Problem with Verify Receivers and bounce message / Recipient address lookup failed

OliverB

Active Member
Apr 22, 2016
105
3
38
25
Hello,

I use proxmox mail gateway as a relay server. The final mail server is a postfix server. I enabled the verify receivers and set it to Yes (550) on PMG.

I tested with some test e-mail:

550 5.1.1 <unknown@mydomain.de>: Recipient address rejected: undeliverable address: Recipient address lookup failed

Why is there the error message Recipient address lookup failed?

On the final server I enable the VRFY Command. In Tracking Center on PMG I see the email is coming in but I was wondering that I see some email back from my final e-mail server with double-bounce@mydomain.de.

See logfiles:

this is message from final mail server, looks ok I would say:

Code:
Sep 9 22:46:03 pmg postfix/qmgr[21226]: C5C74211DE: from=<double-bounce@mydomain>, size=253, nrcpt=1 (queue active)
Sep 9 22:46:03 pmg postfix/smtp[23406]: C5C74211DE: to=<unknown@mydomain.de>, relay=10.10.10.1[10.10.10.1]:25, delay=0.06, delays=0/0.01/0.05/0, dsn=5.1.1, status=undeliverable (host 10.10.10.1[10.10.10.1] said: 550 5.1.1 <unknown@mydomain.de>: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command))
Sep 9 22:46:03 pmg postfix/qmgr[21226]: C5C74211DE: removed

Now here is the log of PMG, PMG show status rejected in tracking center:

Code:
Sep 9 22:46:02 mail postfix/smtpd[23311]: connect from mail-ed1-f51.google.com[209.85.208.51]
Sep 9 22:46:02 mail postfix/smtpd[23311]: Anonymous TLS connection established from mail-ed1-f51.google.com[209.85.208.51]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Sep 9 22:46:06 mail postfix/smtpd[23311]: NOQUEUE: reject: RCPT from mail-ed1-f51.google.com[209.85.208.51]: 550 5.1.1 <unknown@mydomain.de>: Recipient address rejected: undeliverable address: Recipient address lookup failed; from=<myadress@gmail.com> to=<unknown@mydomain.de> proto=ESMTP helo=<mail-ed1-f51.google.com>
Sep 9 22:46:06 mail postfix/smtpd[23311]: disconnect from mail-ed1-f51.google.com[209.85.208.51] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7

Why does PMG send out Recipient address rejected: undeliverable address: Recipient address lookup failed? And why not only Recipient address rejected: User unknown in virtual mailbox table.

Is there only problem because of error message Recipient address lookup failed?


Questions:

1. Is it possible to change the recipient lookup to SQL Backend? Because on default configuration PMG ask via SMTP the internal Mailserver if recipient address is valid.

2. Other question is it possible to filter the double-bounce@mydomain.de message from the tracking center? Maybe hide them in the tracking center any idea how i can do this?

3. How make other the recipient verification? Because on default PMG accept all recipient and delivered it to the relay mail server internal. Is there any optional function?

Regards


Thanks
 
Last edited:

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
7,203
1,134
164
The address verification of PMG is based on postfix' feature. Check out the corresponding README (the postfix documentation is usually very good and clear): http://www.postfix.org/ADDRESS_VERIFICATION_README.html
1. Is it possible to change the recipient lookup to SQL Backend? Because on default configuration PMG ask via SMTP the internal Mailserver if recipient address is valid.
Not directly (as said - address verification is based on postfix address verification) - you can however (although it sounds quite cumbersome and I would not really see the gain):
* use one of postfix database backends and create the list of valid recepients that way (you'd need to adapt the postfix config via the service config templates - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#_service_configuration_templates)
* use the build-in LDAP support in the rule system - although this is after-queue only (no 450/550 to the connecting server)

3. How make other the recipient verification? Because on default PMG accept all recipient and delivered it to the relay mail server internal. Is there any optional function?
as long as your downstream server (the one which is the final destination where PMG sends the emails to) does not accept mail for all mailboxes the address verification does work very well.

I hope this helps!
 

