Am 19.03.2016 um 20:23 schrieb Martijn Brinkers:
I had the
problem that the only good way to check for valid e-mail
addresses at my firewall, which also does SPAM prevention and virus
scanning etc., is to use SMPT verify. Before I've setup Ciphermail my
internal mail server was the relay and handled this. With Ciphermail as
a relay between the firewall and my mail server hist was no longer
possible. As I found no solution on the web I decided to build my own:
With this SMTP verify works again. If you know other, better solutions,
please let me know. If you try this and find a bug drop me a note. This
is quick&dirty cut&paste code ... but it works.
Perhaps I misunderstand your requirements but why did you not use the
built-in verify recipients feature? Postfix has the option to verify
whether an internal email address is a valid recipient or not. You can
enable this feature on the MTA page (advanced settings). See "Reject
unveriﬁed recipient" on pag 15
If tried this and it failed. After receiving your mail I did some
further test an now I know why it failed. In the MTA config I read:
the internet hostname of this mail system
My Hostname lead me to enter what is expected: the host name. In my
case: ciphermail.mhc.loc. In main.cf this value is used for
"myhostname". Seems that there is nothing wrong so far, but this is not
true. Sadly Postfix does not use VRFY to check if the address exists. It
tries to do a normal SMTP chat with MAIL FROM and RCPT TO. The problem
is that with the RCPT TO Postfix uses the hostname after the "@":
double-bounce(a)ciphermail.mhc.loc. Postfix uses "myhostname" when
"myorigin" is not set. (see:
). In Ciphermail
Postfix config "myorigin" IS not set. My mailserver replies to this with:
Sent reply to MAIL: 553 5.1.8 Sender address
<double-bounce(a)ciphermail.mhc.loc> domain does not exist
and after the RCPT TO it rejects the Mail. This way EVERY mail gets
rejected. Not because the recipient address does not exist but because
of a missing, correct "myorigin"
When I use a valid domain in "My Hostname", like "mhcsoftware.de", it
Some other interesting observations:
Even if I issue a VRFY to the Ciphermail Postfix it uses a SMTP chat any
way to verify the address. My firewall also does not use VRFY and
instead also uses a SMTP chat. As there is a special command to verify
addresses, why does no one make use of it?
When I fill in a literally wrong value in the "My Hostname" field the
shipped solution works and make mine obsolete.
Add a field "Mail Domain" to the MTA config and use it as "myorigin"
the Postfix config.
MHC SoftWare GmbH
HR Coburg: B2242
Geschäftsführer: Matthias Henze