Re: Mail forwarding through a relay
Hi, On Thu, Sep 12, 2019 at 3:14 AM Chris Wedgwood wrote: > > I have a postfix-3.2.6 system that acts as a mail server and > > pop/imap using dovecot for a small domain. The problem is that > > people are increasingly using it as a relay to a personal account, > > such as Gmail and Yahoo. > > perhaps i misunderstand > > they are sending email from gmail/yahoo addresses from your MTA? if > so those will get blocked in many cases and marked as spam in many > others > No, the issue is with people sending them email to their address on our system which is then forwarded on to some remote system - a digitalwest system in my example, but I'm also concerned with other systems, including gmail and yahoo, of course. Do mail providers like digitalwest typically allow forwarding from their accounts through to other providers? With no easy solution, what do most providers do? Is SRS in practical use? Is the general recommendation that it should be implemented in situations like this, or is disabling forwarding more common? Is the policy of most systems to reject on SPF fail? Thanks so much for everyone's help.
Re: Mail forwarding through a relay
> but note in the DMARC record that you quote: ' p=none': Gmail is > telling other servers *not* to block (or quarantine) emails from > @gmail.com that do not obey SPF or DKIM rules. Yahoo by contrast: > > # dig +short _dmarc.yahoo.com TXT > "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_...@yahoo.com;; IME some sites will still block or quarantine.
Re: Mail forwarding through a relay
use SRS when forwarding mail. look for postsrsd or postforward -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains? On 12.09.19 11:14, Christos Chatzaras wrote: Using SRS will cause reputation issues (if spam pass) as the e-mail is forwarded with his domain, right? he can disable forwarding to avoid any issues... or install spam filter that won't allow spam being forwarded. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are...
Re: Mail forwarding through a relay
> > use SRS when forwarding mail. look for postsrsd or postforward -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Despite the cost of living, have you noticed how popular it remains? Using SRS will cause reputation issues (if spam pass) as the e-mail is forwarded with his domain, right?
Re: Mail forwarding through a relay
On 11.09.19 22:12, John Regan wrote: I have a postfix-3.2.6 system that acts as a mail server and pop/imap using dovecot for a small domain. The problem is that people are increasingly using it as a relay to a personal account, such as Gmail and Yahoo. do you mean, they use gmail and yahoo From: addresses, while sending through your server? Or fdo they simply forward their incoming mail to their gmail/yahoo addresses? This is resulting in the receiving system rejecting the message due to SPF failing. Sep 11 22:03:06 email postfix/smtp[1187]: 33AA3962A9648: to=< u...@example.com>, orig_to=, relay=mx0.digitalwest.net[72.29.183.105]:25, delay=2.7, delays=0.05/0/1.5/1.1, dsn=5.0.0, status=bounced (host mx0.digitalwest.net[72.29.183.105] said: 550-[SPF] 44.104.18.100 is not allowed to send mail from mchat.booking.com. 550-Message blocked - Please check settings. See 550 http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx (in reply to RCPT TO command)) Is my only option here to do something like SRS or can this be fixed another way? use SRS when forwarding mail. look for postsrsd or postforward -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains?
Re: Mail forwarding through a relay
On Thu, 12 Sep 2019 at 10:24, Chris Wedgwood wrote: > > > I have a postfix-3.2.6 system that acts as a mail server and > > pop/imap using dovecot for a small domain. The problem is that > > people are increasingly using it as a relay to a personal account, > > such as Gmail and Yahoo. > > perhaps i misunderstand > > they are sending email from gmail/yahoo addresses from your MTA? if > so those will get blocked in many cases and marked as spam in many > others > > > for example with gmail: > > _dmarc.gmail.com. 596 IN TXT "v=DMARC1; p=none; > sp=quarantine; rua=mailto:mailauth-repo...@google.com; > > gmail.com. 205 IN TXT "v=spf1 > redirect=_spf.google.com" > > _spf.google.com.176 IN TXT "v=spf1 > include:_netblocks.google.com include:_netblocks2.google.com > include:_netblocks3.google.com ~all" > > ... > > you MTA is not going to be included in any of those records, so you're > MTA isn't a valid origin for @gmail.com and you're not going to be able to > sign messages with a valid (dkim) > signature either. this is how spf/dmarc works but note in the DMARC record that you quote: ' p=none': Gmail is telling other servers *not* to block (or quarantine) emails from @gmail.com that do not obey SPF or DKIM rules. Yahoo by contrast: # dig +short _dmarc.yahoo.com TXT "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_...@yahoo.com;;
Re: Mail forwarding through a relay
> I have a postfix-3.2.6 system that acts as a mail server and > pop/imap using dovecot for a small domain. The problem is that > people are increasingly using it as a relay to a personal account, > such as Gmail and Yahoo. perhaps i misunderstand they are sending email from gmail/yahoo addresses from your MTA? if so those will get blocked in many cases and marked as spam in many others for example with gmail: _dmarc.gmail.com. 596 IN TXT "v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-repo...@google.com; gmail.com. 205 IN TXT "v=spf1 redirect=_spf.google.com" _spf.google.com.176 IN TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" ... you MTA is not going to be included in any of those records, so you're MTA isn't a valid origin for @gmail.com and you're not going to be able to sign messages with a valid (dkim) signature either this is how spf/dmarc works there is in some sense nothing to fix, if you want to send as some@gmail.com you have to do it through a gmail smtp relay (which they provide)
Re: Mail forwarding through a relay
On Thu, 12 Sep 2019 at 05:14, John Regan wrote: > Hi, > > I have a postfix-3.2.6 system that acts as a mail server and pop/imap > using dovecot for a small domain. The problem is that people are > increasingly using it as a relay to a personal account, such as Gmail and > Yahoo. > > This is resulting in the receiving system rejecting the message due to SPF > failing. > > Sep 11 22:03:06 email postfix/smtp[1187]: 33AA3962A9648: to=< > u...@example.com>, orig_to=, relay= > mx0.digitalwest.net[72.29.183.105]:25, delay=2.7, delays=0.05/0/1.5/1.1, > dsn=5.0.0, status=bounced (host mx0.digitalwest.net[72.29.183.105] said: > 550-[SPF] 44.104.18.100 is not allowed to send mail from mchat.booking.com. > 550-Message blocked - Please check settings. See 550 > http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx > (in reply to RCPT TO command)) > > Is my only option here to do something like SRS or can this be fixed > another way? > I'm puzzled - you mention gmail and yahoo but the example you give is for digitalwest. They appear to be blocking based purely on SPF (their information link does not seem to work) - gmail does not do this and I doubt yahoo do it either. The situation which will cause problems when relaying to gmail or to yahoo is blocking based on DMARC where the sender domain has set a p=reject policy but doesn't add a DKIM signature header. Another problem you may face is that if you are relaying too much spam into gmail your server might be blacklisted.
