I am getting a bounce from an email server that states:

550 connection dropped due to from address validation failure (in reply to DATA
command)

I have contacted the postmaster and he tells me his server verifies that the sender email is valid and I am not passing the test. I don’t see how the DATA command would do this. Is it possible he is sending the VRFY command and Mailcow ignores it? I understand that many server do to prevent hackers from fishing for logins. Perhaps he then follows with DATA command before the verification finishes and he drops the connection at that point? If Mailcow defaults to not respond to VRFY is there a way to turn it on (not that I would, but adds to my knowledge base)?

As always, many thanks to the community!!

  • As far as I’m aware it’s bad practice to do verification stuff like this. Verifying each mail address adds unnecessary load to the other mail server and I think there are also providers which block servers for doing that. Enabling that will just help spammers to find valid addresses.

    In my opinion you don’t have to do anything and mailcow is probably just following common standards. If that recipient server doesn’t, that’s on him really.

After further research and experimentation, my best guess is that Mailcow answers all Verify requests, but not until after the Data request, and the answer is always 550 User Unknown (even if the user is valid). If that is the case, is there a way to change it? I would like to either ignore the request or answer with something that tells the other server that the request will not be answered.

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

As far as I’m aware it’s bad practice to do verification stuff like this. Verifying each mail address adds unnecessary load to the other mail server and I think there are also providers which block servers for doing that. Enabling that will just help spammers to find valid addresses.

In my opinion you don’t have to do anything and mailcow is probably just following common standards. If that recipient server doesn’t, that’s on him really.

From: UpCloud Icon How to secure Postfix using Let’s Encrypt

Postfix supports a verify (VRFY) command which allows anyone to determine if an account exists on the system, which can provide significant assistance to any brute force attack on your user accounts. VRFY may also give out sensitive information about the users, such as the account owner’s full name. It is recommended to disable the VRFY command with the following parameter.

sudo postconf -e ‘disable_vrfy_command = yes’

You might also wish to delay the reject message to allow Postfix to log recipient address information when the connected client breaks any of the reject rules. This allows you to later find out who the spammers were trying to target.

sudo postconf -e ‘smtpd_delay_reject = yes’

cd /
sudo nano ./opt/mailcow-dockerized/data/conf/postfix/main.cf

Scoll down and you will find:
disable_vrfy_command = yes

Therefore, the SMTP command Verify (vrfy) is disabled by default.
Which I agree is the way to go.

So, I still need to know why my MailCow server is still telling other servers, that ask, that I am
550 Unknown User

I sent the test email, twice, no reply.
I pass every test available at MxToolBox with flying colors.
Everything else seems to work perfect. Plenty of incoming and outgoing mail.
Thanks for the suggestion!

No one is typing