[Postfixbuch-users] reject_unlisted_recipient funktioniert nicht

Christian Rößner christian at roessner-net.com
Sa Sep 11 12:00:18 CEST 2010 

Hallo,

aus irgendwelchen Gründen greift bei mir der Parameter reject_unlisted_recipient nicht mehr.

Vereinfacht:

smtpd -> amavis als proxy_filter -> smtpd

Im Regelfall sollte ja der vorderste smtpd schon unbekannte Empfänger rejecten. Tut er nicht mehr. Seit wann weiß ich nicht. Leider. Ich nutze seit geraumer Zeit die 2.8 experimental Version. Letzt mögliche Version.

Was passiert?

Mail kommt rein, reject_unlistet_recipient wird bearbeitet aber nicht mit status=2, sondern status=0 ignoriert. Geht dann an Amavis, der sich wundert, dass er eine Mail bearbeiten soll, die nicht ORIGINATING ist, tut aber brav seinen Dienst, gibt sie zurück und dann auf einmal erkennt Postfix: Huch, den Empfänger gibt es ja gar nicht. Schickt dann einen Late-Bounce raus. Autsch!

Irgend eine tolle Idee?

Mein Setup ist recht umfangreich, so dass ich nur relevante Teile hier angehängt habe:

Schon mal Danke fürs mitdenken.

LG
Christian

Log:

Sep 11 10:34:27 mx0 postfix/smtpd[29582]: connect from fmmailgate07.web.de[217.72.192.248]
Sep 11 10:34:30 mx0 postfix/smtpd[29582]: NOQUEUE: client=fmmailgate07.web.de[217.72.192.248]
Sep 11 10:34:30 mx0 amavis[31474]: (31474-03) ESMTP::10024 /var/lib/amavis/tmp/amavis-20100911T014053-31474: <chrroessner at web.de> -> <AD4F0.5040301 at roessner-net.com> SIZE=1067 Received: from mx0.roessner-net.de ([127.0.0.1]) by localhost (mx0.roessner-net.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <AD4F0.5040301 at roessner-net.com>; Sat, 11 Sep 2010 10:34:30 +0200 (CEST)
Sep 11 10:34:30 mx0 amavis[31474]: (31474-03) Checking: hA1rUC8UbQV7 [217.72.192.248] <chrroessner at web.de> -> <AD4F0.5040301 at roessner-net.com>
Sep 11 10:34:30 mx0 amavis[31474]: (31474-03) Open relay? Nonlocal recips but not originating: AD4F0.5040301 at roessner-net.com
Sep 11 10:34:30 mx0 amavis[31474]: (31474-03) p001 1 Content-Type: text/plain, size: 278 B, name: 
Sep 11 10:34:36 mx0 postfix/smtpd[29591]: initializing the server-side TLS engine
Sep 11 10:34:36 mx0 postfix/smtpd[29591]: connect from localhost[127.0.0.1]
Sep 11 10:34:36 mx0 postfix/smtpd[29591]: 40FC3520A6: client=localhost[127.0.0.1], orig_client=fmmailgate07.web.de[217.72.192.248]
Sep 11 10:34:36 mx0 postfix/cleanup[29592]: 40FC3520A6: message-id=<1096101504.9442502.1284194063641.JavaMail.fmail at mwmweb067>
Sep 11 10:34:36 mx0 postfix/smtpd[29591]: disconnect from localhost[127.0.0.1]
Sep 11 10:34:36 mx0 postfix/qmgr[27669]: 40FC3520A6: from=<chrroessner at web.de>, size=1749, nrcpt=1 (queue active)
Sep 11 10:34:36 mx0 amavis[31474]: (31474-03) FWD via SMTP: <chrroessner at web.de> -> <AD4F0.5040301 at roessner-net.com>,BODY=7BIT 250 2.0.0 Ok, id=31474-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 40FC3520A6
Sep 11 10:34:36 mx0 amavis[31474]: (31474-03) Passed CLEAN, [217.72.192.248] [109.90.85.83] <chrroessner at web.de> -> <AD4F0.5040301 at roessner-net.com>, Message-ID: <1096101504.9442502.1284194063641.JavaMail.fmail at mwmweb067>, mail_id: hA1rUC8UbQV7, Hits: 0.801, size: 1267, queued_as: 40FC3520A6, 6370 ms
Sep 11 10:34:36 mx0 amavis[31474]: (31474-03) TIMING-SA total 5720 ms - parse: 13 (0.2%), extract_message_metadata: 31 (0.5%), get_uri_detail_list: 7 (0.1%), tests_pri_-1000: 22 (0.4%), tests_pri_-950: 4 (0.1%), tests_pri_-900: 4 (0.1%), tests_pri_-400: 52 (0.9%), check_bayes: 49 (0.9%), tests_pri_0: 5309 (92.8%), check_dkim_adsp: 24 (0.4%), check_spf: 60 (1.1%), poll_dns_idle: 49 (0.9%), check_dcc: 4285 (74.9%), check_razor2: 617 (10.8%), check_pyzor: 206 (3.6%), tests_pri_500: 14 (0.3%), learn: 225 (3.9%), get_report: 5 (0.1%)
Sep 11 10:34:36 mx0 postfix/smtpd[29582]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok, id=31474-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 40FC3520A6; from=<chrroessner at web.de> to=<AD4F0.5040301 at roessner-net.com> proto=ESMTP helo=<fmmailgate07.web.de>
Sep 11 10:34:36 mx0 postfix/smtpd[29582]: disconnect from fmmailgate07.web.de[217.72.192.248]
Sep 11 10:34:36 mx0 amavis[31474]: (31474-03) TIMING [total 6424 ms] - SMTP greeting: 11 (0%)0, SMTP EHLO: 4 (0%)0, SMTP pre-MAIL: 2 (0%)0, lookup_ldap: 18 (0%)1, SMTP pre-DATA-flush: 5 (0%)1, SMTP DATA: 13 (0%)1, check_init: 1 (0%)1, digest_hdr: 5 (0%)1, digest_body_dkim: 1 (0%)1, sql-enter: 74 (1%)2, mime_decode: 48 (1%)3, get-file-type1: 82 (1%)4, parts_decode: 2 (0%)4, check_header: 9 (0%)4, AV-scan-1: 30 (0%)5, spam-wb-list: 7 (0%)5, SA parse: 22 (0%)5, SA check: 5699 (89%)94, update_cache: 18 (0%)94, lookup_ldap: 11 (0%)94, penpals_check: 1 (0%)94, decide_mail_destiny: 1 (0%)94, fwd-connect: 61 (1%)95, fwd-xforward: 3 (0%)95, fwd-mail-pip: 87 (1%)97, fwd-rcpt-pip: 1 (0%)97, fwd-data-chkpnt: 2 (0%)97, write-header: 7 (0%)97, fwd-data-contents: 0 (0%)97, fwd-end-chkpnt: 118 (2%)99, prepare-dsn: 3 (0%)99, main_log_entry: 27 (0%)99, sql-update: 25 (0%)100, update_snmp: 14 (0%)100, SMTP pre-response: 2 (0%)100, SMTP response: 2 (0%)100, unlink-2-files: 1 (0%)100, rundown: 7 (0%)100
Sep 11 10:34:36 mx0 postfix/lmtp[29594]: 40FC3520A6: to=<AD4F0.5040301 at roessner-net.com>, relay=127.0.0.1[127.0.0.1]:24, delay=0.39, delays=0.19/0.06/0.01/0.13, dsn=5.1.1, status=bounced (host 127.0.0.1[127.0.0.1] said: 550 5.1.1 <AD4F0.5040301 at roessner-net.com> User doesn't exist: AD4F0.5040301 at roessner-net.com (in reply to RCPT TO command))
Sep 11 10:34:36 mx0 postfix/cleanup[29592]: 8F68B520AC: message-id=<20100911083436.8F68B520AC at mx0.roessner-net.de>
Sep 11 10:34:36 mx0 postfix/qmgr[27669]: 8F68B520AC: from=<>, size=3892, nrcpt=1 (queue active)

