RE: Bounce replies are not coming back through relay
Wietse, Maybe I should re-phrase my question. On my Exchange server, if I e-mail an invalid address, it will e-mail be back and tell me that the recipient does not exist. When I e-mail an invalid address using a web/imap/pop hosting provider, I get an e-mail telling me the recipient is not valid. I'm under the assumption that my Postfix server is not allowing a bounce to come back, but I do not know if it's a configuration issue or if it's just the way things work. I've been told by someone knowledgeable with e-mail servers that it should be possible to get a reply back saying the recipient is invalid so I'm thinking it's a configuration issue. Are you telling me it's just not possible?
Re: Bounce replies are not coming back through relay
Masao Garcia: Wietse, Maybe I should re-phrase my question. On my Exchange server, if I e-mail an invalid address, it will e-mail be back and tell me that the recipient does not exist. When I e-mail an invalid address using a web/imap/pop hosting provider, I get an e-mail telling me the recipient is not valid. I'm under the assumption that my Postfix server is not allowing a bounce to come back, but I do not know if it's a configuration issue or if it's just the way things work. I've been told by someone knowledgeable with e-mail servers that it should be possible to get a reply back saying the recipient is invalid so I'm thinking it's a configuration issue. Are you telling me it's just not possible? Instead of speculating that Postfix does not allow bounces to come back, all the evidence you need is in the logfile. Postfix logs ALL mail delivery attempts, including the attempts that fail. First, does Postfix actually RECEIVE the mail from the user? If it doesn't receive the mail, then obviously it also cannot deliver it. Does the remote server say that the recipient is bad WHILE Postfix delivers mail? Then, Postfix should SEND a bounce message to the sender, and if it does not, you need to provide the evidence. Does the remote server find out that the recipient is bad AFTER Postfix delivers mail? Then, Postfix should RECIEVE a bounce message from the remote server, and if it does not, then you need to talk to the operator of the remote server. Wietse
Re: problems with permit_sasl and unknown_address
Yves Dorfsman: Wietse Venema wrote: There's no reject_unknown_* in there, so this does not reproduce the complaint. Right, because I had commented them out in order to make it work. I put them back, here's the output of postconf -n It's like sending your brother to the doctor for examination instead of yourself. smtpd_client_restrictions = permit_sasl_authenticated, reject_unknown_address, reject_unknown_client, reject_unknown_reverse_client_hostname, check_client_access hash:/etc/postfix/access, reject_rbl_client sbl-xbl.spamhaus.org This accepts mail from SASL-authenticated clients and rejects unknown stuff from SASL-unauthenticated clients. Your mail is rejected because the client is not SASL authenticated. You probably have an SMTP-based content filter in the middle of your Postfix system, and failed to configure the post-filter SMTP server per the FILTER_README instructions. Wietse
Re: Bounce replies are not coming back through relay
Wietse Venema wrote: Instead of speculating that Postfix does not allow bounces to come back, all the evidence you need is in the logfile. Postfix logs ALL mail delivery attempts, including the attempts that fail. Bounces normally have an empty envelope sender address which should be logged as from= Masao, maybe this helps you to find significant entries in your logs. Regards and Happy Easter, wolfgang
RE: Bounce replies are not coming back through relay
Wietse, Okay, I think I know what the problem is. Our reply-to addresses are for a domain that's not handled (yet) by our mail servers. We are in the middle of a transition to bringing our e-mail in-house away from an external pop/imap provider but during the transition we'd still like to keep the reply-to domain name the same (we just have forwards set up on our external provider to point to our temporary e-mail addresses). From looking at the logs, the bounce is going to our provider's MX server and stops there. If I change my reply-to to a domain that is handled by my relay then I get the bounce message back. So I guess my question is now, will I have to wait until I change the MX record to point to my relay before the bounce messages come in or is there a way to set up something on my external provider's side to forward the bounces to my relay? From my limited understanding of how e-mail servers work, I'm thinking I'll have to wait until I change the MX info, right?
Re: Bounce replies are not coming back through relay
Masao Garcia: Wietse, Okay, I think I know what the problem is. Our reply-to addresses are for a domain that's not handled (yet) by our mail servers. We are in the middle of a transition to bringing our e-mail in-house away from an external pop/imap provider but during the transition we'd still like to keep the reply-to domain name the same (we just have forwards set up on our external provider to point to our temporary e-mail addresses). From looking at the logs, the bounce is going to our provider's MX server and stops there. If I change my reply-to to a domain that is handled by my relay then I get the bounce message back. So I guess my question is now, will I have to wait until I change the MX record to point to my relay before the bounce messages come in or is there a way to set up something on my external provider's side to forward the bounces to my relay? From my limited understanding of how e-mail servers work, I'm thinking I'll have to wait until I change the MX info, right? DNS records have a time to live (TTL) attribute, which specifies how long a remote DNS server may use the information. When you change DNS for your mail domain, it will take at least one TTL before all the old DNS information has expired. Therefore, both the old AND new mail server must handle mail for your domain for at least one TTL. Wietse
Re: Bounce replies are not coming back through relay
On 4/3/10 8:24 AM, Masao Garcia at mas...@fshac.com wrote: Okay, I think I know what the problem is. Our reply-to addresses are for a domain that's not handled (yet) by our mail servers. We are in the middle of a transition to bringing our e-mail in-house away from an external pop/imap provider but during the transition we'd still like to keep the reply-to domain name the same (we just have forwards set up on our external provider to point to our temporary e-mail addresses). From looking at the logs, the bounce is going to our provider's MX server and stops there. If I change my reply-to to a domain that is handled by my relay then I get the bounce message back. Once mail leaves your server, any bounce message generated by a downstream server and sent back to you is just another piece of Internet mail and goes to wherever mail is received for your address. There is nothing special about a bounce message that would make the downstream server send it back to the server that sent it the message. -- Larry Stone lston...@stonejongleux.com http://www.stonejongleux.com/
Fast 5xx-exit before HELO is just a temporary failure?
