..
Charles
You need to examine the log further. If there's a problem, postfix
will likely tell you what it is, or at least give you a better idea
of where to look.
Postfix generates several log lines for each message. You need to
look at *all* the lines with the same QUEUEID to see what happened to
a message.
Logs for a single message look something like this below (with my
comments). Because postfix can process many messages in parallel,
logs for a single message may be separated by a considerable number
of unrelated log entries. There may be more or fewer entries
depending on what happens with a transaction, but this is fairly
typical.
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: connect from
private.webmail.example.org[192.168.70.47] to smtpd
(client connected; the hostname and IP are logged)
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: 1A2C779788F:
client=private.webmail.example.org[192.168.70.47]
(the QUEUEID "1A2C779788F" is assigned. That means there was at least
one recipient accepted and a queue file was created. Future lines
pertaining to this specific message will include this same QUEUEID)
Apr 18 00:00:20 mgate2 postfix/cleanup[92028]: 1A2C779788F:
message-id=<[email protected]>
(the Message-id: header is logged. This is a helpful unique message
identifier when searching the logs for a specific message.)
Apr 18 00:00:20 mgate2 postfix/qmgr[95868]: 1A2C779788F: from=<>,
size=382, nrcpt=1 (queue active)
(envelope sender, size, number of recipients, which queue it's
assigned to)
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: disconnect from
private.webmail.vbhcs.org[192.168.70.47]
(postfix has disconnected from the client. This line can be related
to the "connect" line above by the smtpd process id, in this case
"91955")
Apr 18 00:00:20 mgate2 postfix/local[94393]: 1A2C779788F:
to=<[email protected]>, relay=local, delay=0.11, delays=0.05
/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
(the mail was delivered to a local user)
Apr 18 00:00:20 mgate2 postfix/qmgr[95868]: 1A2C779788F: removed
(postfix completed this message, and removed the queue file)
-- Noel Jones
Noel..
Thank you very much for the *above and beyond* explanation..
I actually *have* (personal) postfix smtp gateways but all are
configured *not* to receive email
and have worked flawlessly...
I will report back on this same thread when I have a resolution..
Very Respectfully,
Charles
Reporting Back..
After more testing..
--- Recap ---
I have an internal relay that sends 90% of email to the *master-relay*
and the
rest go directly out via transport maps.
The *master-relay* was sending them to *my-relay* and *my-relay* was
receiving the "bad emails" but I was not getting those "bad" emails in
the local-user inbox on *my-relay*.
After reading.. (go figure)
http://www.postfix.org/BASIC_CONFIGURATION_README.html#relayhost
-------------
Specifically:
The Postfix system reports problems to the postmaster alias. You may not
be interested in all types of trouble reports, so this reporting
mechanism is configurable. The default is to report only serious
problems (resource, software) to postmaster:
Default setting:
/etc/postfix/main.cf:
notify_classes = resource, software
-------------
I added the bounce and 2bounce to test but might still need to add
something to get
the "Delivery Failure" messages..
CT
I have included the postfinger output for my current *working*
configuration for
verification...
Thanks again to Noel and the rest of the posters that have helped..
-- postfinger output --
mail_version = 2.5.1
hostname = mailhost.sub-dom.TLD.DOM
uname = Linux mailhost.sub-dom.TLD.DOM 2.6.18-164.15.1.el5 #1 SMP Wed
Mar 17 11:37:14 EDT 2010 i686 i686 i386 GNU/Linux
--Packaging information--
looks like this postfix comes from RPM package: postfix-2.5.1-1.rhel5
--main.cf non-default parameters--
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
mydestination = $myhostname, $mydomain
mynetworks = ppp.pp.0.0/16, DDD.DD.0.0/16
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
*notify_classes = resource, software, bounce, 2bounce*
readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
relay_domains = sub-dom.TLD.DOM, TLD.DOM, TLD2.DOM, TLD3.DOM,
sub-dom-2.TLD.DOM
relayhost = [*master-relay*]
sendmail_path = /usr/sbin/sendmail.postfix
smtpd_data_restrictions = reject_unauth_pipelining,permit_mynetworks
transport_maps = hash:/etc/postfix/transport
--master.cf--
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
-- end of postfinger output --
