Server accepting invalid email

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

Ed Dulaney

Server accepting invalid email

Postby Ed Dulaney » Sat Mar 10, 2007 12:15 am

I've searched the forums and haven't found anything relating to the problem I'm having. I'm sure that others have run into the same thing.

My Scalix configuration is accepting email for invalid users in my domain. For instance, if someone sends an email to 'gooduser@mydomain.com' then it's accepted - as it should be! But if they send an email to 'baduser@mydomain.com' it's still accepted, even though that user is not valid on my domain.

I looked at /var/log/maillog and it shows that mail to invalid users is "deferred". However, the sending agent (in this case, my Barracuda firewall) still thinks it's a vallid user!

Is there any way to keep Scalix from accepting mail to invalid local accounts? Then the sending agent would receive an "invalid user" notice.

Ed

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Sat Mar 10, 2007 5:35 am

Hi Ed,

do you have an entry for 'mydomain.com' in /etc/mail/local-host-names?
Ben Tisdall
www.redcircleit.com
London

Ed Dulaney

Postby Ed Dulaney » Sat Mar 10, 2007 11:12 am

Yes. Actually I have both 'mydomain.com' and 'pop.mydomain.com' since both of these domains map to this server.

Ed

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Sat Mar 10, 2007 11:52 am

I'm not sure your issue is with Scalix itself - what happens when you telnet to port 25 on your Scalix server & try to deliver a message to a non-existent user?
Ben Tisdall

www.redcircleit.com

London

Ed Dulaney

Postby Ed Dulaney » Sat Mar 10, 2007 12:10 pm

That comes back as an invalid recipient. So I just checked my Barracuda configuration, and for some reason it wasn't processing the users as invalid. A reboot of the Barracuda seems to have fixed the problem!

Thanks for the help!

Ed

swordfish
Posts: 110
Joined: Mon Feb 05, 2007 6:27 pm

Postby swordfish » Sat Mar 10, 2007 4:43 pm

I have quiet a bit experience with the Barracuda. Please make sure that you are running the latest Barracuda firmware. If still delivers mail for invalid users, ask Barracuda support to connect remotely and take a look. I had similar problem with one Barracuda sometimes ago, spoke to support they connected remotely, restarted some of the services and it is fine after that. However, if the message on the Barracuda scores enough high to be quarantined but not blocked, the Barracuda will create an account for that user in itself and keep the message. The best is to integrate the existing LDAP address lookup feature on the Barracuda with your existing Scalix LDAP database.

Ed Dulaney

Postby Ed Dulaney » Sat Mar 10, 2007 6:46 pm

How do you integrate Scalix's LDAP with Barracuda? I've tried it a dozen different ways and every time I get "invalid Credential" errors. I've tried using a DN of cn=sxadmin,o=Scalix with the password that I set up for interfaciing with multiple Scalix servers. I've also tried using the Scalix administrator accounts, and even general user accounts. Nothing works.

From what I've read on other threads the Scalix LDAP isn't really an LDAP server. That's why it's nearly impossible to get it to work with Barracuda. I'd install openLDAP, but that's a lot of work! :shock:

Ed

swordfish
Posts: 110
Joined: Mon Feb 05, 2007 6:27 pm

Postby swordfish » Sat Mar 10, 2007 9:20 pm

You don't need OpenLDAP. Here is the config on the Barracuda:

LDAP Server: yourscalixserver.domain.com
LDAP Port: 389
Exchange Accelerator/LDAP Verification: Yes
Unify Email Aliases: No
SSL/TLS Mode: Off
Require SSL/TLS: No
Bind DN: CN=sxqueryadmin #note that my Scalix user authentication is configured only for username/password and not for username@domain.com/password, if yours includes the domain, change the CN if needed. You can use CN=sxadmin as well but be careful bacause the password is send clear text and it is a possible security issue.
Bind Password: ************
LDAP Filter: mail=${recipient_email}
LDAP Search Base: ${defaultNamingContext}
LDAP UID: omcn
LDAP Primary Email Attribute: mail
Canary Email:
Valid Email (for testing): validemail@domain.com
Last edited by swordfish on Sat Mar 10, 2007 9:51 pm, edited 2 times in total.

swordfish
Posts: 110
Joined: Mon Feb 05, 2007 6:27 pm

Postby swordfish » Sat Mar 10, 2007 9:23 pm

Last thing - if there is a firewall between the Barracuda and the Scalix server make sure port 389 is open from the Barracuda to Scalix.

kanderson

Postby kanderson » Mon Mar 12, 2007 1:55 pm

This is very good to know. I had never tried setting it up. Good to know it'll work when we do try.

Kev.

swordfish
Posts: 110
Joined: Mon Feb 05, 2007 6:27 pm

Postby swordfish » Mon Mar 12, 2007 9:16 pm

Well it works for me. Are you also using Barracuda? I'm pretty sure the same settings can be used for any other device to query valid e-mail addresses on the Scalix server.

chris
Scalix Star
Scalix Star
Posts: 321
Joined: Mon May 09, 2005 2:56 pm
Location: Freiburg, Germany

Postby chris » Tue Mar 13, 2007 6:49 pm

Ed Dulaney wrote:From what I've read on other threads the Scalix LDAP isn't really an LDAP server.


Scalix's omslapd is a fork of the origin UofMich LDAP code. It's a real LDAP server, but it's talking to an x.400 directory in the background, and translating back and forth.

I'm aware this isn't related to the actual issue, but thought I'd clear that up.

Chris


Return to “Scalix Server”



Who is online

Users browsing this forum: Google [Bot] and 14 guests

cron