Reject instead of bounce

Alain Spineux aspineux at gmail.com
Tue Jun 17 00:19:25 CEST 2008


On Mon, Jun 16, 2008 at 9:50 PM, Carsten Burghardt
<carsten at cburghardt.com> wrote:
> Alain Spineux schrieb:
>
> On Sun, Jun 15, 2008 at 11:17 PM, Carsten Burghardt
> <carsten at cburghardt.com> wrote:
>
>
> Alain Spineux schrieb:
>
> On Sat, Jun 14, 2008 at 11:17 AM, Carsten Burghardt
> <carsten at cburghardt.com> wrote:
>
>
> Hi all,
>
> I just setup a new kolab server 2 and noticed that people who send
> emails to unknown users (correct domain but invalid account) get a
> bounce message. I would prefer the "normal" postfix way to reject the
> email on the SMTP level so during the communication. Otherwise I get all
> those spam-emails in the root account. The bounce seems to be executed
> in the kolabmailfilter script so I'm not sure where I can change this.
> Or maybe I could at least disable the notification for the postmaster.
>
>
>
> Which version of kolab ? 2.1 ?
>
>
> Yes, the version is marked as 2.1.99
>
> An Openpkg distribution or other native version ?
>
>
> It's a SuSE version.from their rpm's.
>
> Can post your /kolab/etc/postfix/main.cf ?
>
>
> Sure, what is the interesting part here as the file is quite large? I didn't
> make any changes to the template so far so it's purely based on kolab.
>
>
> So give me your template or the output of postconf -n
>
>
> I attached the template.
>
> Does this append  when the sender is SMTP authenticated or sending
> from local network ?
>
>
> This happens when the mail is delivered to the kolab server via SMTP.
>
>
> Does this append when the email is sent by a non authenticated user
> sending from outside of
> your local network ?
>
>
> Exactly. That's what the communication looks like:

