[SOLVED] Address Verification Database

O

osgit

Member
Jan 12, 2021
55
5
13
Hello,

I'm looking at the address verification database and trying to understand how it works. From my understanding, it checks the backend server (Exchange 2010 in my scenario) to see if the recipient exists. If it doesn't, then it blocks sending it to the backend once the address has been added to the database.

So I'm not sure if I'm misunderstanding how it works, but I'm getting a lot of non-existent addresses in the Spam Quarantine, that didn't seem to accumulate before resetting the database.

From this thread, the database should be located at:

/var/lib/postfix/verify_cache.db

But I'm not seeing that file.

Anyway, thank you for any enlightenment. :)
 
Last edited:
  • Like
Reactions: osgit
Stoiko Ivanov said:
* Is recipient verification enabled? (GUI->Configuration->Mail Proxy->Options) (once enabled you might want to reload postfix: `systemctl reload postfix`)
* With some versions of Exchange you need to adapt the config, so that they reply properly to non-existing e-mail addresses - see e.g. https://manuals.gfi.com/en/oneconne...ings/domain/recipientverificationexchange.htm


i hope this helps!
Click to expand...
So the WebUI shows: Yes (550) and Exchange is:

Code: 
Get-RecipientFilterConfig

Enabled                    : True
 
Then please share the logs of PMG when you try to send a mail to a non-existing e-mail address
 
Here is the log, it pushes it through to Exchange even though it doesn't exist on the backend. I end up getting an NDR to the sender as well.

