How prevent the sender the recipients don't exist

[JacquesAMAR]

Hi,
I would like to know how to add an action to warn the sender that the recipient's address does not exist.

When I look at the tracking Pmg, the Exchange server returns this information but the sender does not receive it

Dec 27 11:36:36 aci-pmg01 postfix/smtp[164713]: 13115C103B: to=<ngeorges@groupealliance.eu>, relay=aci-exch01.alliance.net[192.168.0.8]:25, delay=5.1, delays=0.01/0/0.07/5, dsn=5.1.1, status=bounced (host aci-exch01.alliance.net[192.168.0.8] said: 550 5.1.1 User unknown (in reply to end of DATA command))

Thank you very much and happy holidays to all

Jacques A.

 

[poetry]

Can you check if you have this enabled:
Configuration - Mail Proxy - Options - Verify Receivers - Yes (450 or 550)

From the manual:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html
verifyreceivers: <450 | 550>
Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address.

You might also need to enable:
Configuration - Mail Proxy - Options - Before Queue Filtering (Yes)

From the manual:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html

Before and After Queue Filtering
Proxmox Mail Gateway can be configured to either accept the mail, by sending a response of 250 OK, and scan it afterwards, or alternatively inspect the mail directly after it has the content and respond with a reject 554 if the mail is blocked by the rule system. These options are known as After Queue and Before Queue filtering respectively (see Before and After Queue Scanning).

 

[JacquesAMAR]

Can you check if you have this enabled:
Configuration - Mail Proxy - Options - Verify Receivers - Yes (450 or 550)

From the manual:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html
verifyreceivers: <450 | 550>
Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address.

You might also need to enable:
Configuration - Mail Proxy - Options - Before Queue Filtering (Yes)

From the manual:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html

Before and After Queue Filtering
Proxmox Mail Gateway can be configured to either accept the mail, by sending a response of 250 OK, and scan it afterwards, or alternatively inspect the mail directly after it has the content and respond with a reject 554 if the mail is blocked by the rule system. These options are known as After Queue and Before Queue filtering respectively (see Before and After Queue Scanning).

Thanks for your reponse. I have modify options "Enable receiver verification" and enable "Before Queue Filtering" but it's not sufficient.
Now I deal with the "Before and After Queue Filtering" option. As I've never done that, I already read the documentation so as not to make any mistakes. I'll keep you informed. Thank you again for your help.

 

[poetry]

Thanks for your reponse. I have modify options "Enable receiver verification" and enable "Before Queue Filtering" but it's not sufficient.
Now I deal with the "Before and After Queue Filtering" option. As I've never done that, I already read the documentation so as not to make any mistakes. I'll keep you informed. Thank you again for your help.

Make sure you restart the server when you make such changes and then test again. I like to test with test email account on gmail, microsoft or yahoo mail and see how things are working by sending a test email to unknown email account for example.

Depending on the senders mail configuration this might work differently. I have noticed that with my testing.

Just tested and if I send email to unknown addresses for two different mail systems we use I get this response back on gmail test account:

Remote Server returned '550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup'

jnbuidfsbi@example.com - no such user here.

So it might be something else on your configuration that is not allowing this notifications to work. Do you have more information on how are you testing this and do notifications work when you are not using proxmox mail gateway?

 

[JacquesAMAR]

Hi,

I enabled the "Send NDR on Blocked E-Mails" option but the sender still does not receive the message that says the mailbox does not exist.
Configuration options :
Verify Receivers : Yes(550)
Send NDR on Blocked E-Mails : YES
Before Queue Filtering : YES
After change, I have reboot server

Below, the test that says that the mailbox does not exist.

Dec 29 14:33:36 aci-pmg01 postfix/smtpd[901]: connect from mail-wm1-f53.google.com[209.85.128.53] Dec 29 14:33:36 aci-pmg01 postfix/smtpd[901]: Anonymous TLS connection established from mail-wm1-f53.google.com[209.85.128.53]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 Dec 29 14:33:36 aci-pmg01 postfix/smtpd[901]: NOQUEUE: client=mail-wm1-f53.google.com[209.85.128.53] Dec 29 14:33:36 aci-pmg01 pmg-smtp-filter[918]: C0CD763AD9730E0DB3: new mail message-id=<CANEv24+mLuS4e75SGLkm5bgQ807N5U+Vo+cLSeZoQtfAi-=0rA@mail.gmail.com>#012 Dec 29 14:33:37 aci-pmg01 pmg-smtp-filter[918]: C0CD763AD9730E0DB3: SA score=0/5 time=0.970 bayes=undefined autolearn=ham autolearn_force=no hits=AWL(0.171),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001) Dec 29 14:33:37 aci-pmg01 postfix/smtpd[924]: connect from localhost.localdomain[127.0.0.1] Dec 29 14:33:37 aci-pmg01 postfix/smtpd[924]: ED5E6C0CD8: client=localhost.localdomain[127.0.0.1], orig_client=mail-wm1-f53.google.com[209.85.128.53] Dec 29 14:33:37 aci-pmg01 postfix/cleanup[925]: ED5E6C0CD8: message-id=<CANEv24+mLuS4e75SGLkm5bgQ807N5U+Vo+cLSeZoQtfAi-=0rA@mail.gmail.com> Dec 29 14:33:37 aci-pmg01 postfix/qmgr[876]: ED5E6C0CD8: from=<jacquesm.amar@gmail.com>, size=4282, nrcpt=1 (queue active) Dec 29 14:33:37 aci-pmg01 postfix/smtpd[924]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5 Dec 29 14:33:37 aci-pmg01 pmg-smtp-filter[918]: C0CD763AD9730E0DB3: accept mail to <ngeorges@groupealliance.eu> (ED5E6C0CD8) (rule: default-accept) Dec 29 14:33:37 aci-pmg01 pmg-smtp-filter[918]: C0CD763AD9730E0DB3: processing time: 1.059 seconds (0.97, 0.053, 0) Dec 29 14:33:37 aci-pmg01 postfix/smtpd[901]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (C0CD763AD9730E0DB3); from=<jacquesm.amar@gmail.com> to=<ngeorges@groupealliance.eu> proto=ESMTP helo=<mail-wm1-f53.google.com> Dec 29 14:33:37 aci-pmg01 postfix/smtp[880]: Untrusted TLS connection established to aci-exch01.alliance.net[192.168.0.8]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) Dec 29 14:33:38 aci-pmg01 postfix/smtp[880]: ED5E6C0CD8: to=<ngeorges@groupealliance.eu>, relay=aci-exch01.alliance.net[192.168.0.8]:25, delay=0.08, delays=0.01/0/0.07/0, dsn=4.7.0, status=deferred (host aci-exch01.alliance.net[192.168.0.8] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 (in reply to end of DATA command)) Dec 29 14:34:10 aci-pmg01 postfix/smtpd[901]: disconnect from mail-wm1-f53.google.com[209.85.128.53] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7 Dec 29 14:34:41 aci-pmg01 postfix/qmgr[876]: ED5E6C0CD8: from=<jacquesm.amar@gmail.com>, size=4282, nrcpt=1 (queue active) Dec 29 14:34:41 aci-pmg01 postfix/smtp[880]: Untrusted TLS connection established to aci-exch01.alliance.net[192.168.0.8]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) Dec 29 14:34:46 aci-pmg01 postfix/smtp[880]: ED5E6C0CD8: to=<ngeorges@groupealliance.eu>, relay=aci-exch01.alliance.net[192.168.0.8]:25, delay=69, delays=64/0.02/0.06/5.1, dsn=5.1.1, status=bounced (host aci-exch01.alliance.net[192.168.0.8] said: 550 5.1.1 User unknown (in reply to end of DATA command)) Dec 29 14:34:46 aci-pmg01 postfix/qmgr[876]: ED5E6C0CD8: removed

 

[JacquesAMAR]

If I do a test in internal server without to use te proxmox I received this message :

Échec de la remise pour ces destinataires ou groupes :

'ngeorges@groupealliance.eu' (ngeorges@groupealliance.eu)
L'adresse de messagerie que vous avez entrée est introuvable. Vérifiez l'adresse de messagerie du destinataire et essayez de renvoyer le message. Si le problème persiste, contactez le support technique de votre organisation.





