PMG Problems

[scs_shaman]

Hello. Help me please

1. Connect to LDAP

Configurated Relaying


Relay domains are also configured but the system resolves all non-existent addresses of this domain What have I done wrong?

 

[Stoiko Ivanov]

Not sure if i understand your question correctly, but if you ask why PMG takes mails for non-existing mailboxes - you should enable 'Verify Receivers' in the GUI: 'Configuration' -> 'Mail Proxy' -> 'Options'

Hope this helps!

 

[scs_shaman]

Я вижу, что Proxmox передает его как действительный для обмена

 

[Stoiko Ivanov]

*please post the logs of such a mail?
* for recepient verification to work the downstream server needs to know which mailboxes exist and answer accordingly for non-existing mail-addresses

 

[scs_shaman]

Aug 26 12:22:59 mx1 postfix/smtpd[1043]: connect from mail-ed1-f52.google.com[209.85.208.52]
Aug 26 12:23:06 mx1 postfix/smtpd[1043]: 0F245180070: client=mail-ed1-f52.google.com[209.85.208.52]
Aug 26 12:23:06 mx1 postfix/cleanup[1046]: 0F245180070: message-id=<CAPUWUezLKcyJzBmtzFT20+i=8m+CZJa6xpxJm-QLXvMNGxSHRA@mail.gmail.com>
Aug 26 12:23:06 mx1 postfix/qmgr[1047]: 0F245180070: from=<max.sh@gmail.com>, size=3952, nrcpt=1 (queue active)
Aug 26 12:23:06 mx1 postfix/smtpd[1043]: disconnect from mail-ed1-f52.google.com[209.85.208.52] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Aug 26 12:23:06 mx1 pmg-smtp-filter[860]: 1809A45D63A4FA2D887: new mail message-id=<CAPUWUezLKcyJzBmtzFT20+i=8m+CZJa6xpxJm-QLXvMNGxSHRA@mail.gmail.com>
Aug 26 12:23:06 mx1 pmg-smtp-filter[860]: 1809A45D63A4FA2D887: SA score=0/5 time=0.578 bayes=undefined autolearn=ham autolearn_force=no hits=AWL(0.214),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)
Aug 26 12:23:06 mx1 postfix/smtpd[1054]: connect from localhost.localdomain[127.0.0.1]
Aug 26 12:23:06 mx1 postfix/smtpd[1054]: D12441809A5: client=localhost.localdomain[127.0.0.1], orig_client=mail-ed1-f52.google.com[209.85.208.52]
Aug 26 12:23:06 mx1 postfix/cleanup[1046]: D12441809A5: message-id=<CAPUWUezLKcyJzBmtzFT20+i=8m+CZJa6xpxJm-QLXvMNGxSHRA@mail.gmail.com>
Aug 26 12:23:06 mx1 postfix/qmgr[1047]: D12441809A5: from=<max.sh@gmail.com>, size=5106, nrcpt=1 (queue active)
Aug 26 12:23:06 mx1 pmg-smtp-filter[860]: 1809A45D63A4FA2D887: accept mail to <fdsf@eurodomain.com> (D12441809A5) (rule: default-accept)
Aug 26 12:23:06 mx1 postfix/smtpd[1054]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Aug 26 12:23:06 mx1 pmg-smtp-filter[860]: 1809A45D63A4FA2D887: processing time: 0.722 seconds (0.578, 0.048, 0)
Aug 26 12:23:06 mx1 postfix/lmtp[1050]: 0F245180070: to=<fdsf@eurodomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.9, delays=6.1/0.02/0.05/0.73, dsn=2.5.0, status=sent (250 2.5.0 OK (1809A45D63A4FA2D887))
Aug 26 12:23:06 mx1 postfix/qmgr[1047]: 0F245180070: removed
Aug 26 12:23:07 mx1 postfix/smtp[1048]: D12441809A5: to=<fdsf@eurodomain.com>, relay=mail.eurodomain.com[192.168.20.15]:25, delay=0.19, delays=0.05/0/0.01/0.13, dsn=2.6.0, status=sent (250 2.6.0 <CAPUWUezLKcyJzBmtzFT20+i=8m+CZJa6xpxJm-QLXvMNGxSHRA@mail.gmail.com> [InternalId=566935683108, Hostname=MAIL1.EU.ML] Queued mail for delivery)
Aug 26 12:23:07 mx1 postfix/qmgr[1047]: D12441809A5: removed



Aug 26 12:23:00 mx1 postfix/cleanup[1046]: 11659180070: message-id=<20190826092300.11659180070@mx1.eurodomain.com>
Aug 26 12:23:00 mx1 postfix/qmgr[1047]: 11659180070: from=<double-bounce@mx1.eurodomain.com>, size=233, nrcpt=1 (queue active)
Aug 26 12:23:05 mx1 postfix/smtp[1048]: 11659180070: to=<fdsf@eurodomain.com>, relay=mail.eurodomain.com[192.168.20.15]:25, delay=5.1, delays=0.02/0.02/0.01/5, dsn=2.1.5, status=deliverable (250 2.1.5 Recipient OK)
26 августа 12:23:05 mx1 postfix / qmgr [1047]: 11659180070: удалено

Downstream Server - Microsoft Exchange 2013

 

[Stoiko Ivanov]

Aug 26 12:23:07 mx1 postfix/smtp[1048]: D12441809A5: to=<fdsf@eurodomain.com>, relay=mail.eurodomain.com[192.168.20.15]:25, delay=0.19, delays=0.05/0/0.01/0.13, dsn=2.6.0, status=sent (250 2.6.0 <CAPUWUezLKcyJzBmtzFT20+i=8m+CZJa6xpxJm-QLXvMNGxSHRA@mail.gmail.com> [InternalId=566935683108, Hostname=MAIL1.EU.ML] Queued mail for delivery)

mail.eurodomain.com accepted the mail for fdsf@eurodomain.com - therefore it is a valid mailbox from postfix point of view:
* the host behind mail.eurodomain.com needs to reject mail for not existing mailboxes (550 No such user) for recepient verification to work!

 

[scs_shaman]

not worked

 

[scs_shaman]

postfix has a connection to ldap. why enable verify recipient if postfix doesn't look at lists in ldap

 

[Stoiko Ivanov]

postfix does not use LDAP - PMG's rule-system does - you can setup a rule which blocks(=drops) all mails which are not to valid recepients)

but still the downstream server should answer correctly (otherwise it's just a bit more resource intensive, since postfix cache is just faster)

 

[scs_shaman]

What does the verify recipient option do?

 

[Stoiko Ivanov]

when enabled - the postfix config is changed so that it tries to verify the recepients (see http://www.postfix.org/ADDRESS_VERIFICATION_README.html)
basically postfix tries to connect to the target server and 'send an email to the recepient', but stops after the RCPT TO command) - if the downstream server says it knows the mailbox (250 -OK ) then postfix caches this response as the mailbox exists - if not it caches it for a shorter timeframe (see the postfix link) and later tries the same again)

I hope this explains it!

 

[scs_shaman]

Exhaustively. Thank. Have recommendations or an article on setting up rules using ldap?

 

[Stoiko Ivanov]

Nothing directly - short of the reference documentation https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_who and https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_ldap_configuration_file to be more precise.
Additionally there are quite a few threads in the forum where people show their configs.

I hope this helps!

 

[scs_shaman]

Thank you!