1

Topic: Stop "Undelivered Mail Returned to Sender" messages?

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
==== Running" iRedAdmin-Pro v1.4.0 (MySQL)

I would really prefer that the system NOT send any undeliverable messages at all for non-existant users.  They look like this:

--
This is the mail system at host server.somedomain.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<someuser@adomain.com>: user unknown
--

The postfix documentation seems to say that I should be adjusting the "local_recipient_maps" settings, but I am unsure what to set it too....

http://www.postfix.org/LOCAL_RECIPIENT_README.html

2

Re: Stop "Undelivered Mail Returned to Sender" messages?

What's wrong with these messages? Why you want to discard them?

3

Re: Stop "Undelivered Mail Returned to Sender" messages?

Most of them are just spam bounces, some even have virus payloads.  Since outbound delivery's actually go through our barracuda, they show up in statistics that makes people wonder why we're sending out viruses.

4

Re: Stop "Undelivered Mail Returned to Sender" messages?

This issue comes back to me every month or so when our Barracuda sends out a monthly report and people ask why are we sending out spam and viruses.  Again, these are all bounces from the iredmail server which is setup to use the Barracuda as a smart host.  If turning off spam bounces is a bad idea, I revert back to the question, why is the system accepting email to non-existent users?  Shouldn't it be using "local_recipient_maps" or other method to avoid accepting email addressed to people that don't exist in the first place?

5

Re: Stop "Undelivered Mail Returned to Sender" messages?

- Could you please show us output of command "postconf -n" to help troubleshoot?
- iRedMail have "smtpd_reject_unlisted_recipient=yes" in Postfix main.cf by default, and "reject_unlisted_recipient" in "smtpd_recipient_restrictions =" too, so emails sent to non-existent users will be rejected.

My questions:

- Which server send the monthly report email? Barracuda or iRedMail?
- Email sent by others (e.g. gmail, hotmail) will arrive on which server first? Barracuda or iRedMail?

6

Re: Stop "Undelivered Mail Returned to Sender" messages?

ZhangHuangbin wrote:

- Could you please show us output of command "postconf -n" to help troubleshoot?
- iRedMail have "smtpd_reject_unlisted_recipient=yes" in Postfix main.cf by default, and "reject_unlisted_recipient" in "smtpd_recipient_restrictions =" too, so emails sent to non-existent users will be rejected.

Here is the output of postconf -n:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = otcorp.com
myhostname = apone.mydomain.com
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = apone.mydomain.com
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost = [sawtooth.otcorp.com]
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500

- Which server send the monthly report email? Barracuda or iRedMail?

The Barracuda...

- Email sent by others (e.g. gmail, hotmail) will arrive on which server first? Barracuda or iRedMail?

Email is delivered directly to the iRedMail server.  Outgoing emails from the iRedMail server is using the Barracuda as a smarthost.

7

Re: Stop "Undelivered Mail Returned to Sender" messages?

OK, so you didn't cleanup recipient addresses (remove non-existent ones) in Barracuda monthly report email.

Try this in Postfix main.cf:

local_recipient_maps = $alias_maps $virtual_alias_maps $virtual_mailbox_maps

8

Re: Stop "Undelivered Mail Returned to Sender" messages?

I think I just figured it out…the problem is with disabled users.  If a user simply doesn’t exist, the email is not excepted.  If the user is disabled, the email is accepted and then bounced!

It comes down the purpose of the “disabled” switch for each user.  If it is meant to allow you to keep the configuration around to be easily re-enabled later, then I think emails should not be accepted, just like a user that doesn’t exist at all.

On the other hand,  if the switch is mean to stop the user from accessing the email box, perhaps email should be accepted and delivered.

Right now we have the worst of both worlds.