Am 23.05.2012 20:00, schrieb /dev/rob0: > On Wed, May 23, 2012 at 05:55:03PM +0200, Georg Schönweger wrote: >> i have a postfix server which is only used for sending emails to >> the outside, no incoming emails are allowed (no MX record). I >> recently opened port 587 in master.cf and now i'm asking myself >> if it is ok to close port 25 completely? >> AFAIK every mail server should accept incoming mails to >> postmaster@myserver, but when i close port 25 this is not the >> case anymore, isn't it? > > All mail exchange happens on port 25. If an Internet domain doesn't > have an MTA somewhere accepting mail for it on port 25, it will not > receive mail. > >> and another question regarding port 25; >> when my postfix server generates a bounce message (which happens when >> sending a mail to non existend address) and sends it back to the >> originally envelope sender, he uses "From: [email protected]" >> as sender of the bounce message. Does [email protected] has to >> be an existend mail account? > > You will find that mailer-daemon is a standard alias. It is probably > in your /etc/aliases unless you removed it. > >> We recently had problems that on MX site of our email addresses >> (hosted by a company) they rejected some of the bounce mails >> generated by my server. Log shows following; >> "status=bounced (host mx.myEmailHostedByCompany.tld[IP.IP.IP.IP] >> said: 550 5.1.0 CfoC1j00P08HtnS01foCNg dominio non valido / invalid >> domain (in reply to MAIL FROM command))" > > You did not show the complete logging for that mail. You say it was a > bounce. If so, your hosting company may have a problem. Since, as one > might presume, you are paying them for service, you should contact > them now for support. > > Another thing that occurs to me is that they don't want to relay > backscatter. If that's what happened, it's quite understandable, but > the error message is misleading / wrong. If you have a backscatter > problem, you need to fix that. > >> So i'm asking myself does this error message mean that >> [email protected] has to be existend > > It says, "in reply to MAIL FROM command". If as you say it was a > bounce, then no, it probably has nothing to do with whether or not > myserver.tld resolves. They have not yet seen the From: header at > this point in SMTP. > >> (so i have to keep port 25 open on my server and see if this >> account is ok)? Does myserver.tld need to have a MX record as well >> in order to avoid the problem? > > This is all up to you, but yet, in general any domain which is used > as sender in email should have an MTA somewhere accepting mail for it > on port 25. If you don't want this hosted on the machine with the A > record "myserver.tld", you can make an MX record for that name > pointing to the desired host. > >> As far as i understand this error message means that the envelope >> sender (which is empty (<>) for bounce mails) is not valid, which >> is nonsense because every bounce message has an empty envelope >> sender. > > Correct.
First of all thanks to all of you for your constructive input! I changed now "myorigin" to our main domain which is hosted external. As this domain has a catch all mail address every sender of my Postfix server should be valid now (can receive mails). Port 25 is closed now. But the problem with rejected bounce mails still remains; If i send a mail with sender [email protected] via my postfix server to a non existing address a bounce mail will be generated. [email protected] is hosted by a company. Sometimes they reject the bounce mail. Full log; May 25 18:57:07 susi2 postfix/cleanup[9312]: AAC41CACB54: message-id=<[email protected]> May 25 18:57:07 susi2 postfix/qmgr[9014]: AAC41CACB54: from=<[email protected]>, size=1526, nrcpt=1 (queue active) May 25 18:57:07 susi2 postfix/smtp[9313]: AAC41CACB54: to=<[email protected]>, relay=none, delay=0.15, delays=0.15/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=dasfdasf.asd type=AAAA: Host not found) May 25 18:57:07 susi2 postfix/cleanup[9312]: C67A9CACCAE: message-id=<20120525165707.C67A9CACCAE@my-postfix-server> May 25 18:57:07 susi2 postfix/bounce[9314]: AAC41CACB54: sender non-delivery notification: C67A9CACCAE May 25 18:57:07 susi2 postfix/qmgr[9014]: C67A9CACCAE: from=<>, size=3549, nrcpt=1 (queue active) May 25 18:57:07 susi2 postfix/qmgr[9014]: AAC41CACB54: removed May 25 18:57:08 susi2 postfix/smtp[9313]: certificate verification failed for mx.domain.tld[IP.OF.OUR.PROVIDER]:25: untrusted issuer /C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517 May 25 18:57:08 susi2 postfix/smtp[9313]: C67A9CACCAE: to=<[email protected]>, relay=mx.domain.tld[IP.OF.OUR.PROVIDER]:25, delay=0.44, delays=0/0/0.38/0.05, dsn=5.1.0, status=bounced (host mx.domain.tld[IP.OF.OUR.PROVIDER] said: 550 5.1.0 EGx71j00D08HtnS01Gx7D1 dominio non valido / invalid domain (in reply to MAIL FROM command)) May 25 18:57:08 susi2 postfix/qmgr[9014]: C67A9CACCAE: removed Could this be a backscatter problem? I read a little bit about backscatter, but i have no idea how tho check and fix this. kind reagards, Georg
