|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: virtual_alias_maps: rewriting outbound
From: Chris McKeever (techjedi
gmail.com)
Date: Sun Jul 02 2006 - 15:13:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Just for clarification on a SMTP session, right during the RCPT TO:
communication, if the address is invalid, it should falg it as such
right then...
so, this example against EBAY would not be correct:
250 sjciport02.sjc.ebay.com
MAIL FROM: cgmckeevergoogle.com
250 sender <cgmckeevergoogle.com> ok
RCPT TO: cgmckeeverebay.com
250 recipient <cgmckeeverebay.com> ok
On 7/2/06, Chris McKeever <techjedigmail.com> wrote:
> alright - I think I understand where this is failing -
> let me give this a go here -
>
> thanks
>
> On 7/2/06, mouss <usebsdfree.fr> wrote:
> > Chris McKeever wrote:
> > > On 7/2/06, Magnus Bäck <magnusdsek.lth.se> wrote:
> > >> On Sunday, July 02, 2006 at 20:35 CEST,
> > >> Chris McKeever <techjedigmail.com> wrote:
> > >>
> > >> > On 7/2/06, Magnus Bäck <magnusdsek.lth.se> wrote:
> > >> >
> > >> > > But you don't want bounces. Bounces are bad. You want rejections. It
> > >> > > is true that virtual alias rewriting is performed recursively -- but
> > >> > > the recipient validation made by smtpd(8) is NOT recursive. If a
> > >> > > lookup returns a result, the address it valid. This means that your
> > >> > > Postfix will accept any address with a dot in it, e.g.
> > >> > > blah.blahexample.com, and later bounce the invalid recipient
> > >> > > bblahexample.com.
> > >
> > >>
> > >> What server produces this bounce? Without that information the
> > >> above bounce message snippet is utterly and completely useless.
> > >>
> > >> Never show bounce messages. Always show logs from your server.
> > >>
> > >
> > > Magnus - thanks for helping me through this:
> > >
> > > both messages are coming from the same server, here are the logs - one
> > > sent with the 'dot' format and one without - both generate the same
> > > unknown user log message
> > >
> > > Jul 2 14:18:00 prupref-mailgate postfix/virtual[28097]: F0F07C8EBE:
> > > to=<nonesemailexample.com>, orig_to=<no.onesemailexample.com>,
> > > relay=virtual, delay=3, status=bounced (unknown user:
> > > "nonesemailexample.com")
> > >
> > > Jul 2 14:18:12 prupref-mailgate postfix/virtual[28097]: 7C1A3C8FBD:
> > > to=<nonesemailexample.com>, relay=virtual, delay=0, status=bounced
> > > (unknown user: "nonesemailexample.com")
> > >
> > This is the Bad Thing I was talking about.
> >
> > The message was accepted (queued), then later bounced. the bounce is
> > then sent to the envelope sender, which may have been forged. In this
> > case, you're sending bounces to people who never sent you mail. and
> > believe me, this is annoying. It's even worst when one gets thounsands
> > of these during a small period of time.
> >
> > This practice was acceptable in the long past. It is nowaday considered
> > as abuse, and will make your server listed in public block lists
> > (spamcops) or in private lists.
> >
> > Either reject such messages during the smtp transaction (by fixing your
> > virtual alias configuration) or setup a catchall address (which you'll
> > have to manage, but that's your problem:).
> >
> > Configure your ldap to return the virtual alias result only if the
> > "target mailbox" exists instead of using regex/pcre.
> >
> >
> >
>
>
> --
> ----------------------------------
> please respond to the list .. if you need to contact me direct
> cgmckeever is the account
> prupref.com is the domain
>
> <A href="http://www.prupref.com">Simply Chicago Real Estate</A>
>
--
----------------------------------
please respond to the list .. if you need to contact me direct
cgmckeever is the account
prupref.com is the domain
<A href="http://www.prupref.com">Simply Chicago Real Estate</A>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]