The interesting part is missing

>
> Jun 15 22:31:15 openSUSE-103-32-minimal postfix/pipe[4455]: 99D281C7406B:
> to=<mail at dokumentarchiv.com>, relay=kolabfilter, delay=2,
> delays=1.3/0.01/0/0.74, dsn=2.0.0, status=sent (delivered via kolabfilter
> service)
> Jun 15 22:31:15 openSUSE-103-32-minimal postfix/qmgr[3053]: 99D281C7406B:
> removed
> Jun 15 22:31:22 openSUSE-103-32-minimal postfix/smtpd[4462]: connect from
> localhost[127.0.0.1]
> Jun 15 22:31:22 openSUSE-103-32-minimal postfix/smtpd[4462]: 7C9921C7406B:
> client=localhost[127.0.0.1]
> Jun 15 22:31:22 openSUSE-103-32-minimal postfix/cleanup[4458]: 7C9921C7406B:
> message-id=138ba01c8cf26$b50cc900$1701a8c0 at home97b7f6ea53
> Jun 15 22:31:22 openSUSE-103-32-minimal postfix/smtpd[4462]: disconnect from
> localhost[127.0.0.1]
> Jun 15 22:31:22 openSUSE-103-32-minimal postfix/qmgr[3053]: 7C9921C7406B:
> from=<spammer>, size=2221, nrcpt=1 (queue active)
> Jun 15 22:31:22 openSUSE-103-32-minimal postfix/smtp[4459]: 668021C74078:
> to=<mail at dokumentarchiv.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.3,
> delays=0.61/0.01/0.02/7.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
> 7C9921C7406B)
> Jun 15 22:31:22 openSUSE-103-32-minimal postfix/qmgr[3053]: 668021C74078:
> removed
> Jun 15 22:31:23 openSUSE-103-32-minimal postfix/pipe[4466]: 7C9921C7406B:
> to=<myemail>, orig_to=<mail at dokumentarchiv.com>, relay=kolabmailboxfilter,
> delay=0.6, delays=0.15/0.01/0/0.44, dsn=2.0.0, status=sent (delivered via
> kolabmailboxfilter service)
> Jun 15 22:31:23 openSUSE-103-32-minimal postfix/pipe[4466]: 7C9921C7406B:
> to=<root at inovox.de>, orig_to=<mail at dokumentarchiv.com>,
> relay=kolabmailboxfilter, delay=1.3, delays=0.15/0.01/0/1.2, dsn=5.3.0,
> status=bounced (service unavailable. Command output: Failed to set
> recipient: Mailbox unknown.  Either there is no mailbox associated with this
> name or you do not have authorization to see it. 5.1.1 User unknown,
> code=550, original code 550)
>
>
> And the bounce is caused by the script.
>
>
> Carsten
>
> KOLAB_META_START
> TARGET=/etc/postfix/main.cf
> PERMISSIONS=0644
> OWNERSHIP=root:root
> KOLAB_META_END
> # (c) 2004 Steffen Hansen <steffen at klaralvdalens-datakonsult.se>
> (Klaralvdalens Datakonsult AB)
> # (c) 2003 Tassilo Erlewein <tassilo.erlewein at erfrakon.de>
> # (c) 2003 Martin Konold <martin.konold at erfrakon.de>
> # (c) 2003 Achim Frank <achim.frank at erfrakon.de>
> # This program is Free Software under the GNU General Public License (>=v2).
> # Read the file COPYING that comes with this packages for details.
>
>
> # this file is automatically written by the Kolab config backend
> # manual additions are lost unless made to the template in the Kolab config
> directory
>
>
> # postfix default is 10 240 000 Byte = 10.24 Megabyte,
> # we use 20 Mebibyte = 20*2^20 Byte
> message_size_limit = 20971520
>
> #   paths
> command_directory = /usr/sbin
> daemon_directory = /usr/lib/postfix
> queue_directory = /var/spool/postfix
>
> #   users
> mail_owner= postfix
> setgid_group= maildrop
> default_privs= kolab
>
> #   local host
> myhostname = @@@fqdnhostname@@@
> mydomain = @@@postfix-mydomain@@@
> myorigin = $mydomain
> @@@if postfix-relayhost@@@
>
> # Postfix Relay Host
> #
> # Check if there is also a relayport otherwise put the default
> @@@if postfix-relayport@@@
> relayhost = [@@@postfix-relayhost@@@]:@@@postfix-relayport@@@
> @@@else@@@
> relayhost = [@@@postfix-relayhost@@@]
> @@@endif@@@
> @@@endif@@@
>
> #
> masquerade_domains = @@@postfix-mydestination|join( )@@@
> #       Kolab Server does _not_ want to forward to local machines by
> default,
> #       so we can add "envelope_recipient" to masquerade_classes:
> masquerade_classes = envelope_sender, envelope_recipient,
>                     header_sender, header_recipient
>
> #   smtp daemon
> #smtpd_banner = $myhostname ESMTP $mail_name
> @@@if bind_any@@@
> @@@else@@@
> inet_interfaces = @@@local_addr@@@, @@@bind_addr@@@
> @@@endif@@@
>
> #   relaying
> mynetworks = @@@postfix-mynetworks|join( )@@@
> mydestination = @@@postfix-mydestination|join( )@@@
> relay_domains =
> #smtpd_recipient_restrictions = permit_mynetworks,
> #                               check_client_access
> hash:/etc/postfix/access,
> #                               check_relay_domains
>
>
> recipient_delimiter = +
>
> #   maps
> canonical_maps = hash:/etc/postfix/canonical
> virtual_alias_maps =  hash:/etc/postfix/virtual,
>        ldap:/etc/postfix/ldapdistlist.cf,
>        ldap:/etc/postfix/ldapvirtual.cf
> relocated_maps = hash:/etc/postfix/relocated
> transport_maps = hash:/etc/postfix/transport,
> ldap:/etc/postfix/ldaptransport.cf
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> #virtual_mailbox_maps = $virtual_alias_maps
> local_recipient_maps = $virtual_alias_maps, $alias_maps

