17 Mar
2016
17 Mar
'16
11:06 p.m.
Hi,
I had the problem that the only good way to check for valid e-mail
addresses at my firewall, which also does SPAM prevention and virus
scanning etc., is to use SMPT verify. Before I've setup Ciphermail my
internal mail server was the relay and handled this. With Ciphermail as
a relay between the firewall and my mail server hist was no longer
possible. As I found no solution on the web I decided to build my own:
https://wiki.mhcsoftware.de/ciphermail
With this SMTP verify works again. If you know other, better solutions,
please let me know. If you try this and find a bug drop me a note. This
is quick&dirty cut&paste code ... but it works.
cheers
Matthias
--
MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany
voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info(a)mhcsoftware.de
HR Coburg: B2242
Geschäftsführer: Matthias Henze
19 Mar
19 Mar
8:23 p.m.
On 03/17/2016 11:06 PM, Matthias Henze wrote:
Hi,
I had the problem that the only good way to check for valid e-mail
addresses at my firewall, which also does SPAM prevention and virus
scanning etc., is to use SMPT verify. Before I've setup Ciphermail my
internal mail server was the relay and handled this. With Ciphermail as
a relay between the firewall and my mail server hist was no longer
possible. As I found no solution on the web I decided to build my own:
https://wiki.mhcsoftware.de/ciphermail
With this SMTP verify works again. If you know other, better solutions,
please let me know. If you try this and find a bug drop me a note. This
is quick&dirty cut&paste code ... but it works.
Hi Matthias,
Perhaps I misunderstand your requirements but why did you not use the
built-in verify recipients feature? Postfix has the option to verify
whether an internal email address is a valid recipient or not. You can
enable this feature on the MTA page (advanced settings). See "Reject
unverified recipient" on pag 15
https://www.ciphermail.com/documents/html/administration-guide/#pff
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter: http://twitter.com/CipherMail
9:43 p.m.
Hi Martijn,
Am 19.03.2016 um 20:23 schrieb Martijn Brinkers:
If tried this and it failed. After receiving your mail I did some
further test an now I know why it failed. In the MTA config I read:
My Hostname
the internet hostname of this mail system
My Hostname lead me to enter what is expected: the host name. In my
case: ciphermail.mhc.loc. In main.cf this value is used for
"myhostname". Seems that there is nothing wrong so far, but this is not
true. Sadly Postfix does not use VRFY to check if the address exists. It
tries to do a normal SMTP chat with MAIL FROM and RCPT TO. The problem
is that with the RCPT TO Postfix uses the hostname after the "@":
double-bounce(a)ciphermail.mhc.loc. Postfix uses "myhostname" when
"myorigin" is not set. (see:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html). In Ciphermail
Postfix config "myorigin" IS not set. My mailserver replies to this with:
Sent reply to MAIL: 553 5.1.8 Sender address
<double-bounce(a)ciphermail.mhc.loc> domain does not exist
and after the RCPT TO it rejects the Mail. This way EVERY mail gets
rejected. Not because the recipient address does not exist but because
of a missing, correct "myorigin"
When I use a valid domain in "My Hostname", like "mhcsoftware.de", it
works.
Some other interesting observations:
Even if I issue a VRFY to the Ciphermail Postfix it uses a SMTP chat any
way to verify the address. My firewall also does not use VRFY and
instead also uses a SMTP chat. As there is a special command to verify
addresses, why does no one make use of it?
Conclusion:
When I fill in a literally wrong value in the "My Hostname" field the
shipped solution works and make mine obsolete.
Suggestion:
Add a field "Mail Domain" to the MTA config and use it as "myorigin"
in
the Postfix config.
cheers
Matthias
--
MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany
voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info(a)mhcsoftware.de
HR Coburg: B2242
Geschäftsführer: Matthias Henze
I had the
problem that the only good way to check for valid e-mail
addresses at my firewall, which also does SPAM prevention and virus
scanning etc., is to use SMPT verify. Before I've setup Ciphermail my
internal mail server was the relay and handled this. With Ciphermail as
a relay between the firewall and my mail server hist was no longer
possible. As I found no solution on the web I decided to build my own:
https://wiki.mhcsoftware.de/ciphermail
With this SMTP verify works again. If you know other, better solutions,
please let me know. If you try this and find a bug drop me a note. This
is quick&dirty cut&paste code ... but it works.