Mail forwarding through a relay
Hi, I have a postfix-3.2.6 system that acts as a mail server and pop/imap using dovecot for a small domain. The problem is that people are increasingly using it as a relay to a personal account, such as Gmail and Yahoo. This is resulting in the receiving system rejecting the message due to SPF failing. Sep 11 22:03:06 email postfix/smtp[1187]: 33AA3962A9648: to=< u...@example.com>, orig_to=, relay=mx0.digitalwest.net[72.29.183.105]:25, delay=2.7, delays=0.05/0/1.5/1.1, dsn=5.0.0, status=bounced (host mx0.digitalwest.net[72.29.183.105] said: 550-[SPF] 44.104.18.100 is not allowed to send mail from mchat.booking.com. 550-Message blocked - Please check settings. See 550 http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx (in reply to RCPT TO command)) Is my only option here to do something like SRS or can this be fixed another way?
Re: Google Mail forwarding rewrites To, For and Delivered-To headers
Hi, i understand that's how they work and i can not do anything change it, but which approach could i follow in order to workaround that issue? Thank Boris, On Wed, Nov 29, 2017 at 5:27 PM, Boris Behrens <b...@kervyn.de> wrote: > You can't :-) > That's how google apps work. I began to send mail over an own relay if > it needs to be exact like I want. > > On Wed, Nov 29, 2017 at 05:10:55PM +0100, Pau Peris wrote: > > Hi, > > > > i have a private server which handles email messages for different > domains > > - ie, example.com, mydomain.es - through Postfix. For domain mydomain.es > > i'm already using Google Apps to handle the email. I use both systems to > > handle the email for domain mydomain.es because i have some web apps > > installed on the server which needs to send email messages on behalf > > mydomain.es and as i already i had a Postfix mail server working i > decided > > to set it up on my MTA system. > > > > The issue i'm looking to solve is related to Google Mail forwarding > system. > > Some days ago i enabled automatic email forwarding for f...@mydomain.es > so > > ti forwards email to b...@example.com but when it gets Postfix on the > server > > i gets rejected due to the following message: > > > > postfix/smtpd[5945]: NOQUEUE: reject: RCPT from > > mail-ot0-x22d.google.com[2607:f8b0:4003:c0f::22d]: > > 550 5.1.0 *<foo+caf_=bar=example@mydomain.es < > example@mydomain.es>>*: > > Sender address rejected: User unknown; from=<pau+caf_=dmarc= > > tobycoach@pauperis.com> to=<dm...@tobycoach.com> proto=ESMTP helo=< > > mail-ot0-x22d.google.com> > > > > I don't know why Google does this rewriting but i would like to know what > > could i do in order to solve this issue. > > > > These are the original headers: > > > > Delivered-To: foo+caf_=bar=example@mydomain.es > > Received: by 10.157.7.81 with SMTP id 75csp4162688ote; > > Wed, 29 Nov 2017 02:36:22 -0800 (PST) > > X-Received: by 10.157.92.197 with SMTP id r5mr1920889oti.286. > 1511951782640; > > Wed, 29 Nov 2017 02:36:22 -0800 (PST) > > ARC-Seal: i=1; a=rsa-sha256; t=1511951782; cv=none; > > d=google.com; s=arc-20160816; > > b=iRH6MZeu7Cm7aUGgPwgqJd+e5T4ijzeY/1IyUha8x/Aj9GSkx8jU/ > x3Ym6GRR526Zk > > > > TP+JN3MY6tp38C7tubTUJPa3xRoeUCEt09g44egcjVfMHbTST0AZG86TvqNXzLSVC+0P > > > > oTOh3ab1COe1GA2DLeaB24QtO3llLYiFZ83OViBMDGVaDr9Vlhp61HZoanND6oziruMb > > > > QPrPGcejFEgX8oryU8nA6jUrkSHVXFQpwaPok+tNRk4SQuMMAvAX5umF2qO6i6MiDkOa > > > > 634L4nh/24a1+4FP/+sP/mbyjEk3X51gsoXGLmuv9SK/lXSmkvFERd1+n3Oh2cRlUMOK > > DDfw== > > ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= > google.com; > > s=arc-20160816; > > h=date:message-id:in-reply-to:references:subject:auto- > submitted:to > > :from:dkim-signature:arc-authentication-results; > > bh=XLvWlJgtropuAWVgL4T11D77Kxt40EfUM+DfSKy1y90=; > > b=l+WZtBnktn4eI0hTjbom0Oa7tbsyfF8QkIX5TWB7AjuUHnIlG2rzBL88wkrtnO > VPpe > > > > BSmFQvRgXnxlZpsXOg4uzzyaMX8mk2Xw6Nih78oH10OFrZqrkr3ymX9dknWnXCv6KVM+ > > > > cqBc+MzdUsxw8gvVnOFnarO6rWM4kv+JAuabF6MQwvvHlRKOLrb9Wi4kE+t8UzU+kee2 > > > > V+0Gfs6Kzf4dl37tNwQhgcTHN5xcTalrQ6eDN8IpiPwV//o8jX8Jwqc8p7LTL7bjH8d6 > > > > VtMFVZkZGutZndsJl4Yw6QmiO/YUsQaV3AfuzLsxkEHlYUPB1W8GZbuIMQb/u5msimTW > > hNEw== > > ARC-Authentication-Results: i=1; mx.google.com; > >dkim=pass header.i=@googlemail.com header.s=20161025 > > header.b=tcyPoStR; > >spf=pass (google.com: best guess record for domain of > > postmas...@mail-sor-f69.google.com designates 209.85.220.69 as permitted > > sender) smtp.helo=mail-sor-f69.google.com; > >dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from= > > googlemail.com > > Return-Path: <> > > Received: from mail-sor-f69.google.com (mail-sor-f69.google.com. > > [209.85.220.69]) > > by mx.google.com with SMTPS id > > i17sor505691otc.135.2017.11.29.02.36.22 > > for <foo+caf_=bar=example@mydomain.es> > > (Google Transport Security); > > Wed, 29 Nov 2017 02:36:22 -0800 (PST) > > Received-SPF: pass (google.com: best guess record for domain of > > postmas...@mail-sor-f69.google.com designates 209.85.220.69 as permitted > > sender) client-ip=209.85.220.69; > > Authentication-Results: mx.google.com; > >dkim=pass header.i=@googlemail.com header.s=20161025 > > header.b=tcyPoStR; > >
