Postfix send "sender non-delivery notification" for not existing domain alias account

Discussion in 'Installation/Configuration' started by Stefan Warnat, Aug 3, 2015.

  1. Stefan Warnat

    Stefan Warnat New Member

    Hy,

    The subject is a little bit confusing, I know. but I don't have any idea, how to better explain, what the topic of my question is.
    I use a default "Perfect Server Debian Wheezy" Setup with Postfix 2.11.2, Dovecot 2.1.7 and Amavis 2.7.1 and everything is working well.

    Everything is working well, before I use sendgrid as outgoing relayhost. :)
    SendGrid point me on the problem, my server is sending non delivery notifications to not existing mailadresses.
    Normally my Postfix correctly deny not existing mailboxes and don't send such messages.
    But in my case the destination address aims to an domain alias and Postfix accept the message at first step and manually send a "sender non-delivery notification", because it recognize the target isn't available after he really replace the domain.

    An example:
    1. Spam Mail from [email protected][dot]net to [email protected][dot]com (Log 1)
    2. Postfix accept message and redirect to amavis
    3. Amavis returned and postfix rewrite domain (Log 2)
    4. Postfix regonize not existing mailbox and create "sender non-delivery notification" for an not existing source address
    I know, why it is happen. Postfix don't know in case of domain alias at first step, if the mailbox exist.
    Is this a configuration problem I could solve in postfix config or simple a problem of Postfix?
    I think a replace of the domain at first step and directly check mailbox for existence will solve this problem. But is this possible to directly deny such messages?

    I could filter some of such messages by postgrey, which I reenable. But some mails are send by open relays and behave like it should be in case of greylisting.
    I don't want completely disable "sender non-delivery notifications", because normally they are useful.

    Big thanks for any hint, which point me in the right direction!
    Stefan

    Log 1
    Code:
    Jul 31 19:28:33 server5 postfix/smtpd[25443]: 3B8F32C222A7: client=unknown[95.158.128.106]
    Jul 31 19:28:33 server5 postfix/qmgr[2505]: 3B8F32C222A7: from=<[email protected][dot]net>, size=2312, nrcpt=1 (queue active)
    Jul 31 19:28:33 server5 amavis[16047]: (16047-06) Passed SPAMMY {RelayedTaggedInbound}, [95.158.128.106]:3142 [106.128.158.95] <[email protected][dot]net> -> <[email protected][dot]com>, Queue-ID: 3B8F32C222A7, mail_id: gzfQr3EeolwY, Hits: 22.513, size: 2275, queued_as: CD1FA2C222AE, 326 ms
    Jul 31 19:28:33 server5 postfix/smtp[25445]: 3B8F32C222A7: to=<[email protected][dot]com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.66, delays=0.32/0.01/0/0.33, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as CD1FA2C222AE)
    Jul 31 19:28:33 server5 postfix/qmgr[2505]: 3B8F32C222A7: removed
    
    

    Log 2
    Code:
    Jul 31 19:28:33 server5 postfix/smtpd[25451]: CD1FA2C222AE: client=localhost[dot]localdomain[127.0.0.1]
    Jul 31 19:28:33 server5 opendkim[3572]: CD1FA2C222AE: no signing table match for [email protected][dot]net'
    Jul 31 19:28:33 server5 postfix/qmgr[2505]: CD1FA2C222AE: from=<[email protected]>, size=3394, nrcpt=1 (queue active)
    Jul 31 19:28:33 server5 amavis[16047]: (16047-06) Passed SPAMMY {RelayedTaggedInbound}, [95.158.128.106]:3142 [106.128.158.95] <[email protected][dot]net> -> <[email protected] [dot] com>, Queue-ID: 3B8F32C222A7, mail_id: gzfQr3EeolwY, Hits: 22.513, size: 2275, queued_as: CD1FA2C222AE, 326 ms
    Jul 31 19:28:33 server5 postfix/pipe[25452]: CD1FA2C222AE: to=<[email protected][dot]com>, orig_to=<[email protected][dot]com>, relay=dovecot, delay=0.07, delays=0.04/0.01/0/0.01, dsn=5.1.1, status=bounced (user unknown)
    Jul 31 19:28:33 server5 postfix/bounce[25454]: CD1FA2C222AE: sender non-delivery notification: DCC3E2C222A7
    Jul 31 19:28:33 server5 postfix/qmgr[2505]: CD1FA2C222AE: removed
    

     
    Last edited: Aug 3, 2015
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Delete the domain alias and replace it with email address aliases, this way postfix knows which email addresses exit in the alias domain.
     
  3. Stefan Warnat

    Stefan Warnat New Member

    Hy,
    Ok. Thanks for your answer!!

    Because this are client domains I could not change it easily.
    I will talk with the client if this is possible.

    My hope was, there is a possible way with a bash script.
    I will try if I found a way and will post here, if I found one. I could imagine some other users, which use Domain Alias have the same problem, but simple don't know about it.

    Regards,
    Stefan
     

Share This Page