Prev-20 Home Next-20 3 msg Re: Virtual domain aliases address verify vs. virtual_alias_maps \ Arpi (28 Nov 2007) . \ mouss (28 Nov 2007) . . \ Arpi (28 Nov 2007) . . . \ Arpi (30 Nov 2007) 20 msg Postfix/ClamAV Config Error 4 msg smtp /dev/poll problem 6 msg Addresses filtering for only one supported domain 14 msg Greylist question 1 msg One transport with AUTH and other transport wit... 7 msg Is this expected reject behavior for foreign IP... 3 msg relay_domains and virtual_mailbox_domains not w... 2 msg Need help debugging a possible content filter p... 11 msg spam emails with | in front of the email addresses 9 msg unexpected domain rewrite (by postfix?) 5 msg Error receiving email 20 msg Postfix 2.5-20071111, smtp.gmail.com, bouncing ... 1 msg Bounce notification configure 45 msg Re: Recipient validation 2 msg Use of MySQL for lookups 8 msg proposal: change behavior with respect to recip... 11 msg OT: Any bad DKIM experiences? 8 msg hashed spool directories Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Nov-2007 Next-Thread Next-Msg Subject: Re: address verify vs. virtual_alias_maps Group: Postfix-users From: Arpi Date: 30 Nov 2007 Hi, Any chance to get this answered? Wietse? please at least tell me if my problem is: A, known bug/problem of postfix, will be fixed (when?) B, can be solved by proper configuration (some hint?) C, feature request btw i'm using postfix 2.4.1, but i didnt see such problem/fix mentioned in later changelogs. if it's fixed in 2.5, then i'll upgrade. thanks a lot, A'rpi > Hi, > > > > We have a posfix mail server, which does content filtering (spam virus etc) > > > for all of our mail servers, as a relay. I've enabled address verify > > > (both sender and recipient) for all of our server domains. It's working fine. > > > > > > Now I've added > > > virtual_alias_maps = hash:/etc/postfix/virtual, ldap:ldapforward, ldap:ldapvirtual > > > which does address translation for many of our domains where the > > > addresses are redirected to other addresses (users moved and have their > > > old mail forwarded, and some users moved to an ms exchange server). > > > The problem is, that I dont want to do address verification for these > > > foregin domains, where some of our addresses are forwarded/virtaal_aliased. > > > (there are some servers, where address verify doesnt work) > > > > > > Is there any way, to tell postfix which domains NOT to verify > > > mail to? Adding it to check_recipient_access maps in > > > smtpd_recipient_restrictions doesnt work, as it's used by smtpd only, > > > and address verify ignores that when doing the address verify. > > > Or any way to force verify to verify only mails to listed domains, > > > and do this domain check _after_ resolving virtual_alias mappings ? > > > > > > For example: > > > smtpd receives a connection, with recipient arpi. > > > there is a such line in the check_recipient_access map: > > > bmf.hu reject_unverified_recipient > > > so it does address verify. it's ok. > > > but this address is mapped to an external address in virtual_alias_maps: > > > arpi arpi > > > so the verify process connects thot.banki.hu to verify this address. > > > but i dont want it to connect thot.banki.hu! > > > > > > > please show evidence (relevant logs). > > i dont really see why do you need it, i think it's clear what's > happening, the question is how to avoid it. > > but here is it: > > i sent a mail from root to arpi, > which has virtual maps entry to arpi: > virtual_alias_maps = hash:/etc/postfix/virtual, ldap:ldapforward, > ldap:ldapvirtual > /etc/postfix/virtual: > arpi arpi > > for the demonstration, i set firewall to drop packets from the > relay server to thot.banki.hu, so you can see the address verify fail. > (normally there is no trace in logs of address verify, only if it fails) > > Nov 28 22:40:15 sendmail postfix/smtpd[21639]: connect from b > b-server.archeo.mta.hu[193.224.177.3] > Nov 28 22:40:15 sendmail postfix/smtpd[21639]: 5116C800EE: cl > ient=bb-server.archeo.mta.hu[193.224.177.3] > Nov 28 22:40:15 sendmail postfix/smtpd[21639]: 5116C800EE: reject: RCPT > from bb-server.archeo.mta.hu[193.224.177.3]: 450 4.1.1 <arpi>: > Recipient address rejected: unverified address: connect to 19 > 2.190.173.38[192.190.173.38]: Connection timed out; from=<roo > t> to=<arpi> proto=ESMTP helo=<server.archeo.mta.hu> > > here is the mailq of the sender (server.archeo.mta.hu): > -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- > 7D0CE170E0 288 Wed Nov 28 22:38:20 root > (host sendmail.bmf.hu[193.224.40.21] said: 450 4.1.1 <arpi>: > Recipient address rejected: unverified address: connect to > 192.190.173.38[192.190.173.38]: Connection timed out (in reply to RCPT TO > command)) > arpi > > (192.190.173.38 is the IP of thot.banki.hu) > > > and while you are at it, show output of 'postconf -n'. is there a > > http://thot.banki.hu/arpi/postfix/postconf.txt > > > transport entry for bmf.hu? > > yes, of course. (the relay server doesnt have local users) > > bmf.hu :[webmail.bmf.hu] > > A'rpi > > > > if the address is listed in virtual_alias_maps, then it's an existing > > > address (but at least an address i can assume it's a working one) > > > so no further checks needed! > > > > > > i hope the problem is clear now. > > > any ideas? > > > > > > A'rpi > > > > > > > > > > > > Prev-Msg Prev-Thread Postfix-users Nov-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com