Code: 
Feb 15 10:33:10 smtp postfix/postscreen[28990]: CONNECT from [40.92.23.109]:10624 to [192.168.57.4]:25
Feb 15 10:33:16 smtp postfix/postscreen[28990]: PASS NEW [40.92.23.109]:10624
Feb 15 10:33:17 smtp postfix/smtpd[29023]: connect from mail-mw2nam12olkn2109.outbound.protection.outlook.com[40.92.23.109]
Feb 15 10:33:17 smtp postfix/smtpd[29023]: Anonymous TLS connection established from mail-mw2nam12olkn2109.outbound.protection.outlook.com[40.92.23.109]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 15 10:33:17 smtp postfix/smtpd[29023]: 8A6BF142D59: client=mail-mw2nam12olkn2109.outbound.protection.outlook.com[40.92.23.109]
Feb 15 10:33:17 smtp postfix/cleanup[29026]: 8A6BF142D59: message-id=<BYAPR01MB5304CE9102104DA956200FB7B5889@BYAPR01MB5304.prod.exchangelabs.com>
Feb 15 10:33:17 smtp postfix/qmgr[1051]: 8A6BF142D59: from=<user@domain.co>, size=5852, nrcpt=1 (queue active)
Feb 15 10:33:17 smtp pmg-smtp-filter[27278]: 2021/02/15-10:33:17 CONNECT TCP Peer: "[127.0.0.1]:39128" Local: "[127.0.0.1]:10024"
Feb 15 10:33:17 smtp pmg-smtp-filter[27278]: 142DAC602AB05DA12D1: new mail message-id=<BYAPR01MB5304CE9102104DA956200FB7B5889@BYAPR01MB5304.prod.exchangelabs.com>#012
Feb 15 10:33:17 smtp postfix/smtpd[29023]: disconnect from mail-mw2nam12olkn2109.outbound.protection.outlook.com[40.92.23.109] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Feb 15 10:33:19 smtp pmg-smtp-filter[27278]: 142DAC602AB05DA12D1: SA score=0/5 time=2.217 bayes=0.00 autolearn=ham autolearn_force=no hits=AWL(0.527),BAYES_00(-1.9),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001)
Feb 15 10:33:19 smtp postfix/smtpd[29038]: connect from localhost.localdomain[127.0.0.1]
Feb 15 10:33:19 smtp postfix/smtpd[29038]: F0D76142DCC: client=localhost.localdomain[127.0.0.1], orig_client=mail-mw2nam12olkn2109.outbound.protection.outlook.com[40.92.23.109]
Feb 15 10:33:19 smtp postfix/cleanup[29026]: F0D76142DCC: message-id=<BYAPR01MB5304CE9102104DA956200FB7B5889@BYAPR01MB5304.prod.exchangelabs.com>
Feb 15 10:33:20 smtp postfix/qmgr[1051]: F0D76142DCC: from=<user@domain.co>, size=6530, nrcpt=1 (queue active)
Feb 15 10:33:20 smtp postfix/smtpd[29038]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Feb 15 10:33:20 smtp pmg-smtp-filter[27278]: 142DAC602AB05DA12D1: accept mail to <non-existent-user@domain.com> (F0D76142DCC) (rule: default-accept)
Feb 15 10:33:20 smtp pmg-smtp-filter[27278]: 142DAC602AB05DA12D1: processing time: 2.359 seconds (2.217, 0.057, 0)
Feb 15 10:33:20 smtp postfix/lmtp[29027]: 8A6BF142D59: to=<non-existent-user@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=0.09/0/0/2.4, dsn=2.5.0, status=sent (250 2.5.0 OK (142DAC602AB05DA12D1))
Feb 15 10:33:20 smtp postfix/qmgr[1051]: 8A6BF142D59: removed
Feb 15 10:33:20 smtp postfix/smtp[29039]: Trusted TLS connection established to exchange.domain.com[192.168.56.12]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Feb 15 10:33:20 smtp postfix/dnsblog[29034]: warning: dnsblog_query: lookup error for DNS query 109.23.92.40.noptr.spamrats.com: Host or domain name not found. Name service error for name=109.23.92.40.noptr.spamrats.com type=A: Host not found, try again
Feb 15 10:33:20 smtp postfix/postscreen[28990]: warning: dnsblog reply timeout 10s for noptr.spamrats.com
Feb 15 10:33:30 smtp pmg-smtp-filter[15332]: starting database maintainance
Feb 15 10:33:30 smtp pmg-smtp-filter[15332]: end database maintainance (40 ms)
Feb 15 10:33:41 smtp postfix/smtpd[29042]: connect from exchange.DOMAIN.local[192.168.56.12]
Feb 15 10:33:41 smtp postfix/smtpd[29042]: Anonymous TLS connection established from exchange.DOMAIN.local[192.168.56.12]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 15 10:33:41 smtp postfix/smtpd[29042]: A3893142D59: client=exchange.DOMAIN.local[192.168.56.12]
Feb 15 10:33:41 smtp postfix/cleanup[29026]: A3893142D59: message-id=<30783f3a-474a-434f-83e2-399f62b45677@DOMAIN.com>
Feb 15 10:33:41 smtp postfix/qmgr[1051]: A3893142D59: from=<>, size=21851, nrcpt=1 (queue active)
Feb 15 10:33:41 smtp postfix/smtp[29039]: F0D76142DCC: to=<non-existent-user@domain.com>, relay=exchange.domain.com[192.168.56.12]:25, delay=22, delays=0.03/0.04/0.12/21, dsn=2.6.0, status=sent (250 2.6.0 <BYAPR01MB5304CE9102104DA956200FB7B5889@BYAPR01MB5304.prod.exchangelabs.com> [InternalId=4181285] Queued mail for delivery)
Feb 15 10:33:41 smtp postfix/smtpd[29042]: disconnect from exchange.DOMAIN.local[192.168.56.12] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Feb 15 10:33:41 smtp pmg-smtp-filter[26927]: 2021/02/15-10:33:41 CONNECT TCP Peer: "[127.0.0.1]:41284" Local: "[127.0.0.1]:10023"
Feb 15 10:33:41 smtp postfix/qmgr[1051]: F0D76142DCC: removed
Feb 15 10:33:41 smtp pmg-smtp-filter[26927]: 142DAC602AB075A6925: new mail message-id=<30783f3a-474a-434f-83e2-399f62b45677@DOMAIN.com>#012
Feb 15 10:33:41 smtp pmg-smtp-filter[26927]: 142DAC602AB075A6925: added disclaimer (rule: Add Disclaimer)
Feb 15 10:33:41 smtp pmg-smtp-filter[26927]: 142DAC602AB075A6925: added disclaimer (rule: Add Disclaimer)
Feb 15 10:33:41 smtp pmg-smtp-filter[26927]: Could not create DKIM-Signature - disabling Signing: no domain in sender e-mail
Feb 15 10:33:41 smtp postfix/smtpd[29038]: connect from localhost.localdomain[127.0.0.1]
Feb 15 10:33:41 smtp postfix/smtpd[29038]: C6C4C142DCC: client=localhost.localdomain[127.0.0.1], orig_client=exchange.DOMAIN.local[192.168.56.12]
Feb 15 10:33:41 smtp postfix/cleanup[29026]: C6C4C142DCC: message-id=<30783f3a-474a-434f-83e2-399f62b45677@DOMAIN.com>
Feb 15 10:33:41 smtp postfix/qmgr[1051]: C6C4C142DCC: from=<>, size=23136, nrcpt=1 (queue active)
Feb 15 10:33:41 smtp postfix/smtpd[29038]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Feb 15 10:33:41 smtp pmg-smtp-filter[26927]: 142DAC602AB075A6925: accept mail to <user@domain.co> (C6C4C142DCC) (rule: default-accept)
Feb 15 10:33:41 smtp pmg-smtp-filter[26927]: 142DAC602AB075A6925: processing time: 0.251 seconds (0, 0.075, 0)
Feb 15 10:33:41 smtp postfix/lmtp[29027]: A3893142D59: to=<user@domain.co>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.27, delays=0.01/0/0/0.26, dsn=2.5.0, status=sent (250 2.5.0 OK (142DAC602AB075A6925))
Feb 15 10:33:41 smtp postfix/qmgr[1051]: A3893142D59: removed
Feb 15 10:33:44 smtp postfix/smtp[29039]: Trusted TLS connection established to 119758724.pamx1.hotmail.com[104.47.0.33]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 15 10:33:59 smtp postfix/smtp[29039]: C6C4C142DCC: to=<user@domain.co>, relay=119758724.pamx1.hotmail.com[104.47.0.33]:25, delay=18, delays=0.12/0/2.3/15, dsn=2.6.0, status=sent (250 2.6.0 <30783f3a-474a-434f-83e2-399f62b45677@DOMAIN.com> [InternalId=111235358022911, Hostname=HE1EUR01HT048.eop-EUR01.prod.protection.outlook.com] 29982 bytes in 14.643, 1.999 KB/sec Queued mail for delivery)
Feb 15 10:33:59 smtp postfix/qmgr[1051]: C6C4C142DCC: removed
 
osgit said:
142DCC: to=<non-existent-user@domain.com>, relay=exchange.domain.com[192.168.56.12]:25, delay=22, delays=0.03/0.04/0.12/21, dsn=2.6.0, status=sent (250 2.6.0 <BYAPR01MB5304CE9102104DA956200FB7B5889@BYAPR01MB5304.prod.exchangelabs.com> [InternalId=4181285] Queued mail for delivery)
Click to expand...
this line tells you that the exchange accepted the mail for the non-existing domain (and the lines below also tell you that it's exchange that is generating the NDR)

So my guess is that you need to adapt the Exchange config - so that it responds with a 5xx error code after the RCPT TO command with a non-existing e-mail address

I hope this helps!
 
  • Like
Reactions: osgit
Stoiko Ivanov said:
this line tells you that the exchange accepted the mail for the non-existing domain (and the lines below also tell you that it's exchange that is generating the NDR)

So my guess is that you need to adapt the Exchange config - so that it responds with a 5xx error code after the RCPT TO command with a non-existing e-mail address

I hope this helps!
Click to expand...
That makes sense, I'll look through and see what I find. I'll post my results back later. Thank you! :)
 
  • Like
Reactions: Stoiko Ivanov
Ok, so I got it resolved. Turns out the Exchange server never had the Spam filtering installed. These directions resolved the issue. Thank you for pointing me in the right direction. :)
 
I did have one more question. Is there a way to set the precedence to verify the sender before verifying it's spam? What I see happening is that Proxmox quarantines email for accounts that are not on the Exchange server, rather than verifying the recipient exists first, then checking for spam. As a result, it's causing lots of spam storage for accounts that don't actually exist. Thank you! :)
 
Last edited:
  • Like
Reactions: Stoiko Ivanov
Stoiko Ivanov said:
this line tells you that the exchange accepted the mail for the non-existing domain (and the lines below also tell you that it's exchange that is generating the NDR)

So my guess is that you need to adapt the Exchange config - so that it responds with a 5xx error code after the RCPT TO command with a non-existing e-mail address

I hope this helps!
Click to expand...
I did have one more question. Is there a way to set the precedence to verify the sender before verifying it's spam? What I see happening is that Proxmox quarantines email for accounts that are not on the Exchange server, rather than verifying the recipient exists first, then checking for spam. As a result, it's causing lots of spam storage for accounts that don't actually exist. Thank you! :)
 
osgit said:
I did have one more question. Is there a way to set the precedence to verify the sender before verifying it's spam? What I see happening is that Proxmox quarantines email for accounts that are not on the Exchange server, rather than verifying the recipient exists first, then checking for spam.
Click to expand...
Then recipient verification is still not working in your setup!
recipient verification happens inside postfix - long before the mail reaches the rule-system (inside pmg-smtp-filter)
(This is also a reason to activate recipient verification, since that way you save the resources, instead of scanning mails which would get thrown away afterwards)

one possible cause:
* the verification database still contains entries from before you fixed the exchange config -> clear it (GUI -> Administration -> Queues) (for good measure restart postfix afterwards)

if this does not help - please the mail.log for such a mail (non-existent recipient - still gets passed to pmg-smtp-filter and ends up in quarantine)

I hope this helps!
 
  • Like
Reactions: osgit
Hrm, Ok, I did clear the verification database last night. I didn't restart. It is working, if I send it from a valid email address, it will reject non-existent email addresses, but only to valid emails. It the incoming email is spam, it's sending it to the spam quarantine. Let me restart the services and see what that does. I'll report back. Thank you! :)
 
I just cleared the verification database again and rebooted the whole appliance and it still is quarantining emails vs bouncing non-existent emails. Here are two snippets.

First is for addresses that don't exist and it's spam.
Code: 
Feb 19 10:11:07 smtp postfix/smtpd[1126]: connect from r167-56-126-92.dialup.adsl.anteldata.net.uy[167.56.126.92]
Feb 19 10:11:08 smtp postfix/smtpd[1126]: 3B5C3142BDD: client=r167-56-126-92.dialup.adsl.anteldata.net.uy[167.56.126.92]
Feb 19 10:11:08 smtp postfix/cleanup[1047]: 3B5C3142BDD: message-id=<005101d706c9$055c85f1$8594ab8b$@oscarfaber.co.uk>
Feb 19 10:11:08 smtp postfix/qmgr[1003]: 3B5C3142BDD: from=<tanse1@oscarfaber.co.uk>, size=4869, nrcpt=1 (queue active)
Feb 19 10:11:08 smtp pmg-smtp-filter[1021]: 142BDF602FF12CB2302: new mail message-id=<005101d706c9$055c85f1$8594ab8b$@oscarfaber.co.uk>#012
Feb 19 10:11:09 smtp postfix/smtpd[1126]: disconnect from r167-56-126-92.dialup.adsl.anteldata.net.uy[167.56.126.92] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Feb 19 10:11:11 smtp pmg-smtp-filter[1021]: 142BDF602FF12CB2302: SA score=24/5 time=2.273 bayes=0.04 autolearn=no autolearn_force=no hits=BAYES_05(-0.5),BITCOIN_MALWARE(1),CK_HELO_GENERIC(0.25),DATE_IN_PAST_03_06(1.592),DOS_OUTLOOK_TO_MX(2.845),HELO_DYNAMIC_HCC(2.762),HELO_DYNAMIC_IPADDR(1.951),KAM_COUK(0.85),KAM_CRIM(8.5),KAM_DMARC_STATUS(0.01),KAM_LAZY_DOMAIN_SECURITY(1),NO_FM_NAME_IP_HOSTN(2.499),PDS_BTC_ID(0.499),RDNS_DYNAMIC(0.982),SPF_HELO_NONE(0.001),SPF_NONE(0.001)
Feb 19 10:11:11 smtp pmg-smtp-filter[1021]: 142BDF602FF12CB2302: moved mail for <non-existent-user@domain2.com> to spam quarantine - 142DFA602FF12F0E2FE (rule: Quarantine/Mark Spam (Level 2))
Feb 19 10:11:11 smtp pmg-smtp-filter[1021]: 142BDF602FF12CB2302: processing time: 2.337 seconds (2.273, 0.037, 0)
Feb 19 10:11:11 smtp postfix/lmtp[1048]: 3B5C3142BDD: to=<non-existent-user@domain2.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.8, delays=0.48/0/0/2.3, dsn=2.5.0, status=sent (250 2.5.0 OK (142BDF602FF12CB2302))
Feb 19 10:11:11 smtp postfix/qmgr[1003]: 3B5C3142BDD: removed

This one is from a valid email and the user doesn't exist on the relay server:
Code: 
Feb 19 10:15:02 smtp postfix/smtpd[1040]: connect from mail-bn7nam10olkn2062.outbound.protection.outlook.com[40.92.40.62]
Feb 19 10:15:02 smtp postfix/smtpd[1040]: Anonymous TLS connection established from mail-bn7nam10olkn2062.outbound.protection.outlook.com[40.92.40.62]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 19 10:15:02 smtp postfix/smtpd[1040]: 848D4140299: client=mail-bn7nam10olkn2062.outbound.protection.outlook.com[40.92.40.62]
Feb 19 10:15:02 smtp postfix/cleanup[1047]: 848D4140299: message-id=<BYAPR01MB5304FEC0095384EC9D52AC57B5849@BYAPR01MB5304.prod.exchangelabs.com>
Feb 19 10:15:02 smtp postfix/qmgr[1003]: 848D4140299: from=<user@domain.co>, size=5851, nrcpt=1 (queue active)
Feb 19 10:15:02 smtp pmg-smtp-filter[1021]: 142BDF602FF21699F73: new mail message-id=<BYAPR01MB5304FEC0095384EC9D52AC57B5849@BYAPR01MB5304.prod.exchangelabs.com>#012
Feb 19 10:15:02 smtp postfix/smtpd[1040]: disconnect from mail-bn7nam10olkn2062.outbound.protection.outlook.com[40.92.40.62] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Feb 19 10:15:05 smtp pmg-smtp-filter[1021]: 142BDF602FF21699F73: SA score=0/5 time=2.549 bayes=0.00 autolearn=ham autolearn_force=no hits=AWL(0.345),BAYES_00(-1.9),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001)
Feb 19 10:15:05 smtp postfix/smtpd[1170]: connect from localhost.localdomain[127.0.0.1]
Feb 19 10:15:05 smtp postfix/smtpd[1170]: 3EA15142F06: client=localhost.localdomain[127.0.0.1], orig_client=mail-bn7nam10olkn2062.outbound.protection.outlook.com[40.92.40.62]
Feb 19 10:15:05 smtp postfix/cleanup[1047]: 3EA15142F06: message-id=<BYAPR01MB5304FEC0095384EC9D52AC57B5849@BYAPR01MB5304.prod.exchangelabs.com>
Feb 19 10:15:05 smtp postfix/qmgr[1003]: 3EA15142F06: from=<user@domain.co>, size=6529, nrcpt=1 (queue active)
Feb 19 10:15:05 smtp pmg-smtp-filter[1021]: 142BDF602FF21699F73: accept mail to <non-existent-user@domain2.com> (3EA15142F06) (rule: default-accept)
Feb 19 10:15:05 smtp postfix/smtpd[1170]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Feb 19 10:15:05 smtp pmg-smtp-filter[1021]: 142BDF602FF21699F73: processing time: 2.656 seconds (2.549, 0.035, 0)
Feb 19 10:15:05 smtp postfix/lmtp[1048]: 848D4140299: to=<non-existent-user@domain2.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.8, delays=0.09/0/0/2.7, dsn=2.5.0, status=sent (250 2.5.0 OK (142BDF602FF21699F73))
Feb 19 10:15:05 smtp postfix/qmgr[1003]: 848D4140299: removed
Feb 19 10:15:10 smtp postfix/smtp[1171]: 3EA15142F06: to=<non-existent-user@domain2.com>, relay=exchange.domain2.com[192.168.56.12]:2525, delay=5.3, delays=0.03/0.04/0.13/5.2, dsn=5.1.1, status=bounced (host exchange.domain2.com[192.168.56.12] said: 550 5.1.1 User unknown (in reply to RCPT TO command))

Here is the bounce received to the vaild account from Proxmox:
Code: 
From: Mail Delivery System <MAILER-DAEMON@domain2.com>
Sent: Friday, February 19, 2021 10:15 AM
To: non-existent-user@domain2.com <non-existent-user@domain2.com>
Subject: Undeliverable: Test

This is the mail system at host spam-01.domain.local.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<non-existent-user@domain2.com>: host exchange.domain2.com[192.168.56.12] said: 550
    5.1.1 User unknown (in reply to RCPT TO command)

So it is working, but not on spam. I'm open to ideas on this one haha. Do you think there is some sort of race condition here or some sort of misconfiguration on my end? Again, thank you for your help! :)
 
Last edited:
Plese provide the output of `pmgconfig dump` - that way we can see what might not be configured correctly (anonymize domain-names and public ip-addresses if you want, but leave the rest as untouched as possible)

the log looks like that exchange is answering correctly (5xx for a non-existing user)
 
Sure, see below. Thank you! :)

Code: 
composed.wl_bounce_relays = srv-spam-01.domain.local
dns.domain = domain.local
dns.fqdn = srv-spam-01.domain.local
dns.hostname = srv-spam-01
ipconfig.int_ip = 192.168.xx.x
pmg.admin.advfilter = 1
pmg.admin.avast = 0
pmg.admin.clamav = 1
pmg.admin.custom_check = 0
pmg.admin.custom_check_path = /usr/local/bin/pmg-custom-check
pmg.admin.dailyreport = 1
pmg.admin.demo = 0
pmg.admin.dkim_selector = selector
pmg.admin.dkim_sign = 1
pmg.admin.dkim_sign_all_mail = 1
pmg.admin.email = logs@domain.com
pmg.admin.http_proxy =
pmg.admin.statlifetime = 7
pmg.clamav.archiveblockencrypted = 0
pmg.clamav.archivemaxfiles = 1000
pmg.clamav.archivemaxrec = 5
pmg.clamav.archivemaxsize = 25000000
pmg.clamav.dbmirror = database.clamav.net
pmg.clamav.maxcccount = 0
pmg.clamav.maxscansize = 100000000
pmg.clamav.safebrowsing = 1
pmg.clamav.scriptedupdates = 0
pmg.mail.banner = ESMTP smtp.domain.com
pmg.mail.before_queue_filtering = 0
pmg.mail.conn_count_limit = 50
pmg.mail.conn_rate_limit = 0
pmg.mail.dnsbl_sites = zen.spamhaus.org*2,bl.spamcop.net*2,psbl.surriel.com*2,spamrbl.imp.ch*2,noptr.spamrats.com*2,escalations.dnsbl.sorbs.net*2,bl.score.senderscore.com*2,bl.spameatingmonkey.net*2,rbl.realtimeblacklist.com*2,dnsbl.dronebl.org*2,ix.dnsbl.manitu.net,b.barracudacentral.org,truncate.gbudb.net,bl.blocklist.de
pmg.mail.dnsbl_threshold = 1
pmg.mail.dwarning = 4
pmg.mail.ext_port = 25
pmg.mail.greylist = 1
pmg.mail.greylist6 = 0
pmg.mail.greylistmask4 = 24
pmg.mail.greylistmask6 = 64
pmg.mail.helotests = 1
pmg.mail.hide_received = 1
pmg.mail.int_port = 26
pmg.mail.max_filters = 31
pmg.mail.max_policy = 5
pmg.mail.max_smtpd_in = 100
pmg.mail.max_smtpd_out = 100
pmg.mail.maxsize = 25600000
pmg.mail.message_rate_limit = 0
pmg.mail.ndr_on_block = 0
pmg.mail.rejectunknown = 1
pmg.mail.rejectunknownsender = 1
pmg.mail.relay = exchange.domain.com
pmg.mail.relaynomx = 0
pmg.mail.relayport = 2525
pmg.mail.relayprotocol = smtp
pmg.mail.smarthost =
pmg.mail.smarthostport = 25
pmg.mail.spf = 1
pmg.mail.tls = 1
pmg.mail.tlsheader = 1
pmg.mail.tlslog = 1
pmg.mail.verifyreceivers = 550
pmg.spam.bounce_score = 0
pmg.spam.clamav_heuristic_score = 3
pmg.spam.languages = all
pmg.spam.maxspamsize = 262144
pmg.spam.rbl_checks = 1
pmg.spam.use_awl = 1
pmg.spam.use_bayes = 1
pmg.spam.use_razor = 1
pmg.spam.wl_bounce_relays =
pmg.spamquar.allowhrefs = 1
pmg.spamquar.authmode = ldapticket
pmg.spamquar.hostname = mail.domain.com
pmg.spamquar.lifetime = 7
pmg.spamquar.mailfrom = quarantine@domain.com
pmg.spamquar.port = 443
pmg.spamquar.protocol = https
pmg.spamquar.quarantinelink = 0
pmg.spamquar.reportstyle = custom
pmg.spamquar.viewimages = 1
pmg.virusquar.allowhrefs = 1
pmg.virusquar.lifetime = 7
pmg.virusquar.viewimages = 1
postfix.dnsbl_sites = zen.spamhaus.org*2,bl.spamcop.net*2,psbl.surriel.com*2,spamrbl.imp.ch*2,noptr.spamrats.com*2,escalations.dnsbl.sorbs.net*2,bl.score.senderscore.com*2,bl.spameatingmonkey.net*2,rbl.realtimeblacklist.com*2,dnsbl.dronebl.org*2,ix.dnsbl.manitu.net,b.barracudacentral.org,truncate.gbudb.net,bl.blocklist.de
postfix.dnsbl_threshold = 1
postfix.int_ip = 192.168.xx.x
postfix.mynetworks = 127.0.0.0/8 [::1]/128 192.168.xx.0/24 192.168.xx.0/24 192.168.xx.0/24
postfix.transportnets =
postfix.usepolicy = 1
postgres.version = 11
 
Stoiko Ivanov said:
Plese provide the output of `pmgconfig dump` - that way we can see what might not be configured correctly (anonymize domain-names and public ip-addresses if you want, but leave the rest as untouched as possible)

the log looks like that exchange is answering correctly (5xx for a non-existing user)
Click to expand...
See post 15. Thank you for the help. :)
 
the settings are correct for recipient verification...
could you check the output of the verification-db for the non-existing e-mail addresses?

Code: 
cp -a /var/lib/postfix/verify_cache.db /tmp/test.db
postmap -s btree:/tmp/test
 
Stoiko Ivanov said:
the settings are correct for recipient verification...
could you check the output of the verification-db for the non-existing e-mail addresses?

Code: 
cp -a /var/lib/postfix/verify_cache.db /tmp/test.db
postmap -s btree:/tmp/test
Click to expand...
The verification database doesn't seem to exist?
Code: 
root@srv-spam-01:/etc/pmg# ll /var/lib/postfix/
total 1072
-rw------- 1 postfix postfix   8192 Feb 19 17:27 lmtp_tls_session_cache.db
-rw------- 1 postfix postfix     33 Feb 19 16:33 master.lock
-rw------- 1 postfix postfix 929792 Feb 25 20:14 postscreen_cache.db
-rw------- 1 postfix postfix   1024 Feb 25 20:09 prng_exch
-rw------- 1 postfix postfix  20480 Feb 25 20:14 smtpd_tls_session_cache.db
-rw------- 1 postfix postfix 122880 Feb 25 20:17 smtp_tls_session_cache.db
 
osgit said:
The verification database doesn't seem to exist?
Click to expand...
ok ... that's odd - do you have modifications to the postfix configuration templates? (do you have files in /etc/pmg/templates?)

else please try to restart postfix and send a test-mail, if the database then does not appear, please post both /etc/postfix/main.cf and /etc/postfix/master.cf
 
Stoiko Ivanov said:
ok ... that's odd - do you have modifications to the postfix configuration templates? (do you have files in /etc/pmg/templates?)

else please try to restart postfix and send a test-mail, if the database then does not appear, please post both /etc/postfix/main.cf and /etc/postfix/master.cf
Click to expand...
I do have a template that I copied from the pmg templates and added the myorigin line so that bounced emails will use my domain, I posted the entire template file below:
Code: 
# auto-generated by proxmox

compatibility_level = 2
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix

# appending .domain is the MUA's job.
append_dot_mydomain = yes

smtpd_banner = $myhostname [% pmg.mail.banner %]
biff = no

[% IF pmg.mail.dwarning %]
delay_warning_time = [% pmg.mail.dwarning %]h
[% END %]

best_mx_transport = local
message_size_limit = [% pmg.mail.maxsize %]
mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %]

#mydomain = [% dns.domain %]
#myhostname = [% dns.hostname %].[% dns.domain %]

parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, $myhostname
mynetworks = [% postfix.mynetworks %]

relay_domains = hash:/etc/pmg/domains

transport_maps = hash:/etc/pmg/transport

[% IF pmg.mail.relay %]
[% IF pmg.mail.relayprotocol == 'lmtp' %]
relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
[% ELSE %]
[% IF pmg.mail.relaynomx %]
relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %]
[% ELSE %]
relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.relay %]:[% pmg.mail.relayport %]
[% END %]
[% END %]
[% END %]

[% IF pmg.mail.smarthost %]
default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %]
[% END %]

[% IF ! pmg.mail.before_queue_filtering -%]
content_filter=scan:127.0.0.1:10024
[%- END %]

mail_name = Proxmox

[% IF pmg.mail.helotests %]
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
[% ELSE %]
smtpd_helo_restrictions =
[% END %]

postscreen_access_list =
        permit_mynetworks,
        cidr:/etc/postfix/postscreen_access

[% IF postfix.dnsbl_sites %]
postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
[% END %]

postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce

smtpd_sender_restrictions =
        permit_mynetworks
        reject_non_fqdn_sender
        check_client_access     cidr:/etc/postfix/clientaccess
        check_sender_access     regexp:/etc/postfix/senderaccess
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF postfix.usepolicy %] check_sender_access  regexp:/etc/postfix/senderaccess[% END %]
[%- IF postfix.usepolicy %] check_client_access  cidr:/etc/postfix/clientaccess[% END %]
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]

[% IF pmg.mail.verifyreceivers %]
unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
[% END %]

smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]

[% IF pmg.mail.tls %]
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

lmtp_tls_security_level = $smtp_tls_security_level
lmtp_tls_policy_maps = $smtp_tls_policy_maps
lmtp_tls_CAfile = $smtp_tls_CAfile
[% IF pmg.mail.tlslog %]
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
lmtp_tls_loglevel = $smtp_tls_loglevel
[% END %]
[% IF pmg.mail.tlsheader %]
smtpd_tls_received_header = yes
[% END %]
[% END %]

smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache

[% IF pmg.mail.hide_received %]
unverified_recipient_reject_reason = Recipient address lookup failed
[% END %]


default_destination_concurrency_limit = 40
lmtp_destination_concurrency_limit = 20
relay_destination_concurrency_limit = 20
smtp_destination_concurrency_limit = 20
virtual_destination_concurrency_limit = 20

recipient_delimiter = +
#Custom:
myorigin = domain.com
mydomain = domain.com
myhostname = smtp.domain.com
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back