Server accepts mail for mail@ - addresses

Discussion in 'General' started by Hawker, Apr 7, 2007.

  1. Hawker

    Hawker New Member

    I've had this problem since I first installed ISPConfig.

    I tried changing the mail style in /home/admispconfig/ispconfig/lib/config.inc.php from sendmail to postfix, but when I do this all mail is rejected as unknown users.

    My question is, should mydestination = /etc/postfix/local-host-names in /etc/postfix/main.cf be changed to something else, or deleted entirely?
     
  2. Hans

    Hans Moderator ISPConfig Developer

    The line mydestination = /etc/postfix/local-host-names within your main.cf is ok.

    Make sure if you also have the following lines within main.cf:

    virtual_maps = hash:/etc/postfix/virtusertable
    home_mailbox = Maildir/


    Within ISPConfig under >Management >Server >Settings verify if your settings for Postfix are correct.
    They Should be:

    MTA type: Postfix
    Virtuser File:
    Sendmail CW: /etc/postfix/local-host-names
    Mail Log: /var/log/mail.log
    Maildir: (enabled)
     
  3. Hawker

    Hawker New Member

    Unfortunately that didn't work. I get status=bounced (User unknown in virtual alias table) for every email address on my system.

    The interesting thing is all of the domains and addresses ARE in the virtusertable.

    Perhaps I'm missing something obvious in main.cf...
    Code:
    soft_bounce = no
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    myhostname = mail.mydomain.com
    mydomain = mydomain.com
    myorigin = $mydomain
    inet_interfaces = all
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debugger_command =
    	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.1.5/samples
    readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
    smtpd_sasl_local_domain = 
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_client_restrictions = 
    	check_client_access cidr:/etc/postfix/reject.cidr,
    	reject_unknown_client
    smtpd_sender_restrictions = 
    	reject_invalid_hostname,
    	reject_non_fqdn_sender,
    	reject_unknown_sender_domain,
    	check_sender_access hash:/etc/postfix/sender_checks
    smtpd_recipient_restrictions = 
    	reject_invalid_hostname,
    	permit_sasl_authenticated,
    	reject_non_fqdn_hostname,
    	reject_non_fqdn_sender,
    	reject_unknown_sender_domain,
    	reject_unknown_recipient_domain,
    	permit_mynetworks,
    	reject_unauth_destination,
    	check_sender_access hash:/etc/postfix/sender_checks
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    home_mailbox = Maildir/
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names
    
    Note that "mail.mydomain.com" and "mydomain.com" point to actual domains and have been edited out.
     
    Last edited: Apr 8, 2007
  4. falko

    falko Super Moderator ISPConfig Developer

    Can you post an excerpt of your mail log where the error happens?
    What's in /etc/postfix/virtusertable and /etc/postfix/local-host-names?
     
  5. Hawker

    Hawker New Member

    Here's the info you requested. Again, domain names have been changed to protect the innocent. :)

    Log file...
    Code:
    Apr  8 08:29:41 server postfix/smtpd[13611]: connect from mail845.carrierinternetsolutions.com[69.49.106.55]
    Apr  8 08:29:41 server postfix/smtpd[13611]: setting up TLS connection from mail845.carrierinternetsolutions.com[69.49.106.55]
    Apr  8 08:29:41 server postfix/smtpd[13611]: TLS connection established from mail845.carrierinternetsolutions.com[69.49.106.55]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Apr  8 08:29:41 server postfix/smtpd[13611]: DFA471CB1FF: client=mail845.carrierinternetsolutions.com[69.49.106.55]
    Apr  8 08:29:42 server postfix/cleanup[13614]: DFA471CB1FF: message-id=<[email protected]>
    Apr  8 08:29:42 server postfix/qmgr[13563]: DFA471CB1FF: from=<[email protected]>, size=1853, nrcpt=1 (queue active)
    Apr  8 08:29:42 server postfix/smtpd[13611]: disconnect from mail845.carrierinternetsolutions.com[69.49.106.55]
    Apr  8 08:29:42 server postfix/error[13615]: DFA471CB1FF: to=<[email protected]>, orig_to=<[email protected]>, relay=none, delay=1, status=bounced (User unknown in virtual alias table)
    Apr  8 08:29:42 server postfix/cleanup[13614]: 25D571CB200: message-id=<[email protected]>
    Apr  8 08:29:42 server postfix/qmgr[13563]: 25D571CB200: from=<>, size=3654, nrcpt=1 (queue active)
    Apr  8 08:29:42 server postfix/qmgr[13563]: DFA471CB1FF: removed
    Apr  8 08:29:48 server postfix/smtp[13618]: 25D571CB200: to=<[email protected]>, relay=mx1c8.carrierinternetsolutions.com[69.49.109.14], delay=6, status=sent (250 2.0.0 l38CTmIe006533 Message accepted for delivery)
    Apr  8 08:29:48 server postfix/qmgr[13563]: 25D571CB200: removed
    
