How to bounce unknown recipient / alias

ZombyWoof

New Member
May 11, 2023
5
1
3
Hi - I'm trying out PMG with on-premises Exchange prior to a potential production deployment. Please excuse newbie questions...
Is it possible to bounce incoming mail for unknown Exchange/AD recipients and recipient aliases BEFORE any spam processing (with an 'unknown recipient' message)?
And then, only once that process is performed, do spam protection processing ONLY for known recipients?
Currently, incoming messages to appear to be accepted and queued and only then checked for valid (exchange) recipient. Does this tell a sender that 'we are thinking about this' before finally returning a reject?
When I was using ScrolloutF1 there was a feature to test (using AD/LDAP lookup) for valid recipients (and rejecting if not valid) before any queuing or spam processing. This would seem to reduce the overhead of queuing before a decision for unknowns?

the initial response is:
: CCB1E1818DA: to=<unknown@[obfuscated].com>, relay=172.16.10.12[172.16.10.12]:25, delay=5, delays=0/0.01/0/5, dsn=2.1.5, status=deliverable (250 2.1.5 Recipient OK)
...which is potentially misleading?

Only after that initial response
: 181B29646493FEDF7AD: accept mail to <unknown@[obfuscated].com> (90B96181BD6) (rule: default-accept)
: 181B29646493FEDF7AD: processing time: 3.728 seconds (3.634, 0.025, 0)
: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (181B29646493FEDF7AD); from=<[obfuscated]@outlook.com> to=<unknown@[obfuscated].com> proto=ESMTP helo=<EUR05-AM6-obe.outbound.protection.outlook.com>
: disconnect from mail-am6eur05olkn2087.outbound.protection.outlook.com[40.92.91.87] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
: 90B96181BD6: to=<unknown@[obfuscated].com>, relay=172.16.10.12[172.16.10.12]:25, delay=5.1, delays=0.05/0/0/5, dsn=5.1.10, status=bounced (host 172.16.10.12[172.16.10.12] said: 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup (in reply to end of DATA command))
: 90B96181BD6: removed

Also, it is possible to tailor the polite 'I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.' that also includes alot of detail about internal addressing and process to something more terse?

Thanks
 
Last edited:
s it possible to bounce incoming mail for unknown Exchange/AD recipients and recipient aliases BEFORE any spam processing (with an 'unknown recipient' message)?
In general this is what Recipient verification is for - GUI->Configuration->Mail Proxy->Options

I think Exchange needs some configuration to support it (it needs to reply with a permanent error (5xx) for a non-existing recipient after the RCPT TO command)

I hope this helps!
 
Thanks both.
@Stoiko - Overall newbie comment is that when the installation and documentation says 'Configure PMG via the GUI', most of the docs refer to config file entries, as opposed to explaining how to achieve things using the GUI. I get that the docs explain the relationship between (most of) the GUI options and the entries in the config files but (maybe it's so obvious to PMG developers?) there is little explanation of WHAT the options actually DO, and the effect on the mail processing. For example, in the docs, the explanation:
verifyreceivers: <450 | 550>
Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address. (postfix options reject_unknown_recipient_domain, reject_unverified_recipient, and unverified_recipient_reject_code)

is confusing as to what component is producing a reject code; I have figured out and enabled the options in Exchange, but that required considerable third-party googling to a. get the process working and b. to understand that the 450/550 comes from the actual end mail server (in my case Exchange).

1. So, to be specific, the Recipient Verification option is presented as 'Verify Receivers' with No, Yes(450), Yes(550) options.
2. Does the 'Reject unknown clients' play a part in incoming messages.
3. Is the 'Before Queue Filtering' relevant in testing valid recipient before queueing / SPAM processing?

@seragim - thanks, yes, I get thet it's possible :) , but my question is how to do that - how do I order the processes and which entries do i need to modify?
Also, maybe I'm being dense, but you refer to 'Settings'. I don't see that section / tab on the GUI?

Relating to recipient verification again, most forums indicate that it's not implemented to perform AD/LDAP recipient verification. However, I see options under MailFilter>Who to test for LDAP User or Group. Can this perform AD/LDAP lookup recipient verification?

I would really like to understand more about all of this but the learning curve seems to be very steep...

Thanks
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!