Hi Matthias,
Perhaps I misunderstand your requirements but why did you not use the
built-in verify recipients feature? Postfix has the option to verify
whether an internal email address is a valid recipient or not. You can
enable this feature on the MTA page (advanced settings). See "Reject
unverified recipient" on pag 15
https://www.ciphermail.com/documents/html/administration-guide/#pff 
22 Mar
22 Mar
11:57 a.m.
Zitat von Matthias Henze <lists(a)mhcsoftware.de>de>:
Some other interesting observations:
Even if I issue a VRFY to the Ciphermail Postfix it uses a SMTP chat
any way to verify the address. My firewall also does not use VRFY
and instead also uses a SMTP chat. As there is a special command to
verify addresses, why does no one make use of it?
cheers
Matthias
The VRFY is from the time where MTA typically accept all destination
addresses and only later on find out if the recipient exists or not.
Today nearly every MTA first check if the recipient is allowed/valid
before accepting a mail so VRFY is useless and sometimes doesn even
work at all. Thats why the address verification is done with RCPT TO.
This is more of a Postfix question so you might have a look here
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
Regards
Andreas
11 Apr
11 Apr
10:18 p.m.
Hi,
after the update to the latest version upstream verification does no
longer work for some reason. Postfix main.cf looks ok to me. I see:
...
djigzo_reject_unverified_recipient = reject
djigzo_unverified_recipient_reject_code = 550
...
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
I've no clue why Postfix does not verify the mail addresses.
Any suggestions?
TIA
Matthias
Am 22.03.2016 um 11:57 schrieb lst_hoe02(a)kwsoft.de:
Zitat von Matthias Henze <lists(a)mhcsoftware.de>de>:
--
MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany
voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info(a)mhcsoftware.de
HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze
Some other interesting observations:
Even if I issue a VRFY to the Ciphermail Postfix it uses a SMTP chat
any way to verify the address. My firewall also does not use VRFY and
instead also uses a SMTP chat. As there is a special command to verify
addresses, why does no one make use of it?
cheers
Matthias
The VRFY is from the time where MTA typically accept all destination
addresses and only later on find out if the recipient exists or not.
Today nearly every MTA first check if the recipient is allowed/valid
before accepting a mail so VRFY is useless and sometimes doesn even work
at all. Thats why the address verification is done with RCPT TO.
This is more of a Postfix question so you might have a look here
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
Regards
Andreas
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
12 Apr
12 Apr
5:20 p.m.
On 04/11/2017 10:18 PM, Matthias Henze wrote:
Hi,
after the update to the latest version upstream verification does no
longer work for some reason. Postfix main.cf looks ok to me. I see:
...
djigzo_reject_unverified_recipient = reject
djigzo_unverified_recipient_reject_code = 550
...
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
I've no clue why Postfix does not verify the mail addresses.
Why do you think Postfix is not verifying an email address? Did you
receive an email for an invalid email address?
Kind regards,
Martijn Brinkers
Am 22.03.2016 um 11:57 schrieb lst_hoe02(a)kwsoft.de:
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter: http://twitter.com/CipherMail
Zitat von Matthias Henze <lists(a)mhcsoftware.de>de>:
Some other interesting observations:
Even if I issue a VRFY to the Ciphermail Postfix it uses a SMTP chat
any way to verify the address. My firewall also does not use VRFY and
instead also uses a SMTP chat. As there is a special command to verify
addresses, why does no one make use of it?
cheers
Matthias
The VRFY is from the time where MTA typically accept all destination
addresses and only later on find out if the recipient exists or not.
Today nearly every MTA first check if the recipient is allowed/valid
before accepting a mail so VRFY is useless and sometimes doesn even work
at all. Thats why the address verification is done with RCPT TO.
This is more of a Postfix question so you might have a look here
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
Regards
Andreas
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
5:37 p.m.
Am 12.04.2017 um 17:20 schrieb Martijn Brinkers:
On 04/11/2017 10:18 PM, Matthias Henze wrote:
Doped mails by telnet to invalid addresses an then ...