    virtusertable...
    Code:
    ###################################
    #
    # ISPConfig virtusertable Configuration File
    #         Version 1.0
    #
    ###################################
    www.mydomain.com    VIRTUALDOMAIN
    [email protected]    web11_admin
    [email protected]    web11_admin
    [email protected]    web11_admin
    [email protected]    web11_admin
    [email protected]    web11_admin
    [email protected]    web11_heather
    [email protected]    web11_heather
    [email protected]    web11_heather
    mydomain.com    VIRTUALDOMAIN
    [email protected]    web11_admin
    [email protected]    web11_admin
    [email protected]    web11_admin
    [email protected]    web11_admin
    [email protected]    web11_admin
    [email protected]    web11_heather
    [email protected]    web11_heather
    [email protected]    web11_heather
    www.mydomain2.com    VIRTUALDOMAIN
    [email protected]    web14_admin
    [email protected]    web14_admin
    mydomain2.com    VIRTUALDOMAIN
    [email protected]    web14_admin
    [email protected]    web14_admin
    www.mydomain3.com    VIRTUALDOMAIN
    [email protected]    web15_admin
    [email protected]    web15_admin
    [email protected]    web15_rickw
    [email protected]    web15_rickw
    mydomain3.com    VIRTUALDOMAIN
    [email protected]    web15_admin
    [email protected]    web15_admin
    [email protected]    web15_rickw
    [email protected]    web15_rickw
    www.mydomain4.com    VIRTUALDOMAIN
    [email protected]    web18_admin
    [email protected]    web18_admin
    mydomain4.com    VIRTUALDOMAIN
    [email protected]    web18_admin
    [email protected]    web18_admin
    www.mydomain5.com    VIRTUALDOMAIN
    [email protected]    web16_jim
    [email protected]    web16_jim
    mydomain5.com    VIRTUALDOMAIN
    [email protected]    web16_jim
    [email protected]    web16_jim
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
    local-host-names...
    Code:
    ###################################
    #
    # ISPConfig local-host-names Configuration File
    #         Version 1.0
    #
    ###################################
    localhost
    server.mydomain.com
    localhost.server.mydomain.com
    localhost.mydomain.com
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
    
    When I change back to sendmail style mail, all domains appear in local-host-names. But I think this is what should happen.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    First, sendmail style works perefctly with postfix, so there is no need to change it zo postfix style.

    Is the user web11_admin listed in /etc/passwd ?

    What is the output of the command:

    hostname

    and

    hostname -f

    Please try to change:

    myhostname = mail.mydomain.com

    to:

    myhostname = server.mydomain.com

    and restart postfix.
     
  7. Hawker

    Hawker New Member

    That worked Till, thanks! Now we'll see how that goes for a while.

    The reason for changing is the sendmail style accepts messages to <systemuser>@anydomain.tld (ie: [email protected])

    I have been unable to stop that from happening no matter what I do. I can't delete system users, so this may be the next best thing. My fear is that mail will be bounced and that can be as bad as an open relay.
     
  8. Hawker

    Hawker New Member

    As feared the change to sendmail started bouncing emails rather than rejecting them.

    I've returned to postfix style mail.

    I'd still like to reject system names (ie: [email protected]), but that doesn't seem possible.
     
  9. Hawker

    Hawker New Member

    Problem Solved

    This one took me forever to figure out.

    To stop mail from being accepted for mail@ addresses do the following:

    cd /etc/postfix

    Edit access and add the following line at the end of the file...

    mail@ accept_mynetworks,reject

    save and exit the editor and then type postmap hash:access

    Then in main.cf, under smtp_recipient_restrictions AFTER reject_unauth_destination add..

    check_recipient_access hash:/etc/postfix/access

    save, reload postfix and now [email protected] will be rejected.
     

Share This Page