|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: virtual_alias_maps: rewriting outbound
From: mouss (usebsd
free.fr)
Date: Sun Jul 02 2006 - 15:03:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris McKeever wrote:
> On 7/2/06, Magnus Bäck <magnusdsek.lth.se> wrote:
>> On Sunday, July 02, 2006 at 20:35 CEST,
>> Chris McKeever <techjedigmail.com> wrote:
>>
>> > On 7/2/06, Magnus Bäck <magnusdsek.lth.se> wrote:
>> >
>> > > But you don't want bounces. Bounces are bad. You want rejections. It
>> > > is true that virtual alias rewriting is performed recursively -- but
>> > > the recipient validation made by smtpd(8) is NOT recursive. If a
>> > > lookup returns a result, the address it valid. This means that your
>> > > Postfix will accept any address with a dot in it, e.g.
>> > > blah.blahexample.com, and later bounce the invalid recipient
>> > > bblahexample.com.
>
>>
>> What server produces this bounce? Without that information the
>> above bounce message snippet is utterly and completely useless.
>>
>> Never show bounce messages. Always show logs from your server.
>>
>
> Magnus - thanks for helping me through this:
>
> both messages are coming from the same server, here are the logs - one
> sent with the 'dot' format and one without - both generate the same
> unknown user log message
>
> Jul 2 14:18:00 prupref-mailgate postfix/virtual[28097]: F0F07C8EBE:
> to=<nonesemailexample.com>, orig_to=<no.onesemailexample.com>,
> relay=virtual, delay=3, status=bounced (unknown user:
> "nonesemailexample.com")
>
> Jul 2 14:18:12 prupref-mailgate postfix/virtual[28097]: 7C1A3C8FBD:
> to=<nonesemailexample.com>, relay=virtual, delay=0, status=bounced
> (unknown user: "nonesemailexample.com")
>
This is the Bad Thing I was talking about.
The message was accepted (queued), then later bounced. the bounce is
then sent to the envelope sender, which may have been forged. In this
case, you're sending bounces to people who never sent you mail. and
believe me, this is annoying. It's even worst when one gets thounsands
of these during a small period of time.
This practice was acceptable in the long past. It is nowaday considered
as abuse, and will make your server listed in public block lists
(spamcops) or in private lists.
Either reject such messages during the smtp transaction (by fixing your
virtual alias configuration) or setup a catchall address (which you'll
have to manage, but that's your problem:).
Configure your ldap to return the virtual alias result only if the
"target mailbox" exists instead of using regex/pcre.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]