Google Mail forwarding rewrites To, For and Delivered-To headers
Hi, i have a private server which handles email messages for different domains - ie, example.com, mydomain.es - through Postfix. For domain mydomain.es i'm already using Google Apps to handle the email. I use both systems to handle the email for domain mydomain.es because i have some web apps installed on the server which needs to send email messages on behalf mydomain.es and as i already i had a Postfix mail server working i decided to set it up on my MTA system. The issue i'm looking to solve is related to Google Mail forwarding system. Some days ago i enabled automatic email forwarding for f...@mydomain.es so ti forwards email to b...@example.com but when it gets Postfix on the server i gets rejected due to the following message: postfix/smtpd[5945]: NOQUEUE: reject: RCPT from mail-ot0-x22d.google.com[2607:f8b0:4003:c0f::22d]: 550 5.1.0 *<foo+caf_=bar=example@mydomain.es <example@mydomain.es>>*: Sender address rejected: User unknown; from=<pau+caf_=dmarc= tobycoach@pauperis.com> to=<dm...@tobycoach.com> proto=ESMTP helo=< mail-ot0-x22d.google.com> I don't know why Google does this rewriting but i would like to know what could i do in order to solve this issue. These are the original headers: Delivered-To: foo+caf_=bar=example@mydomain.es Received: by 10.157.7.81 with SMTP id 75csp4162688ote; Wed, 29 Nov 2017 02:36:22 -0800 (PST) X-Received: by 10.157.92.197 with SMTP id r5mr1920889oti.286.1511951782640; Wed, 29 Nov 2017 02:36:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511951782; cv=none; d=google.com; s=arc-20160816; b=iRH6MZeu7Cm7aUGgPwgqJd+e5T4ijzeY/1IyUha8x/Aj9GSkx8jU/x3Ym6GRR526Zk TP+JN3MY6tp38C7tubTUJPa3xRoeUCEt09g44egcjVfMHbTST0AZG86TvqNXzLSVC+0P oTOh3ab1COe1GA2DLeaB24QtO3llLYiFZ83OViBMDGVaDr9Vlhp61HZoanND6oziruMb QPrPGcejFEgX8oryU8nA6jUrkSHVXFQpwaPok+tNRk4SQuMMAvAX5umF2qO6i6MiDkOa 634L4nh/24a1+4FP/+sP/mbyjEk3X51gsoXGLmuv9SK/lXSmkvFERd1+n3Oh2cRlUMOK DDfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=date:message-id:in-reply-to:references:subject:auto-submitted:to :from:dkim-signature:arc-authentication-results; bh=XLvWlJgtropuAWVgL4T11D77Kxt40EfUM+DfSKy1y90=; b=l+WZtBnktn4eI0hTjbom0Oa7tbsyfF8QkIX5TWB7AjuUHnIlG2rzBL88wkrtnOVPpe BSmFQvRgXnxlZpsXOg4uzzyaMX8mk2Xw6Nih78oH10OFrZqrkr3ymX9dknWnXCv6KVM+ cqBc+MzdUsxw8gvVnOFnarO6rWM4kv+JAuabF6MQwvvHlRKOLrb9Wi4kE+t8UzU+kee2 V+0Gfs6Kzf4dl37tNwQhgcTHN5xcTalrQ6eDN8IpiPwV//o8jX8Jwqc8p7LTL7bjH8d6 VtMFVZkZGutZndsJl4Yw6QmiO/YUsQaV3AfuzLsxkEHlYUPB1W8GZbuIMQb/u5msimTW hNEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20161025 header.b=tcyPoStR; spf=pass (google.com: best guess record for domain of postmas...@mail-sor-f69.google.com designates 209.85.220.69 as permitted sender) smtp.helo=mail-sor-f69.google.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from= googlemail.com Return-Path: <> Received: from mail-sor-f69.google.com (mail-sor-f69.google.com. [209.85.220.69]) by mx.google.com with SMTPS id i17sor505691otc.135.2017.11.29.02.36.22 for <foo+caf_=bar=example@mydomain.es> (Google Transport Security); Wed, 29 Nov 2017 02:36:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of postmas...@mail-sor-f69.google.com designates 209.85.220.69 as permitted sender) client-ip=209.85.220.69; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20161025 header.b=tcyPoStR; spf=pass (google.com: best guess record for domain of postmas...@mail-sor-f69.google.com designates 209.85.220.69 as permitted sender) smtp.helo=mail-sor-f69.google.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from= googlemail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:to:auto-submitted:subject:references:in-reply-to:message-id :date; bh=XLvWlJgtropuAWVgL4T11D77Kxt40EfUM+DfSKy1y90=; b=tcyPoStRP7CyZ8hS+BqK8TN2R+MJGyzb+BcRwA6sWe16O0lVth0vHROn8RHQGmLVQF fDTy2mRT1WGTMXFrzv7mEq4iJDsNo/JG0rtmYZm2KlhKrKFLmVVJyGm4MFskHSVz4JGY fP3Jlc33HZ5JKAsBINmgwAjMsxo4VJxKWRqBpprl+jK/78n8gD14u8WUW82MwoIdcXZY NQhUxnjHzp73r4KalOqSbQTxhHKoRbAWJkG39e7685ewOGagYAXBn1yNE/LW1QLqC8AP A3CtsC42OM+HariU25Nh5djY9kNjResOUxHfZ4hyoMBvWplIBaN5Ak1UE8tc6kTiVzUJ l9NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:auto-submitted:subject:references :in-reply-to:message-id:date; bh=XLvWlJgtropuAWVgL4T11D77Kxt40EfUM+DfSKy1y90=; b=PGtpO1Yy75ok/k39/aaNrfJm5Aq8roycBntbnnE/WlrVSPoKgo0NhN7cqBjzeU2Ke7 60yneA4HWVwyrHl1y+Tpgg7d98ZC51g1wcwjiTgOyi6YkAInwrI1540HGPNPzQrL1ddG pJ5/Hx21mcpHEcGUerWYDqPa2HOtm0WKjlxe+fn68QbGTd
Re: Mail Forwarding
I think I have it working now. Typos are killers. I added @lafn.org to each of the keys in the virtual_alias_maps file. That seems to have worked. I am not sure why I needed (or if I needed) the virtual_mailbox_domains table. I did notice there were no entries for [second_domain] in virtual_alias_maps. Those are all locally delivered so I assumed they were not necessary. I am receiving mail for that domain without them. I have found the diagrams in the documentation quite helpful in understanding postfix. However, is there similar information on how the various tables are used and in which order? -- View this message in context: http://postfix.1071664.n5.nabble.com/Mail-Forwarding-tp91078p91095.html Sent from the Postfix Users mailing list archive at Nabble.com.
Mail Forwarding
I thought I had everything working, but something broke. What I need to do is to accept mail for local delivery for several users on a couple domains (sermon-archive.info and one other) and relay mail for a number of users on domain (lafn.org) to a variety of different locations. Each user could be on a different server. My tests seemed to work, but when adding in the full tables, it broke. Here are the various config files etc: mail# postconf -n command_directory = /usr/local/sbin compatibility_level = 2 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 dovecot_destination_recipient_limit = 1 enable_long_queue_ids = yes home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix inet_protocols = ipv4 local_recipient_maps = unix:passwd.byname $alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man max_use = 5 message_size_limit = 102400 mydestination = localhost.$mydomain, localhost mydomain = sermon-archive.info mynetworks_style = host newaliases_path = /usr/local/bin/newaliases postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/access.cidr postscreen_greet_action = enforce queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_destination_recipient_limit = 25 smtpd_authorized_xclient_hosts = 10.0.1.0/24 smtpd_command_filter = pcre:/usr/local/etc/postfix/quote smtpd_error_sleep_time = 10 smtpd_hard_error_limit = 10 smtpd_milters = unix:/var/run/clamav/clmilter.sock smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_soft_error_limit = 1 smtpd_tls_cert_file = /etc/ssl/certs/mail.pem smtpd_tls_key_file = /etc/ssl/private/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/usr/local/etc/postfix/vmail_domains virtual_alias_maps = hash:/usr/local/etc/postfix/vmail_alias virtual_gid_maps = static: virtual_mailbox_base = /var/mail/ virtual_mailbox_domains = hash:/usr/local/etc/postfix/local_domains virtual_mailbox_limit = 102400 virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmail_mailbox virtual_minimum_uid = virtual_transport = dovecot virtual_uid_maps = static: mail# more local_domains sermon-archive.info OK mail.sermon-archive.infoOK second.domain OK mail# more vmail_alias postmaster doug bc979 doug bc979-1 edward bc979-4 jeanne user1 mailb...@gmail.com user2 mailb...@aol.com refund mailb...@hotmail.com Plus a bunch more. Other than postmaster, I thought that the left names should have @lafn.org, but that didn't seem to work either. mail# more vmail_domains lafn.orgOK mail# more vmail_mailbox d...@sermon-archive.infohome_mail/doug/ d...@mail.sermon-archive.info home_mail/doug/ I also wanted to be able to have different users with the same name of different addresses such as d...@sermon-archive.info and doug@second.domain and have them go to different places. Both seem to get local delivery to doug. I am sure I have something configured wrong. When I try to send from a non-local system I get the following: brain% telnet sermon-archive.info 25 Trying 71.177.216.148... Connected to sermon-archive.info. Escape character is '^]'. 220 mail.sermon-archive.info ESMTP Postfix helo me 250 mail.sermon-archive.info mail from:wa6...@arrl.net 250 2.1.0 Ok rcpt to:ref...@lafn.org 550 5.1.1: Recipient address rejected: User unknown in virtual alias table — Doug
Re: "mail forwarding loop" when Resending Email to Oneself.
Ralph Corderoy: > Hi Bill, > > > > If not, what's the closest to a specification? > > > > The documentation in the software that adds it. In this case > > specifically the man page for postconf(5) > > I'd already read that, e.g. prepend_delivered_header, and it doesn't > describe Postfix's logic for producing "mail forwarding loop", e.g. does > it only check on final delivery so if it's a relay then it doesn't care? The Postfix code that ADDS the delivered-to header will report a loop if that header already exists. Doing it otherwise (checking without adding, or adding without checking) makes no sense. Wietse
Re: "mail forwarding loop" when Resending Email to Oneself.
