hi

I'm using postfix version 2.3.8 installed on debian etch stable.
this is an internet mail server for some virtual domains and it seems to work, but if I try:
# telnet localhost 25

ehlo localhost

250-ext.undostres.ch
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

250-VRFY is missing in my case !


my postfix cinfiguration:

# cat /etc/postfix/main.cf

program_directory = /usr/lib/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
soft_bounce = yes

#header_checks = regexp:/etc/postfix/header_checks

#smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes

myhostname = ext.mydomain.net
mydomain = mydomain.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, $myhostname, $mydomain, localhost.$mydomain, localhost.$myhostname
virtual_maps = hash:/etc/postfix/virtusertable

smtpd_banner = $myhostname ESMTP Mailserver

smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_address
smtpd_client_restrictions = reject_invalid_hostname, reject_rbl_client relays.ordb.org

home_mailbox = Maildir/
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_transport = local

# TLS
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_enforce_tls = no
smtpd_tls_auth_only = no

# SASL (Simple Authentication and Security Layer)
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

mailbox_command =
recipient_delimiter = +

mynetworks = 127.0.0.0/8 202.X.X.0/28 192.168.115.0/24

# virtual email accounts
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
transport_maps = mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps

relayhost =
#mailbox_size_limit = 51200000
mailbox_size_limit = 20240000
message_size_limit = 10240000
strict_rfc821_envelopes = yes
inet_interfaces = all

content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

what's wrong and howto solve this problem ?

It's not a problem -- VRFY is great if you're a spammer, so most (all?) mail servers have it turned off now.

Because it's used to tell whether an address is valid, it lets a spammer easily tell which addresses in their database are valid and which need to be removed, without having to actually send an email to each of the addresses.

It's not a problem -- VRFY is great if you're a spammer, so most (all?) mail servers have it turned off now.

Because it's used to tell whether an address is valid, it lets a spammer easily tell which addresses in their database are valid and which need to be removed, without having to actually send an email to each of the addresses.

thanks,

I'm not a spammer, but I'd like to know howto switch it on ?

No, I didn't mean you were a spammer -- I meant that turning it on would only help spammers, not any legitimate mail sender.

Legitimate mail servers will just send the mail, and they'll either get a bounce message or an SMTP failure if the address is invalid. (Or they won't get any indication, if the target mail server is really-anti-address-harvesting.) Adding VRFY support will make harvesting much easier.

My point is, you don't want it on. Turning it on will make the addresses that it hosts available to spammers.

Look at your disable_vrfy_command line. You have it set to "yes". Meaning it is disabled. Change that line to "no".

Mr-B

thanks, I'll leave this option disabled.

I have other question:
is it my configuration correct or there are some other options I can disable or enable ?