Sep 11 10:34:36 mx0 postfix/bounce[29595]: 40FC3520A6: sender non-delivery notification: 8F68B520AC

Sep 11 10:34:36 mx0 postfix/qmgr[27669]: 40FC3520A6: removed
Sep 11 10:34:36 mx0 postfix/qmgr[27669]: 8F68B520AC: removed
Sep 11 10:34:36 mx0 postfix/smtp[29596]: 8F68B520AC: to=<chrroessner at web.de>, relay=mx-ha01.web.de[217.72.192.149]:25, delay=0.2, delays=0.05/0.05/0.06/0.04, dsn=2.0.0, status=sent (250 OK id=1OuLXg-0006PR-00)


main.cf:

smtpd_recipient_restrictions =
    reject_non_fqdn_recipient
    reject_non_fqdn_sender
    reject_unknown_recipient_domain
    reject_unknown_sender_domain
    reject_unlisted_recipient
    reject_unauth_destination
    reject_invalid_helo_hostname
    reject_non_fqdn_helo_hostname
    sleep 2
    check_sender_access $default_database_type:/etc/postfix/maps/sender_access
    check_client_access pcre:/etc/postfix/maps/client_access.pcre
    check_client_access cidr:/etc/postfix/maps/client_access.cidr
    check_sender_access proxy:mysql:/etc/postfix/mysql/wblisting.cf
    check_sender_access $default_database_type:/etc/postfix/maps/backscatter
    check_helo_access pcre:/etc/postfix/maps/helo_access.pcre
    check_client_access pcre:/etc/postfix/maps/dynamic_ip.pcre
    reject_unknown_reverse_client_hostname
    reject_unknown_helo_hostname 
    check_sender_ns_access $default_database_type:/etc/postfix/maps/bogus_dns
    check_recipient_access $default_database_type:/etc/postfix/maps/roleaccount_exceptions
    reject_rhsbl_sender dsn.rfc-ignorant.org
    check_helo_access proxy:ldap:/etc/postfix/ldap/helo_access.cf
    check_client_access pcre:/etc/postfix/maps/greylist.pcre


master.cf:
smtp       inet  n       -       -       -       1       postscreen
smtpd      pass  -       -       -       -       25      smtpd -v
    -o smtpd_proxy_filter=localhost:10024
    -o smtpd_client_connection_rate_limit=5
    -o smtpd_client_message_rate_limit=5
    -o smtpd_client_recipient_rate_limit=30