Informations de diagnostic pour les administrateurs :

Serveur de génération : ACI-EXCH01.alliance.net

ngeorges@groupealliance.eu
Remote Server returned '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found'

En-têtes de message d'origine :

Received: from ACI-EXCH01.alliance.net (192.168.0.8) by
style='color:gray'> ACI-EXCH01.alliance.net (192.168.0.8) with Microsoft SMTP Server (TLS) id
style='color:gray'> 15.0.1497.36; Thu, 29 Dec 2022 14:48:11 +0100
style='color:gray'>Received: from ACI-EXCH01.alliance.net ([::1]) by ACI-EXCH01.alliance.net
style='color:gray'> ([::1]) with mapi id 15.00.1497.036; Thu, 29 Dec 2022 14:48:11 +0100
style='color:gray'>Content-Type: application/ms-tnef; name="winmail.dat"
style='color:gray'>Content-Transfer-Encoding: binary
From: AMAR Jacques <href="mailto:mamar@groupealliance.eu">mamar@groupealliance.eu>style='color:gray'>To: "'ngeorges@groupealliance.eu'" <href="mailto:ngeorges@groupealliance.eu">ngeorges@groupealliance.eu>style='color:gray'>Subject: test
style='color:gray'>Thread-Topic: test
style='color:gray'>Thread-Index: AdkbjCOrgrhV3K36SairiNBWBT8TRA==
style='color:gray'>Date: Thu, 29 Dec 2022 14:48:10 +0100
style='color:gray'>Message-ID: <href="mailto:50ec170e6f4b4758ba58eee59d691028@ACI-EXCH01.alliance.net">50ec170e6f4b4758ba58eee59d691028@ACI-EXCH01.alliance.net>style='color:gray'>Accept-Language: fr-FR, en-US
style='color:gray'>Content-Language: fr-FR
style='color:gray'>X-MS-Has-Attach: yes
style='color:gray'>X-MS-TNEF-Correlator: <href="mailto:50ec170e6f4b4758ba58eee59d691028@ACI-EXCH01.alliance.net">50ec170e6f4b4758ba58eee59d691028@ACI-EXCH01.alliance.net>style='color:gray'>MIME-Version: 1.0
style='color:gray'>X-MS-Exchange-Transport-FromEntityHeader: Hosted
style='color:gray'>X-Originating-IP: [192.168.0.101]
style='color:gray'>Return-Path: mamar@groupealliance.eu

 

[Stoiko Ivanov]

* make sure that PMG is configured to receive mails from external sources (e.g. gmail) on the external port (which is 25 by default)! - recipient verification is carried out for inbound mail from external sources only.
* you can reset the verification database (used to cache existing and non-existing addresses ) at GUI->Administration->Queues (button 'Discard address verification cache')

if this does not help dump the database with postmap - see e.g.: https://forum.proxmox.com/threads/address-verification-database.84295/page-2#post-383686

additionally check the complete postfix log (/var/log/mail.log) for messages for created bounces)

I hope this helps!

 

[JacquesAMAR]

I think I have found the solution.
In our model of configuration we use a DMARC.

In Log I have this trace "host mx-eu.mail.am0.yahoodns.net[188.125.72.73] said: 554 5.7.9 Message not accepted for policy reasons. See https://postmaster.yahooinc.com/error-codes (in reply to end of DATA command))"

I think I must change the Public DNS entry for not reject the error message.

I'm doing the change and I inform you.

Trace information in the Web
If your emails are being rejected by Yahoo recipients with the error "554 5.7.9: Message not accepted for policy reasons", it means that your email failed one or more authentication checks that Yahoo uses to verify that emails are truly sent from the domains they claim to originate from.

Usually, this happens with people who have a DMARC reject policy in place. Setting up Yahoo! FBL will resolve the domain misalignment issue that causes the bounce error.

Jacques A

 

[JacquesAMAR]

Hi,
Happy new year.
It's resolved for me. I have change the entry DNS Dmarc with "none" instead of "Reject" and it's good.
Thank a lot.
Jacques A.