Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-18-2008, 04:11 PM
stl stl is offline
Member
 
Posts: 10
Default [SOLVED] smtpd_reject_unlisted_recipient ignored

We're running the 5.0.8 NE Professional for reference. I've begun to run into the issue where NDR backscatter is to the volume that it gets us placed on blacklists. Looking at the Postfix config and the forum I found that smtpd_reject_unlisted_recipient is turned off by default. However after enabling the option and both reloading Postfix and restarting the full suite, it still isn't working as intended. Here's an example after having enabled the option:

Code:
Nov 18 16:00:56 mail postfix/smtpd[28210]: B5D995D70032: client=unwired.iowalab.com[192.168.xxx.xxx], sasl_method=PLAIN, sasl_username=xxxxx
Nov 18 16:00:56 mail postfix/cleanup[30184]: B5D995D70032: message-id=<476513E7-2254-4A5F-B774-B5828B43ED5F@wiredrive.com>
Nov 18 16:00:56 mail postfix/qmgr[27031]: B5D995D70032: from=<xxxxx@wiredrive.com>, size=2179, nrcpt=1 (queue active)
Nov 18 16:00:56 mail postfix/smtp[4238]: B5D995D70032: to=<guh@mail.iowalab.com>, orig_to=<guh@iowalab.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.19, delays=0.01/0/0/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E1D8D5D7004F)
Nov 18 16:00:56 mail postfix/qmgr[27031]: B5D995D70032: removed

Nov 18 16:00:56 mail postfix/smtpd[30206]: E1D8D5D7004F: client=localhost.localdomain[127.0.0.1]
Nov 18 16:00:56 mail postfix/cleanup[30183]: E1D8D5D7004F: message-id=<476513E7-2254-4A5F-B774-B5828B43ED5F@wiredrive.com>
Nov 18 16:00:56 mail postfix/qmgr[27031]: E1D8D5D7004F: from=<xxxxx@wiredrive.com>, size=2766, nrcpt=1 (queue active)
Nov 18 16:00:56 mail postfix/error[705]: E1D8D5D7004F: to=<guh@mail.iowalab.com>, relay=none, delay=0.01, delays=0/0/0/0, dsn=5.0.0, status=bounced (mail.iowalab.com)
Nov 18 16:00:56 mail postfix/bounce[4249]: E1D8D5D7004F: sender non-delivery notification: E392F5D70051
Nov 18 16:00:56 mail postfix/qmgr[27031]: E1D8D5D7004F: removed
Despite the setting in Postfix to reject on an unknown user ('guh' in this case) what appears to be happening is that the message is accepted anyway and then handed off to a second queue running on the localhost IP, which determines the user is non-existent and bounces back the NDR. Is there a known fix for this situation, or am I to just make a catchall and blackhole all invalids?
Reply With Quote
  #2 (permalink)  
Old 11-18-2008, 04:29 PM
Advanced Member
 
Posts: 189
Default

I have my Zimbra server behind an another spam filter (I don't use the spam features in Zimbra). I've gone ahead and changed that setting to "YES" and have to do it everytime I do an upgrade. If I don't do this when my spam server ends up accepting emails for accounts that do not exist (which doesn't work for me).
__________________
Release 6.0.2_GA_1912.UBUNTU8_64 UBUNTU8_64 NETWORK edition + Mobile Option
Activesync with Moto Q9C, HTC Touch Pro, Palm Pro, & Palm Pre
Reply With Quote
  #3 (permalink)  
Old 11-19-2008, 03:00 AM
Member
 
Posts: 14
Default

Same problem with 5.0.10 NE.
If I type
postconf | grep smtpd_reject_unlisted_recipient
I get:
smtpd_reject_unlisted_recipient = yes

But the "deferred list" is still full of emails coming from mailer-daemon.

Paolo
Reply With Quote
  #4 (permalink)  
Old 11-19-2008, 03:11 AM
Zimbra Consultant & Moderator
 
Posts: 20,312
Default

It works fine for me (and always has done):

Code:
Nov 19 12:01:37 chinook postfix/smtpd[14386]: NOQUEUE: reject: RCPT from 201-0-152-32.dial-up.telesp.net.br[201.0.152.32]: 550 5.1.1 <dlg@domain.com>: Recipient address rejected: domain.com; from=<dlg@popsound.com> to=<dlg@domain.com> proto=SMTP helo=<Compras>
Do you, by any chance, have a catchall mail address specified? That set-up would, of course, override your 'reject' setting.
__________________
Regards


Bill
Reply With Quote
  #5 (permalink)  
Old 11-19-2008, 04:16 AM
Member
 
Posts: 14
Default

Yes I'm using few catchall mail address.
I've added them using this command:
zmprov cd alias.domian.com zimbraDomainType alias zimbraMailCatchAllAddress @alias.domian.com zimbraMailCatchAllForwardingAddress @domain.com

Is there a way to use smtpd_reject_unlisted_recipient also with catchall mail address?

Thanks in advance.

Paolo
Reply With Quote
  #6 (permalink)  
Old 11-19-2008, 04:25 AM
Zimbra Consultant & Moderator
 
Posts: 20,312
Default

Quote:
Originally Posted by Paolo View Post
Is there a way to use smtpd_reject_unlisted_recipient also with catchall mail address?
No, there's is no way to use both features. By definition a 'catchall' is a valid email address and will catch everything that doesn't have a 'valid' email address on your server - that's why spammers love them and they're not recommended. The only time to use a catchall address is during a migration using Split Domain set-up and then it should be removed once that's complete.
__________________
Regards


Bill
Reply With Quote
  #7 (permalink)  
Old 11-19-2008, 04:37 PM
stl stl is offline
Member
 
Posts: 10
Default

In my case I am not using a catchall address and I'm trying to avoid doing so. I am however using a domain alias, could that be what is causing my enabling of smtpd_reject_unlisted_recipient to seemingly be ignored? iowalab.com is aliased to the configured domain of mail.iowalab.com which can be seen in the first portion of the delivery log in orig_to.
Reply With Quote
  #8 (permalink)  
Old 11-19-2008, 11:48 PM
Zimbra Consultant & Moderator
 
Posts: 20,312
Default

Have you ever had a catchall on this server? Check if there's a domain one set with the following:

Code:
zmprov gd yourdomain.com | grep CatchAll
Check all the domains on your server.
__________________
Regards


Bill
Reply With Quote
  #9 (permalink)  
Old 11-20-2008, 03:40 AM
Loyal Member
 
Posts: 76
Default

I have a similar issue with a CatchAll. I have longdomainname.com, then I have a shortdomainname.com (much easier to type, spell, and remember) as a CatchAll. However, I still need to keep longdomainname.com.

Is a CatchAll the wrong way to handle this?
Reply With Quote
  #10 (permalink)  
Old 11-20-2008, 04:00 AM
Zimbra Consultant & Moderator
 
Posts: 20,312
Default

Quote:
Originally Posted by plan9 View Post
I have a similar issue with a CatchAll. I have longdomainname.com, then I have a shortdomainname.com (much easier to type, spell, and remember) as a CatchAll. However, I still need to keep longdomainname.com.
You have a similar situation to what? Are you trying to use the smtpd_reject_unlisted_recipient option?

Quote:
Originally Posted by plan9 View Post
Is a CatchAll the wrong way to handle this?
Yes, if you're trying to reject unlisted recipients for the reason I've stated above - you can't have a catchall and accept mail for non-existent users because there's is no such thing with a catchall set. Perhaps if you explain what you're trying to achieve with the catchall I could understand you question better.
__________________
Regards


Bill
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.