Hi Bill, > > If not, what's the closest to a specification? > > The documentation in the software that adds it. In this case > specifically the man page for postconf(5) I'd already read that, e.g. prepend_delivered_header, and it doesn't describe Postfix's logic for producing "mail forwarding loop", e.g. does it only check on final delivery so if it's a relay then it doesn't care? I did find mutt has 3.22. bounce_delivered Type: boolean Default: yes When this variable is set, mutt will include Delivered-To headers when bouncing messages. Postfix users may wish to unset this variable. — http://www.mutt.org/doc/manual/ But that's again imprecise, e.g. is Postfix involvement anywhere along the route a problem? If the MTA imposes new rules that affect the MUA's behaviour then I'd expect it to offer guidance as to the MUA's policy. (I realise "new" could mean several years old here, but it's still a change.) Every MTA and MUA cooking up their own policy seems wrong. Deviations and broken implementations are bad enough when an RFC does exist. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy
Re: "mail forwarding loop" when Resending Email to Oneself.
On 16 Nov 2016, at 7:43, Ralph Corderoy wrote: Does an RFC cover Delivered-To? No. If not, what's the closest to a specification? The documentation in the software that adds it. In this case specifically the man page for postconf(5)
"mail forwarding loop" when Resending Email to Oneself.
Hi, I send myself a little email. Return-Path: <ra...@inputplus.co.uk> X-Original-To: ralph Delivered-To: ra...@inputplus.co.uk Received: by orac.inputplus.co.uk (Postfix, from userid 1000) id 9687C279FC; Wed, 16 Nov 2016 12:29:46 + (GMT) Date: Wed, 16 Nov 2016 12:29:46 + To: ra...@inputplus.co.uk Message-Id: <20161116122946.9687c27...@orac.inputplus.co.uk> From: ra...@inputplus.co.uk (Ralph Corderoy) foo I use nmh's dist(1) command to distribute it, using Resent-From, Resent-To, etc., headers. (IIRC this is similar to mutt's "bounce" command.) Postfix complains of a "mail forwarding loop" by return. Return-Path: <> X-Original-To: ra...@inputplus.co.uk Delivered-To: ra...@inputplus.co.uk Received: by orac.inputplus.co.uk (Postfix) id 2DF9D27E4C; Wed, 16 Nov 2016 12:29:55 + (GMT) Date: Wed, 16 Nov 2016 12:29:55 + (GMT) From: mailer-dae...@inputplus.co.uk (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: ra...@inputplus.co.uk Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="0F24A1F958.1479299395/orac.inputplus.co.uk" Content-Transfer-Encoding: 8bit Message-Id: <20161116122955.2df9d27...@orac.inputplus.co.uk> This is a MIME-encapsulated message. --0F24A1F958.1479299395/orac.inputplus.co.uk Content-Description: Notification Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit This is the mail system at host orac.inputplus.co.uk. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <ra...@inputplus.co.uk> (expanded from ): mail forwarding loop for ra...@inputplus.co.uk --0F24A1F958.1479299395/orac.inputplus.co.uk Content-Description: Delivery report Content-Type: message/delivery-status Content-Transfer-Encoding: 8bit Reporting-MTA: dns; orac.inputplus.co.uk X-Postfix-Queue-ID: 0F24A1F958 X-Postfix-Sender: rfc822; ra...@inputplus.co.uk Arrival-Date: Wed, 16 Nov 2016 12:29:55 + (GMT) Final-Recipient: rfc822; ra...@inputplus.co.uk Original-Recipient: rfc822;ralph Action: failed Status: 5.4.6 Diagnostic-Code: X-Postfix; mail forwarding loop for ra...@inputplus.co.uk --0F24A1F958.1479299395/orac.inputplus.co.uk Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Return-Path: <ra...@inputplus.co.uk> Received: from orac.inputplus.co.uk (orac.inputplus.co.uk [IPv6:::1]) by orac.inputplus.co.uk (Postfix) with ESMTP id 0F24A1F958 for ; Wed, 16 Nov 2016 12:29:55 + (GMT) X-Original-To: ralph Delivered-To: ra...@inputplus.co.uk Received: by orac.inputplus.co.uk (Postfix, from userid 1000) id 9687C279FC; Wed, 16 Nov 2016 12:29:46 + (GMT) Date: Wed, 16 Nov 2016 12:29:46 + To: ra...@inputplus.co.uk User-Agent: mail v14.8.14 Message-Id: <20161116122946.9687c27...@orac.inputplus.co.uk> From: ra...@inputplus.co.uk (Ralph Corderoy) Resent-From: Ralph Corderoy <ra...@inputplus.co.uk> Resent-To: ra...@inputplus.co.uk Resent-Date: Wed, 16 Nov 2016 12:29:55 + Resent-Message-Id: <20161116122955.0f24a1f...@orac.inputplus.co.uk> foo --0F24A1F958.1479299395/orac.inputplus.co.uk-- AIUI this is because the original email's Delivered-To header is in the resent email with the same email address as the new email's destination. Does an RFC cover Delivered-To? If not, what's the closest to a specification? Resending the email to myself at the same email address is legitimate and used to work in years past. What does Postfix think an MUA should do in this circumstance? Remove the Delivered-To header whenever resending? Any other advice Postfix can offer this MUA? -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy
Outbound Relays, Delivered-To, and "mail forwarding loop detected"
After many years it is now necessary for me to change my mail server to one on a different network. My old server network is going off the Internet at some point but it will remain with a local dynamic address. It will need to relay mail. I have set up a vpn between the old server and the new server and am using it for mail transport between. At this moment I am still using my previous server for incoming mail but forwarding outbound mail through the new server to start the migration. Mostly all good. But I do have a problem that I don't understand and am looking for help from the wisdom of the list. If I re-mail a message by any of several methods I run into a rejection on the new outbound server "mail forwarding loop detected" due to Delivered-To header detection. Of course the new server havoc has never seen this message before. I am running into Delivered-To loop detection issues. Let's jump into the details. Old joseki and new havoc are the two servers involved. On havoc: Nov 18 12:08:16 havoc postfix/cleanup[27515]: 910CE4A0: reject: header X-X-Delivered-To: b...@proulx.com from localhost[127.0.0.1]; from=<b...@proulx.com> to=<r...@example.com> proto=ESMTP helo=: 5.7.1 mail forwarding loop detected I have slightly redacted the mail addresses in order to avoid exposing addresses but I think not in any significant way. Hopefully. What I don't understand is why havoc's configuration is rejecting this message. The docs say: http://www.postfix.org/pipe.8.html The D flag also enforces loop detection (Postfix 2.5 and later): if a message already contains a Delivered-To: header with the same recipient address, then the message is returned as undeliverable. The address comparison is case insensitive. But b...@proulx.com is not the recipient address. So why is it matching? What configures havoc to think b...@proulx.com is a forwarding loop? That seems to be the snag I am tripping over. Of course if I delete all Delivered-To headers then mail is not rejected. Thanks! Bob The havoc system is the new outbout relay. On havoc I think the significant config is: cat /etc/mailname havoc.proulx.com myhostname = havoc.proulx.com myorigin = /etc/mailname mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 And on havoc somewhat more complicated by these that I think are not related: transport_maps = hash:/etc/postfix/transport relay_domains = $mydestination relay_recipient_maps = hash:/etc/postfix/relay_recipients virtual_alias_domains = example.net, example.org # redacted domain names virtual_alias_maps = hash:/etc/postfix/virtual
Re: Outbound Relays, Delivered-To, and "mail forwarding loop detected"
Bob Proulx: > Nov 18 12:08:16 havoc postfix/cleanup[27515]: 910CE4A0: reject: header > X-X-Delivered-To: b...@proulx.com from localhost[127.0.0.1]; > from=<b...@proulx.com> to=<r...@example.com> proto=ESMTP > helo=: 5.7.1 mail forwarding loop detected This message is logged by the CLEANUP daemon while doing header_checks. You have a header_checks rule that blocks mail with this header. Wietse
Re: Outbound Relays, Delivered-To, and "mail forwarding loop detected"
Wietse Venema wrote: > Bob Proulx: > > Nov 18 12:08:16 havoc postfix/cleanup[27515]: 910CE4A0: reject: header > > X-X-Delivered-To: b...@proulx.com from localhost[127.0.0.1]; > > from=<b...@proulx.com> to=<r...@example.com> proto=ESMTP > > helo=: 5.7.1 mail forwarding loop detected > > This message is logged by the CLEANUP daemon while doing header_checks. > You have a header_checks rule that blocks mail with this header. OMG! Yes! That was an amazing bit of diagnositic analysis. :-) A snippet of some anti-spam that has been there for so long I had completely forgotten all about it. Frankly I can't even remember exactly why I have it there now. # Try to defeat spammers using injected Delivered-To headers. /^(Delivered-To:.*@proulx\.com)$/ REPLACE X-$1 /^(X-Delivered-To:.*@proulx\.com)$/ REPLACE X-$1 /^(X-X-Delivered-To:.*@proulx\.com)$/ REJECT mail forwarding loop detected I removed those and of course that fixes the problem. I can't believe it was a self-inflicted problem and I hadn't realized it. THANK YOU! Bob
Re: Tracking down a mail forwarding loop
On 2/12/2015 12:43 AM, LuKreme wrote: On Feb 11, 2015, at 6:20 PM, Wietse Venema wie...@porcupine.org wrote: LuKreme: Received: from thenewestsecret.net (unknown [170.130.246.215]) by mail.covisp.net (Postfix) with ESMTP id 00E42212DC0 for *bob*@covisp.net; Tue, 10 Feb 2015 08:53:22 -0700 (MST) Delivered-To: *bob*@covisp.net Received: by 170.130.246.215 with SMTP id 998S7h4.33K03w6s2R18O2.22351x4s23d1n26; Tue, 10 Feb 2015 08:51:05 -0700 (PST) X-Received: by 170.130.246.215 with SMTP id 134G6f10K6Z34b712c43li; Tue, 10 Feb 2015 08:51:05 -0700 (PST) Received: from thenewestsecret.net (thenewestsecret.net. ) by mx.google.com with ESMTP id 59333u4l19.1C4P11z.147.0.5.1.2.5.5.5.1.0.7.0.4 for *bob*@covisp.net; Tue, 10 Feb 2015 08:51:05 -0700 (PST) Mime-Version: 1.0 Date: Message-Id: 235.946781y2r0b6qn6-c...@thenewestsecret.net To: *bob*@covisp.net This message contains a Delivered-To: *bob*@covisp.net header. Apparently, the sender added this to trigger a delivery error. Apparently, the sender, c...@thenewestsecret.net, wants to receive a bounce message. That message would confirm that *bob*@covisp.net is a valid email address. Does it make sense to reject messages with a Delivered-To: header? Yes. Incoming mail with that header cannot be delivered by postfix, regardless whether it's really looping or not. Although in this particular case it might be better to reject the spammy-looking client. Why does it generate a mail loop in my local postfix? The presence of that header triggers the loop detection in postfix. The sender is adding that header either in a misguided attempt to improve delivery, or to intentionally cause a bounce to verify the address. Could it have anything to do with the always_bcc setting? No. The header is added by the sender. Would some other MTA deliver the message anyway, or this simply a spam harvesting tactic? The messages don’t seem to generate a valid bounce to a valid address… Some MTAs behave the same as postfix eg. qmail. Some MTAs don't use Delivered-To: and ignore it eg. Exchange. We don't know the motive of the sender. We do know this isn't really a loop and it looks like spam to me. -- Noel Jones
