2
Domain Postmaster
Problem reported by Grey La Certe - August 19, 2015 at 2:28 AM
Resolved
With the 08/13/2015 release of SmarterMail 14, email to postmaster@domain is sent to the primary domain administrator if a postmaster account is not created.  Unfortunately, we now know this bypasses existing (and future) aliases for postmaster.  We had previously installed aliases for postmaster@ and abuse@ for all of our domains.  These aliases forwarded to our server postmaster/abuse accounts, rather than the domain administrator.  It appears a work-around would be to create a postmaster mailbox then forward the mailbox to the server postmaster address.  However, this is a more convoluted resolution than our historical use of aliases.  There is already a proposal for global abuse and postmaster accounts, which we support.  However, this "improvement" in the last release seems more of one step forward, one step back.

4 Replies

Reply to Thread
0
Bruce Barnes Replied
August 19, 2015 at 7:19 AM
There are a couple of places you need to look:
 
1. Make certain you have created the POSTMASTER account for SmarterMail.  This is done in the SETTINGS, GENERAL SETTINGS, POSTMASTER box:
 
 
Setting SmarterMail Postmaster
Setting SmarterMail Postmaster
Then you need to add either a POSTMASTER ACCOUNT, or POSTMASTER ALIAS in EVERY hosted domain.
 
While some of your hosted clients may want to be the postmaster and abuse contacts for their domains, remember, that YOU, as the SmarterMail SERVER OPERATOR, are 100% responsible for all of the content that passes through your server and anything which is sent to either the POSTMASTER or ABUSE account MUST, PER IETF mandates, be responded to by a live person.
 * POSTMASTER - pointing to a VALID E-MAIL ADDRESS which you check and respond to when someone sends to POSTMASTER@DOMAIN.TLD
PER RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1: Mailservers are required  to have a valid postmaster address that is accepting mail.

- and;

 * ABUSE - pointing to a VALID E-MAIL ADDRESS which you check and respond to when someone sends to ABUSE@DOMAIN.TLD.
PER: RFC2142 Section 2. Mailservers are required by to have a valid abuse address that is accepting mail.
 
So, unless you absolutely trust your hosted client, you will want to make certain that both the POSTMASTER and ALIAS accounts/aliases for each of your hosted domains are forwarded an account that you, or someone with the authority to act on your behalf, will respond to.
 
Failure to do so WILL amount to your mail being non-delivered to YAHOO!, COMCAST, OUTLOOK.COM, AOL, and many other large providers.  They don't play games any more:  if they e-mail POSTMASTER@ or ABUSE@, they expect a response.  If you don't respond, they either severely limit, or block, e-mail from the domain which does not respond.

The accounts/aliases, for ABUSE and POSTMASTER will also be required as points of contact when you setup the, now required, FEEDBACK LOOPS for the following providers:
 
AOL Comcast/TWC Excite/Bluetie MSN Junk Mail Program United Online
Roadrunner Usa.net Yahoo! Earthlink Outblaze (mail.com)
Cox Rackspace Tucows/OpenSRS Synacor Zoho
Fastmail Terra
 
An excellent resource, with live links to each of the listed providers who require feedback loops, is located on UNLOCKTHEINBOX.COM at: http://www.unlocktheinbox.com/members/feedbackloops/# (requires a subscription to access this area.)

Note that GOOGLE does NOT have feedback loops, but, if messages are routinely rejected by GOOGLE, they will attempt to send messages to POSTMASTER@ and/or ABUSE@ and you'll need to check the links within those messages to respond and have your domain/IP address added back to the "allowed to send to GOOGLE" list.

For more information on POSTMASTER and ABUSE accounts, see my KB article,
Why Am I Having Problems Getting My E-Mail Delivered.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Grey La Certe Replied
August 19, 2015 at 11:21 AM
Bruce, thanks for the reply.  Unfortunately, that does not really help.

We have always required all of our hosted domains to alias their postmaster and abuse addresses directly to us (we set it up initially and require them to keep that configuration).  This worked fine up until the 8/13 release (14.2.5703) when "Changed: Messages sent over SMTP to postmaster@[domain] will now deliver to the primary domain admin and the global postmaster address if a postmaster account has not been created for the target domain." 
 
I discovered this last night when I added a new domain and tested the alias.  Before, this worked great.  Now, SM always delivers mail addressed to postmaster@domain to the primary domain admin.  It never sends it to the server postmaster mailbox nor does it send to the alias postmaster address we created under the domain.  I deleted the alias and sent another test and get the same results.  I tried from an outside mail account to see if this was just an internal mail issue but got the same result.  I tried another (existing) domain and got the same results.  Finally, I created a postmaster mailbox under the account and it successfully intercepts the postmaster@domain mail.  However, forwarding of that mail to the server postmaster mailbox failed.
 
The bottom line -- the server postmaster mailbox does not get a copy of the message and creating an alias also does not work.  Creating a postmaster mailbox works but forwarding does not.
 
In the end, we do not necessarily want the domain admin getting ANY postmaster messages and would prefer this was a configuration option that could be overridden by a specific alias being created to distribute the postmaster email.  I also do not like the idea of having to create either a primary domain admin or postmaster mailbox to intercept these messages.
 
At this moment, we are blind to any incoming postmaster email on all of our hosted domains.
0
Bruce Barnes Replied
August 19, 2015 at 1:34 PM
Sounds like you're doing everything the right way, Grey.
 
Since the handling of postmaster@ e-mail, based on what you are saying, appears to have changed, I would:
  • create a postmaster@ account in each domain, as the primary domain postmaster
  • forward all messages to that account to the primary postmaster account: yours
  • open a ticket with SmarterTools and report this as a bug.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
2
Robert Emmett Replied
August 20, 2015 at 10:08 AM
Employee Post
Grey, I was able to replicate the postmaster delivery situation that you described. We were not properly handling aliases (and even mailing lists) addressed to postmaster correctly.  That has been fixed and will be available in the next minor release.  If you would like a custom build with the fix in place beforehand, please add a comment to this post.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread