Thank you
# auto-generated by proxmox
compatibility_level = 2
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
# appending .domain is the MUA's job.
append_dot_mydomain = yes
smtpd_banner = $myhostname ESMTP smtp.domain.com
biff = no
delay_warning_time = 4h
best_mx_transport = local
message_size_limit = 25600000
mailbox_size_limit = 51200000
#mydomain = domain.local
#myhostname = srv-spam-01.domain.local
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, $myhostname
mynetworks = 127.0.0.0/8 [::1]/128 192.168.57.0/24 192.168.xx.x/24 192.168.xx.x/24
relay_domains = hash:/etc/pmg/domains
transport_maps = hash:/etc/pmg/transport
relay_transport = smtp:exchange.domain.com:2525
content_filter=scan:127.0.0.1:10024
mail_name = Proxmox
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
postscreen_access_list =
permit_mynetworks,
cidr:/etc/postfix/postscreen_access
postscreen_dnsbl_sites = zen.spamhaus.org*2,bl.spamcop.net*2,psbl.surriel.com*2,spamrbl.imp.ch*2,noptr.spamrats.com*2,escalations.dnsbl.sorbs.net*2,bl.score.senderscore.com*2,bl.spameatingmonkey.net*2,rbl.realtimeblacklist.com*2,dnsbl.dronebl.org*2,ix.dnsbl.manitu.net,b.barracudacentral.org,truncate.gbudb.net,bl.blocklist.de
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
smtpd_sender_restrictions =
permit_mynetworks
reject_non_fqdn_sender
check_client_access cidr:/etc/postfix/clientaccess
check_sender_access regexp:/etc/postfix/senderaccess
check_recipient_access regexp:/etc/postfix/rcptaccess reject_unknown_client_hostname reject_unknown_sender_domain
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
reject_non_fqdn_recipient
check_recipient_access regexp:/etc/postfix/rcptaccess check_sender_access regexp:/etc/postfix/senderaccess check_client_access cidr:/etc/postfix/clientaccess check_policy_service inet:127.0.0.1:10022 reject_unknown_recipient_domain reject_unverified_recipient
unverified_recipient_reject_code = 550
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_message_rate_limit = 0
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
lmtp_tls_security_level = $smtp_tls_security_level
lmtp_tls_policy_maps = $smtp_tls_policy_maps
lmtp_tls_CAfile = $smtp_tls_CAfile
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
lmtp_tls_loglevel = $smtp_tls_loglevel
smtpd_tls_received_header = yes
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache
unverified_recipient_reject_reason = Recipient address lookup failed
default_destination_concurrency_limit = 40
lmtp_destination_concurrency_limit = 20
relay_destination_concurrency_limit = 20
smtp_destination_concurrency_limit = 20
virtual_destination_concurrency_limit = 20
recipient_delimiter = +
#Custom:
myorigin = domain.com
mydomain = domain.com
myhostname = smtp.domain.comscan unix - - n - 31 lmtp
-o lmtp_send_xforward_command=yes
-o lmtp_connection_cache_on_demand=no
-o disable_dns_lookups=yes
26 inet n - - - 100 smtpd
-o content_filter=scan:127.0.0.1:10023
-o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
25 inet n - - - 1 postscreen
smtpd pass - - - - 100 smtpd
-o content_filter=scan:127.0.0.1:10024
-o receive_override_options=no_address_mappings
-o smtpd_discard_ehlo_keywords=silent-discard,dsn
-o mynetworks=127.0.0.0/8,192.168.xx.x
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_restriction_classes=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_tls_security_level=none
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o message_size_limit=51200000
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
-o message_size_limit=51200000
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
verify unix - - - - 1 verify
trace unix - - n - 0 bounce
tlsmgr unix - - - 1000? 1 tlsmgr
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
discard unix - - - - - discard
retry unix - - - - - error
dnsblog unix - - - - 0 dnsblog
tlsproxy unix - - - - 0 tlsproxyll /var/lib/postfix/
total 956
-rw------- 1 postfix postfix 8192 Mar 1 12:46 lmtp_tls_session_cache.db
-rw------- 1 postfix postfix 33 Mar 1 12:46 master.lock
-rw------- 1 postfix postfix 929792 Mar 1 12:46 postscreen_cache.db
-rw------- 1 postfix postfix 1024 Mar 1 12:46 prng_exch
-rw------- 1 postfix postfix 8192 Mar 1 12:46 smtpd_tls_session_cache.db
-rw------- 1 postfix postfix 20480 Mar 1 12:46 smtp_tls_session_cache.dbThank you again for the help
Hi @Stoiko Ivanov! I took a look at this a bit today, finally had some time. Here's what I see when running
postconf -d in regards to the address verification database:address_verify_cache_cleanup_interval = 12h
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map = btree:$data_directory/verify_cache
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_pending_request_limit = 5000
address_verify_poll_count = ${stress?{1}:{3}}
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_sender_ttl = 0s
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport/etc/pmg/templates/main.cf.in file and still no luck, the output above doesn't change either:address_verify_map = btree:/var/lib/postfix/verify_cacheverify_cache.db is not being created. What else could be going on? I've rebooted the appliance as well. Thank you. ll /var/lib/postfix/
total 948
-rw------- 1 postfix postfix 8192 Apr 8 12:00 lmtp_tls_session_cache.db
-rw------- 1 postfix postfix 33 Apr 8 12:00 master.lock
-rw------- 1 postfix postfix 925696 Apr 8 12:01 postscreen_cache.db
-rw------- 1 postfix postfix 1024 Apr 8 12:00 prng_exch
-rw------- 1 postfix postfix 8192 Apr 8 12:01 smtpd_tls_session_cache.db
-rw------- 1 postfix postfix 16384 Apr 8 12:01 smtp_tls_session_cache.db550 5.1.1 User unknown and will quarantine the email rather than bounce it. Seems like a possible bug, as address verification is coming after the spam checks. Do you think there is a race condition or the checks are just done in the wrong order?Apr 8 12:30:50 smtp postfix/smtpd[2946]: connect from unknown[91.228.101.146]
Apr 8 12:30:55 smtp postfix/smtpd[2946]: 9B087142FA0: client=unknown[91.228.101.146]
Apr 8 12:31:00 smtp postfix/cleanup[2951]: 9B087142FA0: message-id=<0.0.0.4B.1D72CAB179FFFD4.3838C4@mail.get-19.us>
Apr 8 12:31:00 smtp postfix/qmgr[1951]: 9B087142FA0: from=<renewal-by-andersen-replacement-windows-dane=domain.com@get-19.us>, size=5161, nrcpt=1 (queue active)
Apr 8 12:31:00 smtp pmg-smtp-filter[2982]: 142F9A606F59F48973C: new mail message-id=<0.0.0.4B.1D72CAB179FFFD4.3838C4@mail.get-19.us>#012
Apr 8 12:31:04 smtp pmg-smtp-filter[2982]: 142F9A606F59F48973C: SA score=11/5 time=3.788 bayes=0.52 autolearn=no autolearn_force=no hits=ADMITS_SPAM(4.062),BAYES_50(0.8),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),HTML_MESSAGE(0.001),JMQ_SPF_NEUTRAL(0.5),KAM_DMARC_STATUS(0.01),KAM_HTMLNOISE(1),KAM_INFOUSMEBIZ(0.75),MIME_HTML_ONLY(0.1),MIME_HTML_ONLY_MULTI(0.001),MPART_ALT_DIFF(0.79),RAZOR2_CF_RANGE_51_100(1.886),RAZOR2_CHECK(0.922),RDNS_NONE(0.793),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)
Apr 8 12:31:04 smtp pmg-smtp-filter[2982]: 142F9A606F59F48973C: moved mail for <dane@domain.com> to spam quarantine - 142F9B606F59F87511F (rule: Quarantine/Mark Spam (Level 2))
Apr 8 12:31:04 smtp pmg-smtp-filter[2982]: 142F9A606F59F48973C: processing time: 3.93 seconds (3.788, 0.059, 0)
Apr 8 12:31:04 smtp postfix/lmtp[2952]: 9B087142FA0: to=<dane@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.9, delays=4.9/0/0/3.9, dsn=2.5.0, status=sent (250 2.5.0 OK (142F9A606F59F48973C))
Apr 8 12:31:04 smtp postfix/qmgr[1951]: 9B087142FA0: removed
Apr 8 12:31:16 smtp postfix/smtpd[2946]: disconnect from unknown[91.228.101.146] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5Apr 8 11:58:01 smtp postfix/smtpd[1568]: connect from localhost.localdomain[127.0.0.1]
Apr 8 11:58:01 smtp postfix/smtpd[1568]: 7F44B142FAE: client=localhost.localdomain[127.0.0.1], orig_client=web.janusmta.com[170.130.35.134]
Apr 8 11:58:01 smtp postfix/cleanup[1562]: 7F44B142FAE: message-id=<0.0.0.6.1D72CA1F8B74E96.656FDD@mail.wastkocto.com>
Apr 8 11:58:01 smtp postfix/qmgr[988]: 7F44B142FAE: from=<solarbrightfloodlightcom_offer-anthony=domain.com@wastkocto.com>, size=10433, nrcpt=1 (queue active)
Apr 8 11:58:01 smtp postfix/smtpd[1568]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Apr 8 11:58:01 smtp postfix/smtp[1471]: Trusted TLS connection established to exchange.domain.com[192.168.56.12]:2525: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Apr 8 11:58:06 smtp postfix/smtp[1471]: 7F44B142FAE: to=<anthony@domain.com>, relay=exchange.domain.com[192.168.56.12]:2525, delay=5.2, delays=0.06/0/0.13/5, dsn=5.1.1, status=bounced (host exchange.domain.com[192.168.56.12] said: 550 5.1.1 User unknown (in reply to RCPT TO command))
Apr 8 11:58:16 smtp postfix/qmgr[988]: 7F44B142FAE: removed 550 5.1.1 User unknown status. So address verification is working, it just seems to be out of order.
the second issue is the result of the first issue - so let's concentrate on that ...
I've attached a log with an email that went through to an Unknown user. Thank you!
So the two domains that we have run through Proxmox > Exchange. I've sanitized them to a generic domain name, but the syntax matches.
/^.+@do-main-2\.com$/ OK
/^.+@do-main1\.com$/ OKMy guess - the non-existent user has an address in @do-main1.com or @do-main-2.com?! - if that's the case that explains why there is no recipient verification ... the mail gets accepted because you have whitelisted the domains in the mailsproxy (as regular expression)
So yes, I'm sending to a one of the valid domains to an invalid address. So I should remove my domains from: Configuration > Mail Proxy > Whitelist?
-rw-r--r-- 1 postfix postfix 8192 Apr 12 11:59 verify_cache.dbApr 12 11:59:18 smtp postfix/cleanup[29364]: 00A90143232: message-id=<20210412185918.00A90143232@smtp.orange-sol.com>
Apr 12 11:59:18 smtp postfix/qmgr[29313]: 00A90143232: from=<double-bounce@do-main1.com>, size=243, nrcpt=1 (queue active)
Apr 12 11:59:18 smtp postfix/smtp[29397]: Trusted TLS connection established to exchange.do-main1.com[192.168.56.12]:2525: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Apr 12 11:59:23 smtp postfix/smtp[29397]: 00A90143232: to=<user@do-main1.com>, relay=exchange.do-main1.com[192.168.56.12]:2525, delay=5.8, delays=0/0/0.76/5, dsn=2.1.5, status=deliverable (250 2.1.5 Recipient OK)
Apr 12 11:59:23 smtp postfix/qmgr[29313]: 00A90143232: removedcp -a /var/lib/postfix/verify_cache.db /tmp/test.db
postmap -s btree:/tmp/test
user1@domain.COM 0:0:1618254626:250 2.1.5 Recipient OK
user2@domain.COM 0:0:1618256027:250 2.1.5 Recipient OK
_LAST_CACHE_CLEANUP_COMPLETED_ 1618253957
user3@domain.com 0:0:1618253963:250 2.1.5 Recipient OK
bbarnette@domain.com 2:0:1618255600:host exchange.domain.com[192.168.56.12] said: 550 5.1.1 User unknown (in reply to RCPT TO command)
user4@domain.com 0:0:1618254074:250 2.1.5 Recipient OK
user5@domain.com 0:0:1618254899:250 2.1.5 Recipient OK
distributiongroup1@domain.com 0:0:1618255787:250 2.1.5 Recipient OK
itt@domain.com 2:0:1618255793:host exchange.domain.com[192.168.56.12] said: 550 5.1.1 User unknown (in reply to RCPT TO command)
user6@domain.com 0:0:1618255197:250 2.1.5 Recipient OK
poo@domain2.com 2:0:1618255775:host exchange.domain.com[192.168.56.12] said: 550 5.1.1 User unknown (in reply to RCPT TO command)
poo@domain.com 2:0:1618255775:host exchange.domain.com[192.168.56.12] said: 550 5.1.1 User unknown (in reply to RCPT TO command)
distributiongroup2@domain2.com 0:0:1618255781:250 2.1.5 Recipient OK
distributiongroup3@domain.com 0:0:1618255781:250 2.1.5 Recipient OKThank you for your patience and help. Hopefully this thread will help someone else out in the future.glad we found the issue
It's working great now, it's no longer a honeypot and I'm not having to baby sit the disk space either. Much better!glad we found the issue