Postfix forwarder - bounce retries

biggsy

I had an interesting issue with the postfix package yesterday and thought I should share the experience.

My setup consists of pfSense 2.0 (a virtual machine on ESXi 5.0) running the posfix/postcreen package as a front-end filter for my real mail server, another VM.

An inbound email arrived, postscreen and postfix did their job and and, within the rules I've set, postfix tried to pass the email to my mail server.

The email was addressed to a non-existent user and my mail server rejected it.  Postfix picked up that rejection and attempted to email the sender a non-delivery notice.

The sender was a (probably bogus) AOL user name but the AOL mail servers don't accept connections from dynamic IPs like mine.  As AOL rejected the connection, not the email, Postfix queued the non-delivery notice to resend.

By default, postfix will retry every 4000 seconds (~ 70 mins) for five days.  That's a lot of retries and my syslog grew pretty quickly.

To clear the message from the queue I entered the following through the command line:

postsuper -d ALL deferred

To try and prevent this happening again I have set this parameter in custom main.cf options:

bounce_queue_lifetime = 0s

According to the postfix tuning guide (http://www.postfix.org/TUNING_README.html), this is

How long a MAILER-DAEMON message stays in the queue before it is considered undeliverable. Specify 0 for mail that should be tried only once.

Not having an AOL account (and no desire for one ;D) I can't easily test this.  It may be that rejected connections don't count in the same way as rejected emails.

This is probably not the best solution anyway.  I could, for example, cut back the queue lifetime to say half a day but that's still quite a few retries.  At the moment there is a risk that legitimate outbound emails could be discarded because the target mail server is down.  Then there is the possible problem of postfix trying to email me a non-delivery notice for the non-delivery notice.

I'd be happy to hear of any suggestions for improving the handling of this type of situation.

biggsy

marcelloc

Thanks for detailed feedback  :)

You can reduce this alerts configuring recipients tab.

You have options to search Active Directory for it, specify a file or simple paste your mailbox list on custom field.

This way, an invalid recipient will be rejected before mail get to queue.

biggsy

Thank you.

I had considered exporting the valid recipients list but I'll have to think about how I can automate any updates.

biggsy

Marcello,

Is the third example below missing a slash?

PCRE filters that are applied to initial message headers(except for the headers that are processed with mime_header_checks Hint:
/^Subject:.*(viagra|cialis|levitra|day price):/ REJECT
/^From:.spammer@myspam.net/ REJECT
/^From:.@mytrustdomain OK
See http://www.postfix.org/header_checks.5.html for more help

Should it be:

/^From:.*@mytrustdomain/ OK

Biggsy

marcelloc

Yes, It's missing.

what mail server do you use?

biggsy

Thanks.

I have used a Windows-based mail server called MailEnable (free Standard edition) for about 8 years now.

marcelloc

I saw that there is a forum on MailEnable site. You can try to find out how to extract valid recipients there.