Hi,
after the update to the latest version upstream verification does no
longer work for some reason. Postfix main.cf looks ok to me. I see:
...
djigzo_reject_unverified_recipient = reject
djigzo_unverified_recipient_reject_code = 550
...
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
I've no clue why Postfix does not verify the mail addresses.
Why do you think Postfix is not verifying an email address? Did you receive an email for an invalid email address?
... revived error mails. As well as sending mails from external accounts
and then revived error mails
I've reactivated ma old verify script and everything is fine again ...
Matthias
--
MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany
voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info(a)mhcsoftware.de
HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze
13 Apr
13 Apr
3:10 p.m.
On 04/12/2017 05:37 PM, Matthias Henze wrote:
Am 12.04.2017 um 17:20 schrieb Martijn Brinkers:
SMTP verification works by checking whether the next server accepts the
email address by sending a RCPT TO SMTP command. If the remote server
does not complain, then Postfix will assume the recipient is valid and
this result cached for some time. Could it be that the next server does
not validate the recipients? i.e., that it always returns that a
recipient is valid?
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter: http://twitter.com/CipherMail
On 04/11/2017 10:18 PM, Matthias Henze wrote:
Doped mails by telnet to invalid addresses an then ...
Hi,
after the update to the latest version upstream verification does no
longer work for some reason. Postfix main.cf looks ok to me. I see:
...
djigzo_reject_unverified_recipient = reject
djigzo_unverified_recipient_reject_code = 550
...
smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destination
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
I've no clue why Postfix does not verify the mail addresses.
Why do you think Postfix is not verifying an email address? Did you receive an email for an invalid email
address?
... revived error mails. As well as sending mails from external accounts
and then revived error mails
14 Apr
14 Apr
10:37 a.m.
On 04/13/2017 03:10 PM, Martijn Brinkers wrote:
On 04/12/2017 05:37 PM, Matthias Henze wrote:
A typical setup of CipherMail is
Exchange <-> CipherMail <-> Internet
Note: Exchange is just an example
With SMTP verification, when an email comes in from the Internet, the
CipherMail gateway "asks" Exchange whether a recipient is valid or not.
If the Exchange server reports that the recipient is valid, CipherMail
will accept the message. This only works if Exchange knows about valid
recipients and does not report "Ok" for every recipient. If for example
Exchange is configured to allow relaying of email for the IP address of
the CipherMail server then Exchange will report "Ok" for every
recipient. You can check whether this is the case by logging into
CipherMail and use telnet to connect to your internal Mail server (in
this example Exchange) and check whether the mail server accepts invalid
recipients
Example:
$ telnet exchange.example.com 25
EHLO test
MAIL FROM:<>
RCPT TO: invalidrecipient(a)example.com
The mail server should report that the recipient
invalidrecipient(a)example.com is an invalid recipient.
Note: the above check should be done from the CipherMail server to make
sure that the IP address used to connect to the internal mail server is
the same as the IP of CipherMail
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter: http://twitter.com/CipherMail
Am 12.04.2017 um 17:20 schrieb Martijn Brinkers:
SMTP verification works by checking whether the next server accepts the
email address by sending a RCPT TO SMTP command. If the remote server
does not complain, then Postfix will assume the recipient is valid and
this result cached for some time. Could it be that the next server does
not validate the recipients? i.e., that it always returns that a
recipient is valid? On 04/11/2017 10:18 PM, Matthias Henze wrote:
Doped mails by telnet to invalid addresses an then ...
Hi,
after the update to the latest version upstream verification does no
longer work for some reason. Postfix main.cf looks ok to me. I see:
...
djigzo_reject_unverified_recipient = reject
djigzo_unverified_recipient_reject_code = 550
...
smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destination
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
I've no clue why Postfix does not verify the mail addresses.
Why do you think Postfix is not verifying an email address? Did you receive an email for an invalid email
address?
... revived error mails. As well as sending mails from external accounts
and then revived error mails
2054
days inactive
2447
days old
8 comments
3 participants
participants (3)
-
lst_hoe02@kwsoft.de -
Martijn Brinkers -
Matthias Henze