From: Chris McKeever (no email)
Date: Sun Jul 02 2006 - 16:08:22 EDT
alright - I think I understand where this is failing -
let me give this a go here -
thanks
On 7/2/06, mouss <> wrote:
> Chris McKeever wrote:
> > On 7/2/06, Magnus Bäck <> wrote:
> >> On Sunday, July 02, 2006 at 20:35 CEST,
> >> Chris McKeever <> wrote:
> >>
> >> > On 7/2/06, Magnus Bäck <> wrote:
> >> >
> >> > > But you don't want bounces. Bounces are bad. You want rejections. It
> >> > > is true that virtual alias rewriting is performed recursively -- but
> >> > > the recipient validation made by smtpd(8) is NOT recursive. If a
> >> > > lookup returns a result, the address it valid. This means that your
> >> > > Postfix will accept any address with a dot in it, e.g.
> >> > > , and later bounce the invalid recipient
> >> > > .
> >
> >>
> >> What server produces this bounce? Without that information the
> >> above bounce message snippet is utterly and completely useless.
> >>
> >> Never show bounce messages. Always show logs from your server.
> >>
> >
> > Magnus - thanks for helping me through this:
> >
> > both messages are coming from the same server, here are the logs - one
> > sent with the 'dot' format and one without - both generate the same
> > unknown user log message
> >
> > Jul 2 14:18:00 prupref-mailgate postfix/virtual[28097]: F0F07C8EBE:
> > to=<>, orig_to=<>,
> > relay=virtual, delay=3, status=bounced (unknown user:
> > "")
> >
> > Jul 2 14:18:12 prupref-mailgate postfix/virtual[28097]: 7C1A3C8FBD:
> > to=<>, relay=virtual, delay=0, status=bounced
> > (unknown user: "")
> >
> This is the Bad Thing I was talking about.
>
> The message was accepted (queued), then later bounced. the bounce is
> then sent to the envelope sender, which may have been forged. In this
> case, you're sending bounces to people who never sent you mail. and
> believe me, this is annoying. It's even worst when one gets thounsands
> of these during a small period of time.
>
> This practice was acceptable in the long past. It is nowaday considered
> as abuse, and will make your server listed in public block lists
> (spamcops) or in private lists.
>
> Either reject such messages during the smtp transaction (by fixing your
> virtual alias configuration) or setup a catchall address (which you'll
> have to manage, but that's your problem:).
>
> Configure your ldap to return the virtual alias result only if the
> "target mailbox" exists instead of using regex/pcre.
>
>
>
-- ---------------------------------- please respond to the list .. if you need to contact me direct cgmckeever is the account prupref.com is the domain <A href="http://www.prupref.com">Simply Chicago Real Estate</A>
|
|
|