Re: Tracking down a mail forwarding loop
On 12 Feb 2015, at 08:25 , Noel Jones njo...@megan.vbhcs.org wrote: On 2/12/2015 12:43 AM, LuKreme wrote: On Feb 11, 2015, at 6:20 PM, Wietse Venema wie...@porcupine.org wrote: LuKreme: Received: from thenewestsecret.net (unknown [170.130.246.215]) by mail.covisp.net (Postfix) with ESMTP id 00E42212DC0 for *bob*@covisp.net; Tue, 10 Feb 2015 08:53:22 -0700 (MST) Delivered-To: *bob*@covisp.net Received: by 170.130.246.215 with SMTP id 998S7h4.33K03w6s2R18O2.22351x4s23d1n26; Tue, 10 Feb 2015 08:51:05 -0700 (PST) X-Received: by 170.130.246.215 with SMTP id 134G6f10K6Z34b712c43li; Tue, 10 Feb 2015 08:51:05 -0700 (PST) Received: from thenewestsecret.net (thenewestsecret.net. ) by mx.google.com with ESMTP id 59333u4l19.1C4P11z.147.0.5.1.2.5.5.5.1.0.7.0.4 for *bob*@covisp.net; Tue, 10 Feb 2015 08:51:05 -0700 (PST) Mime-Version: 1.0 Date: Message-Id: 235.946781y2r0b6qn6-c...@thenewestsecret.net To: *bob*@covisp.net This message contains a Delivered-To: *bob*@covisp.net header. Apparently, the sender added this to trigger a delivery error. Apparently, the sender, c...@thenewestsecret.net, wants to receive a bounce message. That message would confirm that *bob*@covisp.net is a valid email address. Does it make sense to reject messages with a Delivered-To: header? Yes. Incoming mail with that header cannot be delivered by postfix, regardless whether it's really looping or not. Although in this particular case it might be better to reject the spammy-looking client. Yes, but my postscreen is already aggressive enough that I had to tone it down a tad to let some legitimate mail (well, mail I wanted) in. Why does it generate a mail loop in my local postfix? The presence of that header triggers the loop detection in postfix. The sender is adding that header either in a misguided attempt to improve delivery, or to intentionally cause a bounce to verify the address. What is interesting is that I see these *only* for one specific user, which is what made me think it was something on my end. We don't know the motive of the sender. We do know this isn't really a loop and it looks like spam to me. Oh, they are all spam so far. Thanks. -- 'Luck is my middle name,' said Rincewind, indistinctly. 'Mind you, my first name is Bad.' --Interesting Times
Re: Tracking down a mail forwarding loop
LuKreme: Received: from thenewestsecret.net (unknown [170.130.246.215]) by mail.covisp.net (Postfix) with ESMTP id 00E42212DC0 for *bob*@covisp.net; Tue, 10 Feb 2015 08:53:22 -0700 (MST) Delivered-To: *bob*@covisp.net Received: by 170.130.246.215 with SMTP id 998S7h4.33K03w6s2R18O2.22351x4s23d1n26; Tue, 10 Feb 2015 08:51:05 -0700 (PST) X-Received: by 170.130.246.215 with SMTP id 134G6f10K6Z34b712c43li; Tue, 10 Feb 2015 08:51:05 -0700 (PST) Received: from thenewestsecret.net (thenewestsecret.net. ) by mx.google.com with ESMTP id 59333u4l19.1C4P11z.147.0.5.1.2.5.5.5.1.0.7.0.4 for *bob*@covisp.net; Tue, 10 Feb 2015 08:51:05 -0700 (PST) Mime-Version: 1.0 Date: Message-Id: 235.946781y2r0b6qn6-c...@thenewestsecret.net To: *bob*@covisp.net This message contains a Delivered-To: *bob*@covisp.net header. Apparently, the sender added this to trigger a delivery error. Apparently, the sender, c...@thenewestsecret.net, wants to receive a bounce message. That message would confirm that *bob*@covisp.net is a valid email address. Wietse
Re: Tracking down a mail forwarding loop
On Feb 11, 2015, at 6:20 PM, Wietse Venema wie...@porcupine.org wrote: LuKreme: Received: from thenewestsecret.net (unknown [170.130.246.215]) by mail.covisp.net (Postfix) with ESMTP id 00E42212DC0 for *bob*@covisp.net; Tue, 10 Feb 2015 08:53:22 -0700 (MST) Delivered-To: *bob*@covisp.net Received: by 170.130.246.215 with SMTP id 998S7h4.33K03w6s2R18O2.22351x4s23d1n26; Tue, 10 Feb 2015 08:51:05 -0700 (PST) X-Received: by 170.130.246.215 with SMTP id 134G6f10K6Z34b712c43li; Tue, 10 Feb 2015 08:51:05 -0700 (PST) Received: from thenewestsecret.net (thenewestsecret.net. ) by mx.google.com with ESMTP id 59333u4l19.1C4P11z.147.0.5.1.2.5.5.5.1.0.7.0.4 for *bob*@covisp.net; Tue, 10 Feb 2015 08:51:05 -0700 (PST) Mime-Version: 1.0 Date: Message-Id: 235.946781y2r0b6qn6-c...@thenewestsecret.net To: *bob*@covisp.net This message contains a Delivered-To: *bob*@covisp.net header. Apparently, the sender added this to trigger a delivery error. Apparently, the sender, c...@thenewestsecret.net, wants to receive a bounce message. That message would confirm that *bob*@covisp.net is a valid email address. Does it make sense to reject messages with a Delivered-To: header? Why does it generate a mail loop in my local postfix? Could it have anything to do with the always_bcc setting? $ postconf always_bcc always_bcc = backups@*otherlocaldomain*.com Would some other MTA deliver the message anyway, or this simply a spam harvesting tactic? The messages don’t seem to generate a valid bounce to a valid address… -- S is for SUSAN who perished of fits T is for TITUS who flew into bits
Re: Tracking down a mail forwarding loop
