Postfix sending NDR instead of rejecting in SMTP session
in [Postfix]
|
From: Vegard Svanberg on 21 Apr 2010 06:19 Hello, my mailserver usually rejects unknown recipients in the SMTP session. However, when an account or domain is forwarded, Postfix does not reject, but accepts and sends an NDR when it discovers that the recipient does not exist. Example 1: Domain @example.invalid is forwarded to domain @example2.invalid. There are no matching accounts or aliases on example2.invalid. SMTP session: rcpt to: <whatever(a)example.invalid> 250 2.1.5 Ok Example 2: user(a)example.invalid is forwarded to resu(a)example2.invalid. resu(a)example2.invalid does not exist; neither as an alias nor a mailbox. SMTP dialog: rcpt to: <user(a)example.invalid> 250 2.1.5 Ok I'd be happy to post more info is needed. First I'd just like to know if this is expected behavior, and if so, how we can stop these NDRs. This is Postfix 2.5.5-1.1 (from Debian). Info is stored in LDAP, and virtual_alias_domains and virtual_alias_maps are used to retrieve the info. Thanks! -- Vegard Svanberg <vegard(a)svanberg.no> [*Takapa(a)IRC (EFnet)]
From: Ansgar Wiechers on 21 Apr 2010 07:10 On 2010-04-21 Vegard Svanberg wrote: > my mailserver usually rejects unknown recipients in the SMTP session. > > However, when an account or domain is forwarded, Postfix does not > reject, but accepts and sends an NDR when it discovers that the > recipient does not exist. > > Example 1: Domain @example.invalid is forwarded to domain > @example2.invalid. There are no matching accounts or aliases on > example2.invalid. > > SMTP session: > > rcpt to: <whatever(a)example.invalid> > 250 2.1.5 Ok If you have a mapping "@example.invalid @example2.invalid" in your $virtual_alias_maps this is expected behavior. Postfix' checks aren't transitive, i.e. it only checks the left-hand side of the map for matches. Which makes @example.invalid a catch-all for that domain. > Example 2: user(a)example.invalid is forwarded to resu(a)example2.invalid. > resu(a)example2.invalid does not exist; neither as an alias nor a mailbox. > > SMTP dialog: > > rcpt to: <user(a)example.invalid> > 250 2.1.5 Ok This is expected behavior as well. Postfix only checks the left-hand side of $virtual_alias_maps. If it finds a match there, then it will accept the mail for further delivery. It is your job as a mail server admin to ensure that your MTA does not have invalid mappings. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
|
Pages: 1 Prev: Problem using deliver as LDA Next: email Status in mail queue |