Thanks so much, Viktor
I tried the config from your last email and got the same results:
rcpt to: t...@fongaboo.com
550 5.1.1 <t...@fongaboo.com>: Recipient address rejected: User unknown in
relay recipient table
I returned config to:
# relay_domains = whitehouse.gov
# relay_recipient_maps = inline:{@=@}
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
Ran postmap on relay_domains and relay_recipients for good measure.
Confirmed the respective .db files had a current timestamp.
Restarted postfix:
$ telnet ca2ceus.wtfayla.net 25
Trying 50.75.172.140...
Connected to ca2ceus.wtfayla.net.
Escape character is '^]'.
220 caduceus.wtfayla.net ESMTP Postfix (Debian/GNU)
helo fongaboo.com
250 caduceus.wtfayla.net
mail from: fonga...@gmail.com
250 2.1.0 Ok
rcpt to: t...@fongaboo.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
this is going to t...@fongaboo.com
.
250 2.0.0 Ok: queued as E99942E40AC
helo fongaboo.com
250 caduceus.wtfayla.net
mail from: fonga...@gmail.com
250 2.1.0 Ok
rcpt to: unknownu...@fongaboo.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
this is going to unkn...@fongaboo.com
.
250 2.0.0 Ok: queued as 3EFF72E40AA
No sign of 3EFF72E40AA in /var/log/mail.log on the primary.
From /var/log/mail.log on the secondary:
fgrep 3EFF72E40AA /var/log/mail.log
Dec 8 10:56:00 ca2uceus postfix/smtpd[40207]: 3EFF72E40AA:
client=pool-100-4-204-226.albyny.fios.verizon.net[100.4.204.226]
Dec 8 10:56:25 ca2uceus postfix/cleanup[40215]: 3EFF72E40AA: message-id=<>
Dec 8 10:56:25 ca2uceus postfix/qmgr[40205]: 3EFF72E40AA:
from=<fonga...@gmail.com>, size=264, nrcpt=1 (queue active)
Dec 8 10:56:26 ca2uceus postfix/relay/smtp[40220]: 3EFF72E40AA:
to=<unknownu...@fongaboo.com>, relay=helix.wtfayla.net[64.246.134.156]:25, delay=37,
delays=36/0/0.32/0.05, dsn=5.1.1, status=bounced (host helix.wtfayla.net[64.246.134.156]
said: 550 5.1.1 <unknownu...@fongaboo.com>: Recipient address rejected: User unknown
in virtual mailbox table (in reply to RCPT TO command))
Dec 8 10:56:26 ca2uceus postfix/bounce[40236]: 3EFF72E40AA: sender
non-delivery notification: 3ACA22E41E8
Dec 8 10:56:26 ca2uceus postfix/qmgr[40205]: 3EFF72E40AA: removed
Is this the best I can hope for? That the secondary still sends it on, but the
primary rejects it outright?
Shouldn't the secondary be able to 'slam the door' immediately on any rcpt to:
not in its relay_recipients file?
On Wed, 7 Dec 2022, Viktor Dukhovni wrote:
On Wed, Dec 07, 2022 at 08:47:21PM -0500, Jonathan Capra wrote:
I took this to mean I should get rid of relay_domains altogether, and rely
solely on relay_recipients. But once I did that, it now rejects all
addresses.
Hard to imagine how you reached that interpretation. Postfix rejects
invalid relay recipients for domains list (only) in relay_domains, when
there are no wildcard matches in that table or matches in
canonical_maps or virtual_alias_maps and when invalid recipient
validation is not disabled.
The simplest test is to configure an empty relay_recipient_maps, and
see whether any relay recipients are allowed then.
Try (on a test server):
relay_domains = whitehouse.gov
relay_recipient_maps = inline:{@=@}
When I do this, and run a test, I see:
rcpt to:<presid...@whitehouse.gov>
550 5.1.1 <presid...@whitehouse.gov>: Recipient address rejected: User
unknown in relay recipient table
quit
221 2.0.0 Bye
Do you?
--
Viktor.
