Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: domain alias + reject_unverified_recipient

Hybrid View

  1. #1
    Join Date
    Jul 2010
    Posts
    11
    Rep Power
    5

    Unhappy domain alias + reject_unverified_recipient

    I am using alias domain on open source version 6 .
    To stop bounce spam trafic I have to add
    "reject_unverified_recipient" in file "postfix_recipient_restrictions.cf"
    But after doing this we frequentelly get following message in mail clinets (Out Look Express)
    " 450 <username@domain.com>:Recipient address rejected: unverified address: Address verification in progress"
    Is there any way to over come this problem. I searching forum from last 3 days but could not find any soloution.
    Last edited by vipin65; 07-07-2010 at 11:38 AM. Reason: to explain more

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by vipin65 View Post
    Is there any way to over come this problem.
    Don't use it unless you're a mail relay host, it's not necessary: Postfix Address Verification
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jul 2010
    Posts
    11
    Rep Power
    5

    Default

    Thanks for prompt reply. Our server is relay host (on public IP and can send mail to any server in the world ) if we remove "reject_unverified_recipient" our server start flooding bounce messages and we get black listed on many mail server. I tried many other option but could not find solution.
    Last edited by vipin65; 07-08-2010 at 02:54 AM. Reason: Better explanation

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by vipin65 View Post
    Thanks for prompt reply. Our server is relay host (on public IP and can send mail to any server in the world )
    It's a relay host for whom?

    Quote Originally Posted by vipin65 View Post
    if we remove "reject_unverified_recipient" our server start flooding bounce messages and we get black listed on many mail server. I tried many other option but could not find solution.
    What other options have you tried (please describe in detail)? Is the person that's getting rejected a valid user of your server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Jul 2010
    Posts
    11
    Rep Power
    5

    Red face

    Quote Originally Posted by phoenix View Post
    It's a relay host for whom?
    I mean if mail is not for local domain it is relayed to destination server.So when user send mail to external domain it is relayed.

    What other options have you tried (please describe in detail)? Is the person that's getting rejected a valid user of your server?
    I tried /opt/zimbra/conf/zmmta.cf smtpd_reject_unlisted_recipients 'yes' but no effect because our case is domain alias. I followed Managing Domains - Zimbra :: Wiki for domain alias.

    User (sender) get 450 error on his mail client or 550 that id do not exist on remote server. What I want sever should accept mail from authenticated/local user and bounce back in case of failure. While in case of external/remote mail server should not accept mail through SMTP but give 550 error if RCPT TO not exist on our server.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Please update your forum profile with the output of the following command (do not post it in this thread):

    Code:
    zmcontrol -v
    Quote Originally Posted by vipin65 View Post
    I tried /opt/zimbra/conf/zmmta.cf smtpd_reject_unlisted_recipients 'yes' but no effect because our case is domain alias. I followed Managing Domains - Zimbra :: Wiki for domain alias.
    This is the reason you should not be using a catchall account, can you not achieve this in any other manner?


    Quote Originally Posted by vipin65 View Post
    (sender) get 450 error on his mail client or 550 that id do not exist on remote server. What I want sever should accept mail from authenticated/local user and bounce back in case of failure.
    This won't work while you are using a catchall on your server.

    I asked you earlier who you are relaying for, who is it (are these just authenticated users)?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Mar 2011
    Posts
    3
    Rep Power
    4

    Default Try unverified_sender_defer_code option

    I think the problem you experienced might be affected by two options:

    a) The order in which the different actions are listed in smtpd_recipient_restrictions seems to matter. I added the "reject_unverified_recipient" option last, just before the "permit" option.

    b) The "unverified_sender_defer_code" option is set to "450" by default. Therefore, if a temporary error occurs during recipient verification, the server will send a temporary error to the client, resulting in the error message. By setting this option to "250", the server will accept the recipient address, if it cannot be verified right now. Thus, the server will only send an error to the client, if the address cannot be verified because of a permanent problem.

    Please tell me, if this options work for you. I am currently evaluating ZCS Network Edition and for the tests I performed, it works. However, I would like to know, if it also works in other setups before possible moving our production system to ZCS.

  8. #8
    Join Date
    Jul 2010
    Posts
    11
    Rep Power
    5

    Default

    Changeing 450 to 250 may create problem because server start accepting mail from unverfied recipent from other mail servers and start fluinding with unwanted spam mail. If start fluinding it become very diffcult to menage on production server we have to disconnect server from public ip.
    Have you tried this with live server ( MX record active ) ?

  9. #9
    Join Date
    Mar 2011
    Posts
    3
    Rep Power
    4

    Default Experience with Exim

    Quote Originally Posted by vipin65 View Post
    Have you tried this with live server ( MX record active ) ?
    I have not tried this for Zimbra yet, as my Zimbra test setup is on a LAN server. However, I am using a similar setup on our current internet mail system, which is using the Exim MTA, not the Postfix MTA.

    I configured the MTA on our primary and secondary MX to check recipient addresses using a mechanism similar to the mechanism used by the reject_unverified_recipient option. In Exim this is called "recipient callout verification". I set the option in a way, that the server will accept an e-mail, if it cannot verify the recipient address because of a temporary problem. Such a temporary problem might exist, if the the MTA on the secondary MX receives an e-mail and the primary MX is down. This setup is describes in more detail in a blog article.

    I just checked the queues of both our primary and secondary MX and I could not find a single bounce message caused by an e-mail accepted for an invalid address. I am using this setup now for more than two years and did not experience any problems with it during this time.

    For Exim I configured a maximum delay of 10 seconds, thus if the check does not finally succeed or fail within this time, the message is accepted.

    It might be a good idea to fine tune the address_verify_poll_delay and address_verify_poll_count options to get optimal results with Postfix.

  10. #10
    Join Date
    Jul 2010
    Posts
    11
    Rep Power
    5

    Default

    OK I will read blog and try to understand what Exim done.
    Secondelly there is one more problem when mail reject with 450 error we tried to send mail from clinent ( outlook experess) every hour interval hole day but it not succesed.
    I think some server don't allow address verification so mail rejects.

Similar Threads

  1. Enable Login on Prexisting Alias Domain - How?
    By LMStone in forum Administrators
    Replies: 0
    Last Post: 03-06-2010, 08:50 AM
  2. Domain Alias and sender address
    By mederyf in forum Administrators
    Replies: 1
    Last Post: 09-04-2009, 10:24 AM
  3. Replies: 7
    Last Post: 04-27-2009, 03:49 AM
  4. Replies: 20
    Last Post: 03-18-2008, 06:37 AM
  5. Domain Alias / User Alias problem after upgrading.
    By Bingo in forum Administrators
    Replies: 1
    Last Post: 04-20-2007, 04:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •