postfix accepting email for any user

Discussion in 'Installation/Configuration' started by lifeisboost, Oct 13, 2010.

  1. lifeisboost

    lifeisboost New Member

    One of my ispconfig installations has shown an odd behavior the last couple of days.

    It is ispconfig 3 and does NOT use a catchall. My mail server has been having high cpu loads. a little investigating found it to be accepting emails for [email protected]. the server has 2 domains tld.com and the mail alias of tld2.com that points to tld.com these 2 domains no matter what the user address is IE [email protected] or [email protected], postfix is accepting email and creating a user mail folder under /etc/vmail/tld.com . for some reason the server has stopped bouncing invalid recipients and is now accepting them. Im at a loss on this one any help is appreciated.
     
    Last edited: Oct 13, 2010
    lifeisboost, Oct 13, 2010
    #1
  2. lifeisboost

    lifeisboost New Member

    as of today i am now up to 11k directorys under var/vmail/tld.com i went over this server and even built a new one following the debian perfect setup. the new server is doing the same thing.
     
    lifeisboost, Oct 13, 2010
    #2
  3. falko

    falko Super Moderator Howtoforge Staff

    What's in your /etc/postfix/main.cf?
     
    falko, Oct 14, 2010
    #3
  4. lifeisboost

    lifeisboost New Member

    here you go, im finally revisiting this as i would liek to find a solution. i had just disabled the add on domains that where doing this but since have re-enabled them and the problem is still here

    Code:
    
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no


append_dot_mydomain = no

readme_directory = /usr/share/doc/postfix


smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache



myhostname = srvmail1.tld.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = srvmail1.tld.net, localhost, localhost.localdomain
relayhost = 
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_tls_security_level = may
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0
     
    Last edited: Oct 29, 2010
    lifeisboost, Oct 28, 2010
    #4
  5. falko

    falko Super Moderator Howtoforge Staff

    Till has found the problem and is working on it. Open /var/vmail/.mailfilter and change it as follows:

    Code:
    #
# Autocreate maildir, if not existant
#

#`test -e /var/vmail/$HOST`
#if ( $RETURNCODE != 0 )
#{
#  `mkdir /var/vmail/$HOST`
#}

#`test -e /var/vmail/$HOST/$USER`
#if ( $RETURNCODE != 0 )
#{
#  `maildirmake /var/vmail/$HOST/$USER`
#  `chmod -R 0700 /var/vmail/$HOST`
#}

`test -e /var/vmail/$HOST/$USER`
if ( $RETURNCODE != 0 )
{
EXITCODE = 67
exit
}
    Now if a mail is sent to a non-existing mailbox, maildrop will return a "no such user here" message. The only drawback is that ISPConfig's welcome email messages won't work anymore, but Till is working on that as well.
     
    falko, Oct 29, 2010
    #5
  6. lifeisboost

    lifeisboost New Member

    Here is what my file will look after the edits, is this correct?

    Code:
    #
# Import variables
#

LOGNAME=tolower("$LOGNAME")
EXTENSION="$1"
RECIPIENT=tolower("$2")
USER=tolower("$3")
HOST=tolower("$4")
SENDER="$5"
DEFAULT="/var/vmail/$HOST/$USER/."

# Workaround for broken tolower function in some current fedora releases

if(!$USER)
{
  USER=$3
}
if(!$HOST)
{
  HOST=$4
}

if ( "$EXTENSION" ne "" )
{
  DELIMITER="+"
}

if (!$SENDER)
{
  SENDER = "<>"
}

#
# Autocreate maildir, if not existant
#

#`test -e /var/vmail/$HOST`
#if ( $RETURNCODE != 0 )
#{
#  `mkdir /var/vmail/$HOST`
#}

#`test -e /var/vmail/$HOST/$USER`
#if ( $RETURNCODE != 0 )
#{
#  `maildirmake /var/vmail/$HOST/$USER`
#  `chmod -R 0700 /var/vmail/$HOST`
#}

`test -e /var/vmail/$HOST/$USER`
if ( $RETURNCODE != 0 )
{
EXITCODE = 67
exit
}
     
    lifeisboost, Oct 29, 2010
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    You deleted a lot of lines. Please replace just the part that falko posted without deleting the parts that are after this code snippet.
     
    till, Oct 29, 2010
    #7
  8. lifeisboost

    lifeisboost New Member

    here is the stock ispconfig3 file

    Code:
    #
# Import variables
#

LOGNAME=tolower("$LOGNAME")
EXTENSION="$1"
RECIPIENT=tolower("$2")
USER=tolower("$3")
HOST=tolower("$4")
SENDER="$5"
DEFAULT="/var/vmail/$HOST/$USER/."

