[SOLVED] smtpd_reject_unlisted_recipient ignored

[stl]

We're running the 5.0.8 NE Professional for reference. I've begun to run into the issue where NDR backscatter is to the volume that it gets us placed on blacklists. Looking at the Postfix config and the forum I found that smtpd_reject_unlisted_recipient is turned off by default. However after enabling the option and both reloading Postfix and restarting the full suite, it still isn't working as intended. Here's an example after having enabled the option:

Code:

Nov 18 16:00:56 mail postfix/smtpd[28210]: B5D995D70032: client=unwired.iowalab.com[192.168.xxx.xxx], sasl_method=PLAIN, sasl_username=xxxxx
Nov 18 16:00:56 mail postfix/cleanup[30184]: B5D995D70032: message-id=<476513E7-2254-4A5F-B774-B5828B43ED5F@wiredrive.com>
Nov 18 16:00:56 mail postfix/qmgr[27031]: B5D995D70032: from=<xxxxx@wiredrive.com>, size=2179, nrcpt=1 (queue active)
Nov 18 16:00:56 mail postfix/smtp[4238]: B5D995D70032: to=<guh@mail.iowalab.com>, orig_to=<guh@iowalab.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.19, delays=0.01/0/0/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E1D8D5D7004F)
Nov 18 16:00:56 mail postfix/qmgr[27031]: B5D995D70032: removed

Nov 18 16:00:56 mail postfix/smtpd[30206]: E1D8D5D7004F: client=localhost.localdomain[127.0.0.1]
Nov 18 16:00:56 mail postfix/cleanup[30183]: E1D8D5D7004F: message-id=<476513E7-2254-4A5F-B774-B5828B43ED5F@wiredrive.com>
Nov 18 16:00:56 mail postfix/qmgr[27031]: E1D8D5D7004F: from=<xxxxx@wiredrive.com>, size=2766, nrcpt=1 (queue active)
Nov 18 16:00:56 mail postfix/error[705]: E1D8D5D7004F: to=<guh@mail.iowalab.com>, relay=none, delay=0.01, delays=0/0/0/0, dsn=5.0.0, status=bounced (mail.iowalab.com)
Nov 18 16:00:56 mail postfix/bounce[4249]: E1D8D5D7004F: sender non-delivery notification: E392F5D70051
Nov 18 16:00:56 mail postfix/qmgr[27031]: E1D8D5D7004F: removed

Despite the setting in Postfix to reject on an unknown user ('guh' in this case) what appears to be happening is that the message is accepted anyway and then handed off to a second queue running on the localhost IP, which determines the user is non-existent and bounces back the NDR. Is there a known fix for this situation, or am I to just make a catchall and blackhole all invalids?

[bradb21]

I have my Zimbra server behind an another spam filter (I don't use the spam features in Zimbra). I've gone ahead and changed that setting to "YES" and have to do it everytime I do an upgrade. If I don't do this when my spam server ends up accepting emails for accounts that do not exist (which doesn't work for me).

[Paolo]

Same problem with 5.0.10 NE.
If I type
postconf | grep smtpd_reject_unlisted_recipient
I get:
smtpd_reject_unlisted_recipient = yes

But the "deferred list" is still full of emails coming from mailer-daemon.

Paolo

[phoenix]

It works fine for me (and always has done):

Code:

Nov 19 12:01:37 chinook postfix/smtpd[14386]: NOQUEUE: reject: RCPT from 201-0-152-32.dial-up.telesp.net.br[201.0.152.32]: 550 5.1.1 <dlg@domain.com>: Recipient address rejected: domain.com; from=<dlg@popsound.com> to=<dlg@domain.com> proto=SMTP helo=<Compras>

Do you, by any chance, have a catchall mail address specified? That set-up would, of course, override your 'reject' setting.

[Paolo]

Yes I'm using few catchall mail address.
I've added them using this command:
zmprov cd alias.domian.com zimbraDomainType alias zimbraMailCatchAllAddress @alias.domian.com zimbraMailCatchAllForwardingAddress @domain.com

Is there a way to use smtpd_reject_unlisted_recipient also with catchall mail address?

Thanks in advance.

Paolo

[phoenix]

Is there a way to use smtpd_reject_unlisted_recipient also with catchall mail address?

No, there's is no way to use both features. By definition a 'catchall' is a valid email address and will catch everything that doesn't have a 'valid' email address on your server - that's why spammers love them and they're not recommended. The only time to use a catchall address is during a migration using Split Domain set-up and then it should be removed once that's complete.

[stl]

In my case I am not using a catchall address and I'm trying to avoid doing so. I am however using a domain alias, could that be what is causing my enabling of smtpd_reject_unlisted_recipient to seemingly be ignored? iowalab.com is aliased to the configured domain of mail.iowalab.com which can be seen in the first portion of the delivery log in orig_to.

[phoenix]

Have you ever had a catchall on this server? Check if there's a domain one set with the following:

Code:

zmprov gd yourdomain.com | grep CatchAll

Check all the domains on your server.

[plan9]

I have a similar issue with a CatchAll. I have longdomainname.com, then I have a shortdomainname.com (much easier to type, spell, and remember) as a CatchAll. However, I still need to keep longdomainname.com.

Is a CatchAll the wrong way to handle this?

[phoenix]

I have a similar issue with a CatchAll. I have longdomainname.com, then I have a shortdomainname.com (much easier to type, spell, and remember) as a CatchAll. However, I still need to keep longdomainname.com.

You have a similar situation to what? Are you trying to use the smtpd_reject_unlisted_recipient option?

Is a CatchAll the wrong way to handle this?

Yes, if you're trying to reject unlisted recipients for the reason I've stated above - you can't have a catchall and accept mail for non-existent users because there's is no such thing with a catchall set. Perhaps if you explain what you're trying to achieve with the catchall I could understand you question better.