Hi! Some mailservers close their session immediatley if the client-IP is listed on RBLs or expected to come from a dynamic IP-range: p...@waffel:~ telnet 71.74.56.244 25 Trying 71.74.56.244... Connected to 71.74.56.244. Escape character is '^]'. 554 5.7.1 - ERROR: Mail refused - 89.204.137.69 - See http://csi.cloudmark.com/reset-request/ Connection closed by foreign host. p...@waffel:~ In that case Postfix keeps his messages in the deferred-Queue even if the recipients server has sent a 5xx fatal error: Feb 17 00:55:28 91.198.250.29 postfix/smtp[9073]: 22210F6525: to=xx...@triad.rr.com, relay=hrndvasmtpin02.mail.rr.com[71.74.56.244], delay=1, status=deferred (host hrndva-smtpin02.mail.rr.com[71.74.56.244] refused to talk to me: 554 5.7.1 - ERROR: Mail refused - 213.203.238.10 - See http://security.rr.com/cgi-bin/block-lookup? 213.203.238.10) I don't understand why Postfix does not bounce the message?! It's a fatal error! Peer -- Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Re: Fast 5xx-exit before HELO is just a temporary failure?
Peer Heinlein: Hi! Some mailservers close their session immediatley if the client-IP is listed on RBLs or expected to come from a dynamic IP-range: p...@waffel:~ telnet 71.74.56.244 25 Trying 71.74.56.244... Connected to 71.74.56.244. Escape character is '^]'. 554 5.7.1 - ERROR: Mail refused - 89.204.137.69 - See http://csi.cloudmark.com/reset-request/ Connection closed by foreign host. p...@waffel:~ The server greets with 554 instead of 220. In that case Postfix keeps his messages in the deferred-Queue even if the recipients server has sent a 5xx fatal error: Feb 17 00:55:28 91.198.250.29 postfix/smtp[9073]: 22210F6525: to=xx...@triad.rr.com, relay=hrndvasmtpin02.mail.rr.com[71.74.56.244], delay=1, status=deferred (host hrndva-smtpin02.mail.rr.com[71.74.56.244] refused to talk to me: 554 5.7.1 - ERROR: Mail refused - 213.203.238.10 - See http://security.rr.com/cgi-bin/block-lookup? 213.203.238.10) I don't understand why Postfix does not bounce the message?! It's a fatal error! This behavior is configurable, and the default is safe. Wietse smtp_skip_5xx_greeting (default: yes) Skip SMTP servers that greet with a 5XX status code (go away, do not try again later). By default, the Postfix SMTP client moves on the next mail exchanger. Specify smtp_skip_5xx_greeting = no if Postfix should bounce the mail immediately. The default setting is incorrect, but it is what a lot of people expect to happen.
Re: Relaying to SPF protected server
Hi! This is getting interesting. How, exactly, does mailman (or other mailing list manager) handles this? I mean, I have seen several SPF-enabled domains, and these domains have subscriptions to one or more lists... now, reading the headers for one of the messages of this lists, I got this: Sender: owner-postfix-us...@postfix.org So... my guess is that the SPF check will go against this mail address, not the one on the From field. am I right? What do you think? lldefonso Camargo
Re: Relaying to SPF protected server
On Sat, 03 Apr 2010, Jose Ildefonso Camargo Tolosa wrote: So... my guess is that the SPF check will go against this mail address, not the one on the From field. am I right? SPF is against the ENVELOPE, not the HEADER. -- Sahil Tandon sa...@tandon.net
Re: Relaying to SPF protected server
Jose Ildefonso Camargo Tolosa: Hi! This is getting interesting. How, exactly, does mailman (or other mailing list manager) handles this? I mean, I have seen several SPF-enabled domains, and these domains have subscriptions to one or more lists... now, reading the headers for one of the messages of this lists, I got this: Sender: owner-postfix-us...@postfix.org So... my guess is that the SPF check will go against this mail address, not the one on the From field. am I right? What do you think? SPF uses the address in MAIL FROM command. This is sent before the RCPT TO command and before the message header/body. Wietse