OliverB

Active Member
Apr 22, 2016
105
3
38
25
The address verification of PMG is based on postfix' feature. Check out the corresponding README (the postfix documentation is usually very good and clear): http://www.postfix.org/ADDRESS_VERIFICATION_README.html

Not directly (as said - address verification is based on postfix address verification) - you can however (although it sounds quite cumbersome and I would not really see the gain):
* use one of postfix database backends and create the list of valid recepients that way (you'd need to adapt the postfix config via the service config templates - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#_service_configuration_templates)
* use the build-in LDAP support in the rule system - although this is after-queue only (no 450/550 to the connecting server)


as long as your downstream server (the one which is the final destination where PMG sends the emails to) does not accept mail for all mailboxes the address verification does work very well.

I hope this helps!


Thanks for fast reply. My Backend Server (Postfix) have MySQL Backend. Is it possible to use this for recipient lookup? Only lookup for recipient lookup (Mailbox Lookup) not for Domain lookup. Without recipient verification enable on PMG I have a Backscatter Problem.

With recipient verification, PMG Checks Mailbox available. But If i delte or disable Mailbox cache time is 7 days and i have Backscatter Problem again.

Any template or information how can pmg can only check Mailbox available via SQL?
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
7,203
1,134
164
Thanks for fast reply. My Backend Server (Postfix) have MySQL Backend. Is it possible to use this for recipient lookup? Only lookup for recipient lookup
This should be technically possible - check the postfix documentation - http://www.postfix.org/postconf.5.html#relay_recipient_maps
You would need to add the mysql-queries there.
Since I have not really configured postfix with a database backend - I cannot provide you with any particular details - but you'd need to expose your mysql to the PMG-installation (and create a dedicated user for that)

But If i delte or disable Mailbox cache time is 7 days and i have Backscatter Problem again.
You can configure the time those entries are cached:
http://www.postfix.org/verify.8.html

Any template or information how can pmg can only check Mailbox available via SQL?
maybe these links can help:
https://forum.efa-project.org/viewtopic.php?t=2223
https://serverfault.com/questions/710450/postfix-ignoring-relay-recipient-maps

I hope this helps!
 

OliverB

Active Member
Apr 22, 2016
105
3
38
25
This should be technically possible - check the postfix documentation - http://www.postfix.org/postconf.5.html#relay_recipient_maps
You would need to add the mysql-queries there.
Since I have not really configured postfix with a database backend - I cannot provide you with any particular details - but you'd need to expose your mysql to the PMG-installation (and create a dedicated user for that)


You can configure the time those entries are cached:
http://www.postfix.org/verify.8.html


maybe these links can help:
https://forum.efa-project.org/viewtopic.php?t=2223
https://serverfault.com/questions/710450/postfix-ignoring-relay-recipient-maps

I hope this helps!

Thanks for fast reply I tested something but have the following error:

unsupported dictionary type: mysql

Question is now, is it a problem to install postfix-mysql on PMG systems? Because postfix-mysql write something in

dynamicmaps.cf

This file is not in /var/lib/pmg/templates
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
7,203
1,134
164
for the postfix config (apart from /etc/aliases) - only the files in /var/lib/pmg/templates should get rendered.
So there should be no problem

Keep in mind that this is not really a common setup - so please report if you run into any problems - if possible we'll try to find a workaround
 

OliverB

Active Member
Apr 22, 2016
105
3
38
25
for the postfix config (apart from /etc/aliases) - only the files in /var/lib/pmg/templates should get rendered.
So there should be no problem

Keep in mind that this is not really a common setup - so please report if you run into any problems - if possible we'll try to find a workaround

Okay thanks, in /etc/pmg/main.cf i use this:

virtual_mailbox_maps = proxy:mysql:/etc/pmg/templates/mysql_virtual_mailbox_maps.cf

and the file looks like this

Code:
hosts = dbhost
user = user
password = pw
dbname = dbname
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

If user exist no problem email will send to the mailbox. but if user not exist PMG send out some BOUNCE message that is not so nice. It would be nice if PMG send out 550 no mailbox available.

see also log from PMG:

Code:
Sep 11 17:09:50 mail1 postfix/smtpd[12831]: connect from mail-ed1-f51.google.com[209.85.208.51]
Sep 11 17:09:50 mail1 postfix/smtpd[12831]: Anonymous TLS connection established from mail-ed1-f51.google.com[209.85.208.51]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Sep 11 17:09:53 mail1 postfix/smtpd[12831]: A5B9D202CB: client=mail-ed1-f51.google.com[209.85.208.51]
Sep 11 17:09:53 mail1 postfix/cleanup[12835]: A5B9D202CB: message-id=<CANEQQO5LzaPXsxFSLfMNX=mEsxYSzzM3ms+Y9UzZFoLkLn=CLQ@mail.gmail.com>
Sep 11 17:09:53 mail1 postfix/qmgr[11455]: A5B9D202CB: from=<mysender@domain.de>, size=2870, nrcpt=1 (queue active)
Sep 11 17:09:53 mail1 postfix/smtpd[12831]: disconnect from mail-ed1-f51.google.com[209.85.208.51] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Sep 11 17:09:53 mail1 pmg-smtp-filter[12813]: 20CBC5D790E41BE06E: new mail message-id=<CANEQQO5LzaPXsxFSLfMNX=mEsxYSzzM3ms+Y9UzZFoLkLn=CLQ@mail.gmail.com>#012
Sep 11 17:09:58 mail1 pmg-smtp-filter[12813]: 20CBC5D790E41BE06E: SA score=0/5 time=4.468 bayes=undefined autolearn=ham autolearn_force=no hits=AWL(0.173),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),FREEMAIL_ENVFROM_END_DIGIT(0.25),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)
Sep 11 17:09:58 mail1 postfix/smtpd[12840]: connect from localhost[127.0.0.1]
Sep 11 17:09:58 mail1 postfix/smtpd[12840]: 447A820DA7: client=localhost[127.0.0.1], orig_client=mail-ed1-f51.google.com[209.85.208.51]
Sep 11 17:09:58 mail1 postfix/cleanup[12835]: 447A820DA7: message-id=<CANEQQO5LzaPXsxFSLfMNX=mEsxYSzzM3ms+Y9UzZFoLkLn=CLQ@mail.gmail.com>
Sep 11 17:09:58 mail1 postfix/qmgr[11455]: 447A820DA7: from=<mysender@domain.de>, size=4053, nrcpt=1 (queue active)
Sep 11 17:09:58 mail1 pmg-smtp-filter[12813]: 20CBC5D790E41BE06E: accept mail to <unknown@mydomain.de> (447A820DA7) (rule: default-accept)
Sep 11 17:09:58 mail1 postfix/smtpd[12840]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Sep 11 17:09:58 mail1 pmg-smtp-filter[12813]: 20CBC5D790E41BE06E: processing time: 4.504 seconds (4.468, 0.017, 0)
Sep 11 17:09:58 mail1 postfix/lmtp[12836]: A5B9D202CB: to=<unknown@mydomain.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.7, delays=3.1/0/0.04/4.5, dsn=2.5.0, status=sent (250 2.5.0 OK (20CBC5D790E41BE06E))
Sep 11 17:09:58 mail1 postfix/qmgr[11455]: A5B9D202CB: removed

PMG accept the mail but why?
 

OliverB

Active Member
Apr 22, 2016
105
3
38
25
maybe some problem with the mysql-connection? - check the mysql-server logs if postfix connects.
else - try starting various services in debug mode : http://www.postfix.org/DEBUG_README.html
hope this helps!

No MySQL Connection is no problem I can reach the port from the machine. I log I found this:

mail pmg-smtp-filter[14892]: 20D3A5D7915AD930F0: accept mail to <mydomain@domain.de> (729B220DA4) (rule: default-accept)

But on this point the postfix have alreay send 250 O.K. right? Because I have information that pmg-smtp-filter works after mail received by postfix on PMG right?

Maybe some wrong on the query any ideas? PMG Support "%s " variable?

query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
 
Last edited:

OliverB

Active Member
Apr 22, 2016
105
3
38
25
Okay found my problem it looks like the query problem! SELECT maildir.... not working for domain or mailbox ;-)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!