Postfix relay problem with SA ?

["Ronald I. Nutter" <ro...@georgetowncollege.edu>]

I am noticing entries in the maillog like the following.  This tells me
that somehow mail is relaying through my system.  I followed the Scott
Henderson setup document and havent noticed this before.

Jan 11 11:24:33 SA2 postfix/smtp[12722]: 8FE98F4280:
to=<ns...@bsweetinc.com>,
relay=milter1.store.vip.sc5.yahoo.com[216.136.232.238], delay=22,
status=bounced (host milter1.store.vip.sc5.yahoo.com[216.136.232.238]
said: 550 5.0.0 <ns...@bsweetinc.com>... <ns...@bsweetinc.com>: User
unknown (in reply to RCPT TO command))

Here is my postfix main.cf

alias_database = hash:/etc/postfix/aliases
myorigin = georgetowncollege.edu
myhostname = sa2.georgetowncollege.edu
mydestination = georgetowncollege.edu
mynetworks = 10.1.7.0/24
biff = no
smtpd_banner = sa2.georgetowncollege.edu
# Message limit at 20MB so that daily spam reports can get through
message_size_limit = 20000000
# Added error: in front of no local mail delivery 092104
local_transport = error:no local mail delivery
local_recipient_maps =
transport_maps = hash:/etc/postfix/transport
smtpd_helo_required = yes
#smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
reject_maps_rbl
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, opm.blitzed.org,
dun.dnsrbl.net, spam.dnsrbl.net
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, reject_non_fqdn_recipient
header_checks = regexp:/etc/postfix/header_checks
content_filter = smtp-amavis:[localhost]:10024

Is there something I need to change ?  I am not seeing this a lot and
thought I needed to look to see if I could find the problem.  Any
suggestions would be appreciated.

Ron

Re: Postfix relay problem with SA ?

[Alan Munday <sp...@brightheadtechnology.com>]

Ronald I. Nutter wrote the following on 11/01/2005 16:43:
> I am noticing entries in the maillog like the following.  This tells me
> that somehow mail is relaying through my system.  I followed the Scott
> Henderson setup document and havent noticed this before.
> 
> Jan 11 11:24:33 SA2 postfix/smtp[12722]: 8FE98F4280:
> to=<ns...@bsweetinc.com>,
> relay=milter1.store.vip.sc5.yahoo.com[216.136.232.238], delay=22,
> status=bounced (host milter1.store.vip.sc5.yahoo.com[216.136.232.238]
> said: 550 5.0.0 <ns...@bsweetinc.com>... <ns...@bsweetinc.com>: User
> unknown (in reply to RCPT TO command))

Ron

Are you sure you have a problem?

The mail log shows postfix bouncing the message.

Alan

Re: Postfix relay problem with SA ?

[Louis LeBlanc <sp...@keyslapper.org>]

On 01/11/05 11:43 AM, Ronald I. Nutter sat at the `puter and typed:
> I am noticing entries in the maillog like the following.  This tells me
> that somehow mail is relaying through my system.  I followed the Scott
> Henderson setup document and havent noticed this before.
> 
> Jan 11 11:24:33 SA2 postfix/smtp[12722]: 8FE98F4280:
> to=<ns...@bsweetinc.com>,
> relay=milter1.store.vip.sc5.yahoo.com[216.136.232.238], delay=22,
> status=bounced (host milter1.store.vip.sc5.yahoo.com[216.136.232.238]
> said: 550 5.0.0 <ns...@bsweetinc.com>... <ns...@bsweetinc.com>: User
> unknown (in reply to RCPT TO command))
> 
> Here is my postfix main.cf
> 
> alias_database = hash:/etc/postfix/aliases
> myorigin = georgetowncollege.edu
> myhostname = sa2.georgetowncollege.edu
> mydestination = georgetowncollege.edu
> mynetworks = 10.1.7.0/24
> biff = no
> smtpd_banner = sa2.georgetowncollege.edu
> # Message limit at 20MB so that daily spam reports can get through
> message_size_limit = 20000000
> # Added error: in front of no local mail delivery 092104
> local_transport = error:no local mail delivery
> local_recipient_maps =
> transport_maps = hash:/etc/postfix/transport
> smtpd_helo_required = yes
> #smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
> reject_maps_rbl
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
> maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, opm.blitzed.org,
> dun.dnsrbl.net, spam.dnsrbl.net
> smtpd_sender_restrictions = reject_non_fqdn_sender,
> reject_unknown_sender_domain
> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unauth_destination, reject_non_fqdn_recipient
> header_checks = regexp:/etc/postfix/header_checks
> content_filter = smtp-amavis:[localhost]:10024
> 
> Is there something I need to change ?  I am not seeing this a lot and
> thought I needed to look to see if I could find the problem.  Any
> suggestions would be appreciated.

You probably need to verify that this didn't result in default settings
being removed.  You have mydestination set, but I don't see the
following:
relay_domains = $mydestination

This is important.  The commentary on this setting in my (mostly)
default configuration is as follows:

# The relay_domains parameter restricts what destinations this system will
# relay mail to.  See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
#   subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# 
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
# 
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace.  Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).

The commentary says $mydestination is the default, but you are better
off specifying it explicitly.

-- 
Louis LeBlanc          spamassassin@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     Ô¿Ô¬

Bore, n.:
  A person who talks when you wish him to listen.
    -- Ambrose Bierce, "The Devil's Dictionary"