# Workaround for broken tolower function in some current fedora releases

if(!$USER)
{
  USER=$3
}
if(!$HOST)
{
  HOST=$4
}

if ( "$EXTENSION" ne "" )
{
  DELIMITER="+"
}

if (!$SENDER)
{
  SENDER = "<>"
}

#
# Autocreate maildir, if not existant
#

`test -e /var/vmail/$HOST`
if ( $RETURNCODE != 0 )
{
  `mkdir /var/vmail/$HOST`
}

`test -e /var/vmail/$HOST/$USER`
if ( $RETURNCODE != 0 )
{
  `maildirmake /var/vmail/$HOST/$USER`
  `chmod -R 0700 /var/vmail/$HOST`
}

# Check if the user has a autoresponder enabled

`test -f /var/vmail/mailfilters/$HOST/$USER/.autoresponder`
if ( $RETURNCODE == 0 )
{
  include "/var/vmail/mailfilters/$HOST/$USER/.autoresponder"
}

# Create a mailsize file
`echo $SIZE >> /var/vmail/$HOST/$USER/ispconfig_mailsize`


#
# Test if the user has his own maildrop include,
# if not available, check if $DEFAULT is set
# (newer maildrop get's that from the DB and updates
# it) and deliver or fail temporarily if not available
#

`test -f /var/vmail/mailfilters/$HOST/$USER/.mailfilter`
if ( $RETURNCODE == 0 )
{
  include "/var/vmail/mailfilters/$HOST/$USER/.mailfilter"
}
else
{
  if ( "$DEFAULT" ne "" )
  {
    to "$DEFAULT"
  }
  else
  {
    EXITCODE=75
    exit
  }
}





    here is my edited file as it will be

    Code:
    #
# Import variables
#

LOGNAME=tolower("$LOGNAME")
EXTENSION="$1"
RECIPIENT=tolower("$2")
USER=tolower("$3")
HOST=tolower("$4")
SENDER="$5"
DEFAULT="/var/vmail/$HOST/$USER/."

# Workaround for broken tolower function in some current fedora releases

if(!$USER)
{
  USER=$3
}
if(!$HOST)
{
  HOST=$4
}

if ( "$EXTENSION" ne "" )
{
  DELIMITER="+"
}

if (!$SENDER)
{
  SENDER = "<>"
}

#
# Autocreate maildir, if not existant
#

#`test -e /var/vmail/$HOST`
#if ( $RETURNCODE != 0 )
#{
#  `mkdir /var/vmail/$HOST`
#}

#`test -e /var/vmail/$HOST/$USER`
#if ( $RETURNCODE != 0 )
#{
#  `maildirmake /var/vmail/$HOST/$USER`
#  `chmod -R 0700 /var/vmail/$HOST`
#}

`test -e /var/vmail/$HOST/$USER`
if ( $RETURNCODE != 0 )
{
EXITCODE = 67
exit
}
# Check if the user has a autoresponder enabled

`test -f /var/vmail/mailfilters/$HOST/$USER/.autoresponder`
if ( $RETURNCODE == 0 )
{
  include "/var/vmail/mailfilters/$HOST/$USER/.autoresponder"
}

# Create a mailsize file
`echo $SIZE >> /var/vmail/$HOST/$USER/ispconfig_mailsize`


#
# Test if the user has his own maildrop include,
# if not available, check if $DEFAULT is set
# (newer maildrop get's that from the DB and updates
# it) and deliver or fail temporarily if not available
#

`test -f /var/vmail/mailfilters/$HOST/$USER/.mailfilter`
if ( $RETURNCODE == 0 )
{
  include "/var/vmail/mailfilters/$HOST/$USER/.mailfilter"
}
else
{
  if ( "$DEFAULT" ne "" )
  {
    to "$DEFAULT"
  }
  else
  {
    EXITCODE=75
    exit
  }
}
     
    lifeisboost, Oct 29, 2010
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Looks fine now.
     
    till, Oct 30, 2010
    #9
  10. lifeisboost

    lifeisboost New Member

    revisiting this again, so after last week i finally upgraded all of my ispconfig3 servers to the latest stable version 3.0.3.3. unfortunately this issue has come back. in the time since i upgraded 3 days agao my var/vmail/tlds have upwards of 36k folder sin them for users that do not exist. I checked the file Till told me to edit in my previous version of ispconfig to fix the issue the first time and it is all correct. so why is ispconfig3 accepting email again for any user sent to [email protected]

    postfix main

    myhostname = srvmail1.XXXX.net
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = srvmail1.XXXX.net, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_invalid_hostname, reject_$
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_$
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    smtpd_delay_reject = yes
    smtpd_helo_restrictions = reject_invalid_hostname
    smtpd_helo_required = yes
    bounce_queue_lifetime = 1d
    maximal_queue_lifetime = 1d
    smtpd_timeout = 50s



    here is a excerpt for one of the accepted emails


    Oct 3 15:05:52 srvmail1 amavis[26861]: (26861-19) Passed CLEAN, [95.56.21.86] [62.91.17.125] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: 0qVc-nX60Avw, Hits: 20.215, size: 1074, queued_as: EF50D894035, 105 ms
    Oct 3 15:05:52 srvmail1 postfix/smtp[25554]: 6B70C894009: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=21/0/0/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=26861-19, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EF50D894035)
    Oct 3 15:05:52 srvmail1 postfix/pipe[26394]: EF50D894035: to=<[email protected]>, orig_to=<[email protected]>, relay=maildrop, delay=0.11, delays=0.02/0/0/0.09, dsn=2.0.0, status=sent (delivered via maildrop service)

    this is killing my mail servers.....
     
    Last edited: Oct 3, 2011
    lifeisboost, Oct 3, 2011
    #10
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    The updated replaced the file we talked above, so you have to redo your changes.
     
    till, Oct 4, 2011
    #11

Share This Page