127.0.0.1:10025 inet n - - - - smtpd
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o receive_override_options=no_unknown_recipient_checks


smtpd -v Log:

Sep 11 11:10:35 mx0 postfix/smtpd[32405]: >>> START Recipient address RESTRICTIONS <<<
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_non_fqdn_recipient
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: reject_non_fqdn_address: AD4F0.5040301 at roessner-net.com
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_non_fqdn_recipient status=0
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_non_fqdn_sender
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: reject_non_fqdn_address: chrroessner at web.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_non_fqdn_sender status=0
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_unknown_recipient_domain
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: reject_unknown_address: AD4F0.5040301 at roessner-net.com
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: ctable_locate: leave existing entry key AD4F0.5040301 at roessner-net.com
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_unknown_recipient_domain status=0
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_unknown_sender_domain
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: reject_unknown_address: chrroessner at web.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: ctable_locate: move existing entry key chrroessner at web.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: reject_unknown_mailhost: web.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: lookup web.de type MX flags 0
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: dns_query: web.de (MX): OK
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: dns_get_answer: type MX for web.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: dns_get_answer: type MX for web.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_unknown_sender_domain status=0
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_unlisted_recipient
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: >>> CHECKING RECIPIENT MAPS <<<
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: ctable_locate: move existing entry key AD4F0.5040301 at roessner-net.com
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: maps_find: recipient_canonical_maps: ad4f0.5040301 at roessner-net.com: not found
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? mx0.roessner-net.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? localhost.roessner-net.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? localhost
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_list_match: roessner-net.com: no match
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: maps_find: recipient_canonical_maps: @roessner-net.com: not found
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: mail_addr_find: ad4f0.5040301 at roessner-net.com -> (not found)
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: maps_find: canonical_maps: ad4f0.5040301 at roessner-net.com: not found
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? mx0.roessner-net.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? localhost.roessner-net.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? localhost
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_list_match: roessner-net.com: no match
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: maps_find: canonical_maps: @roessner-net.com: not found
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: mail_addr_find: ad4f0.5040301 at roessner-net.com -> (not found)
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: send attr request = lookup
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: send attr table = ldap:/etc/postfix/ldap/virtual_aliases.cf
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: send attr flags = 16448
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: send attr key = ad4f0.5040301 at roessner-net.com
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: private/proxymap socket: wanted attribute: status
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute name: status
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute value: 1
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: private/proxymap socket: wanted attribute: value
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute name: value
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute value: (end)
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: private/proxymap socket: wanted attribute: (list terminator)
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute name: (end)
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: dict_proxy_lookup: table=ldap:/etc/postfix/ldap/virtual_aliases.cf flags=lock|fold_fix key=ad4f0.5040301 at roessner-net.com -> status=1 result=
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: maps_find: virtual_alias_maps: ad4f0.5040301 at roessner-net.com: not found
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? mx0.roessner-net.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? localhost.roessner-net.de
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? localhost
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_list_match: roessner-net.com: no match
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: send attr request = lookup
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: send attr table = ldap:/etc/postfix/ldap/virtual_aliases.cf
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: send attr flags = 16448
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: send attr key = @roessner-net.com
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: private/proxymap socket: wanted attribute: status
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute name: status
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute value: 1
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: private/proxymap socket: wanted attribute: value
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute name: value
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute value: (end)
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: private/proxymap socket: wanted attribute: (list terminator)
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: input attribute name: (end)
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: dict_proxy_lookup: table=ldap:/etc/postfix/ldap/virtual_aliases.cf flags=lock|fold_fix key=@roessner-net.com -> status=1 result=
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: maps_find: virtual_alias_maps: @roessner-net.com: not found
Sep 11 11:10:35 mx0 postfix/smtpd[32405]: mail_addr_find: ad4f0.5040301 at roessner-net.com -> (not found)

Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_unlisted_recipient status=0

Sep 11 11:10:35 mx0 postfix/smtpd[32405]: generic_checks: name=reject_unauth_destination



---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : PGP.sig
Dateityp    : application/pgp-signature
Dateigröße  : 194 bytes
Beschreibung: Signierter Teil der Nachricht
URL         : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20100911/139aa5e7/attachment.sig>

Mehr Informationen über die Mailingliste Postfixbuch-users