The  problem is described here.
http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_recipient
One of the map should contains the email address or simply a "@the.domain.name"
remove it

>
> # Don't parse and modify headers of message/rfc822 attachments
> disable_mime_input_processing = yes
>
> # enable header_checks (not for attachment headers):
> header_checks = regexp:/etc/postfix/header_checks
> # disable_mime_input_processing = yes already implies that attachment
> headers
> # are not being checked, but just to be sure:
> mime_header_checks =
> nested_header_checks =
>
> ## only use local_transport or a higher recipent_limit if issue825 is fixed
> #   local delivery, not using postfix local(8)
> #local_transport = kolabmailboxfilter
> #   alternatively with local(8), something like
> mailbox_transport = kolabmailboxfilter
> # local_destination_recipient_limit = 20
>
> #TLS settings
> smtpd_use_tls = yes
> smtpd_tls_auth_only = yes
> smtpd_starttls_timeout = 300s
> smtpd_timeout = 300s
> #smtpd_tls_CAfile = /etc/kolab/server.pem
> #smtpd_tls_CApath =
> #smtpd_tls_ask_ccert = no
> #smtpd_tls_ccert_verifydepth = 5
> smtpd_tls_cert_file = /etc/kolab/cert.pem
> #smtpd_tls_cipherlist =
> #smtpd_tls_dcert_file =
> #smtpd_tls_dh1024_param_file =
> #smtpd_tls_dh512_param_file =
> #smtpd_tls_dkey_file = $smtpd_tls_dcert_file
> #smtpd_tls_key_file = $smtpd_tls_cert_file
> smtpd_tls_key_file = /etc/kolab/key.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = no
> #smtpd_tls_req_ccert = no
> #smtpd_tls_session_cache_database =
> smtpd_tls_session_cache_timeout = 3600s
> #smtpd_tls_wrappermode = no
>
> #tls_random_bytes = 32
> tls_random_source = dev:/dev/urandom
> #tls_daemon_random_bytes = 32
> #tls_daemon_random_source =
> #tls_random_exchange_name = ${config_directory}/prng_exch
> #tls_random_prng_update_period = 60s
> #tls_random_reseed_period = 3600s
>
> #smtp_starttls_timeout = 300s
> #smtp_tls_CAfile =
> #smtp_tls_CApath =
> #smtp_tls_cert_file =
> #smtp_tls_cipherlist =
> #smtp_tls_dcert_file =
> #smtp_tls_dkey_file = $smtp_tls_dcert_file
> #smtp_tls_enforce_peername = yes
> #smtp_tls_key_file = $smtp_tls_cert_file
> #smtp_tls_loglevel = 0
> #smtp_tls_note_starttls_offer = no
> #smtp_tls_per_site =
> #smtp_tls_scert_verifydepth = 5
> #smtp_tls_session_cache_database =
> #smtp_tls_session_cache_timeout = 3600s
>
> #   authentication via sasl
>
> ## Kolab Policy Server
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
>        reject_unauth_destination, reject_unlisted_recipient,
>        check_policy_service unix:private/kolabpolicy
> smtpd_sender_restrictions = permit_mynetworks,
>        check_policy_service unix:private/kolabpolicy
> kolabpolicy_time_limit = 3600
> kolabpolicy_max_idle = 20
>
> #smtpd_restriction_classes =
> smtpd_sasl_auth_enable = yes
>
> # We want to allow for uids without any realm
> #smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_local_domain =
>
> smtpd_sasl_security_options = noanonymous
>
> # Support broken clients like Microsoft Outlook Express 4.x which expect
> AUTH=LOGIN instead of AUTH LOGIN
> broken_sasl_auth_clients = yes
>
> content_filter = kolabfilter
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>
>



-- 
Alain Spineux
aspineux gmail com
May the sources be with you




More information about the users mailing list