On Feb 6, 2015, at 3:43 PM, LuKreme krem...@kreme.com wrote: On 06 Feb 2015, at 15:05 , Wietse Venema wie...@porcupine.org wrote: NORMALLY, that header is present AFTER mail is delivered to b...@covisp.net. If it is present BEFORE mail is delivered to b...@covisp.net, then you have a loop (or the sender has added this header to trigger an error). Ah, right. I’ve added it and am eagerly awaiting another of these emails. As the old saying goes: A watched pot never delivers a mail loop causing message. -- 'We get that in here some nights, when someone's had a few. Cosmic speculation about whether the gods exist. Next thing, there's a bolt of lightning through the door with a note wrapped round it saying, Yes, we do and a pair of sandals with smoke coming out.' (Small Gods)
Re: Tracking down a mail forwarding loop
LuKreme: On 05 Feb 2015, at 15:53 , Wietse Venema wie...@porcupine.org wrote: LuKreme: On 05 Feb 2015, at 05:07 , Wietse Venema wie...@porcupine.org wrote: Have you considered the possibility that the mail was sent with a bogus Delivered-To: header (i.e. the header is present, but not added by Postfix). Yes, but I'm unsure how to diagnose that. header_checks: /^Delivered-To: bob@covisp\.net$/ hold That would hold ALL the mail for bob, right? it is only the occasional email that causes this loop error. NORMALLY, that header is present AFTER mail is delivered to b...@covisp.net. If it is present BEFORE mail is delivered to b...@covisp.net, then you have a loop (or the sender has added this header to trigger an error). Wietse
Re: Tracking down a mail forwarding loop
On 06 Feb 2015, at 15:05 , Wietse Venema wie...@porcupine.org wrote: NORMALLY, that header is present AFTER mail is delivered to b...@covisp.net. If it is present BEFORE mail is delivered to b...@covisp.net, then you have a loop (or the sender has added this header to trigger an error). Ah, right. I’ve added it and am eagerly awaiting another of these emails. -- C code. C code run. Run, code, run.
Re: Tracking down a mail forwarding loop
Only other thing I can think of is that this is somehow related to always_bcc? -- A dyslexic walks into a bra...
Re: Tracking down a mail forwarding loop
wie...@porcupine.org (Wietse Venema) wrote: LuKreme: On 05 Feb 2015, at 05:07 , Wietse Venema wie...@porcupine.org wrote: Have you considered the possibility that the mail was sent with a bogus Delivered-To: header (i.e. the header is present, but not added by Postfix). Yes, but I'm unsure how to diagnose that. header_checks: /^Delivered-To: bob@covisp\.net$/ hold Here is a full dump of one of these files (with only the user name munged) https://www.dropbox.com/s/mvdg1f48fo640g3/768FC212C05.txt?dl=0 We already know that the message loops because the Delivered-To: header is present. Here are the first few headers of the message before delivery: Return-Path: ros...@approvednowauto.com Received: from approvednowauto.com (unknown [170.130.246.204]) by mail.covisp.net (Postfix) with ESMTP id D3F1A212C03 for b...@covisp.net; Thu, 5 Feb 2015 14:58:19 -0700 (MST) Delivered-To: b...@covisp.net I suggest that you have a look at the other ones. If none of the other Received: headers belongs to your systems, then they added Delivered-To: b...@covisp.net before sending the message to your systems. Wietse I also noticed a List_Unsubscribe header buried in there - might want to look at whatever is doing list expansion. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: Tracking down a mail forwarding loop
LuKreme: On 05 Feb 2015, at 05:07 , Wietse Venema wie...@porcupine.org wrote: Have you considered the possibility that the mail was sent with a bogus Delivered-To: header (i.e. the header is present, but not added by Postfix). Yes, but I'm unsure how to diagnose that. header_checks: /^Delivered-To: bob@covisp\.net$/ hold Here is a full dump of one of these files (with only the user name munged) https://www.dropbox.com/s/mvdg1f48fo640g3/768FC212C05.txt?dl=0 We already know that the message loops because the Delivered-To: header is present. Here are the first few headers of the message before delivery: Return-Path: ros...@approvednowauto.com Received: from approvednowauto.com (unknown [170.130.246.204]) by mail.covisp.net (Postfix) with ESMTP id D3F1A212C03 for b...@covisp.net; Thu, 5 Feb 2015 14:58:19 -0700 (MST) Delivered-To: b...@covisp.net I suggest that you have a look at the other ones. If none of the other Received: headers belongs to your systems, then they added Delivered-To: b...@covisp.net before sending the message to your systems. Wietse
Re: Tracking down a mail forwarding loop
On 05 Feb 2015, at 05:07 , Wietse Venema wie...@porcupine.org wrote: Have you considered the possibility that the mail was sent with a bogus Delivered-To: header (i.e. the header is present, but not added by Postfix). Yes, but I’m unsure how to diagnose that. Here is a full dump of one of these files (with only the user name munged) https://www.dropbox.com/s/mvdg1f48fo640g3/768FC212C05.txt?dl=0 -- Thank you for sending me a copy of your book; I'll waste no time reading it. - Moses Hadas
Re: Tracking down a mail forwarding loop
LuKreme: On Feb 4, 2015, at 9:20 AM, Miles Fidelman mfidel...@meetinghouse.net wrote: LuKreme wrote: I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq. Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=*bob*@covisp.net, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net) ... Delivered-To: b...@covisp.net Have you considered the possibility that the mail was sent with a bogus Delivered-To: header (i.e. the header is present, but not added by Postfix). Wietse
Re: Tracking down a mail forwarding loop
LuKreme wrote: I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq. Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=*bob*@covisp.net, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net) The only place that “*bob*” is mentioned in virtual is in line like this: bill...@covisp.net bob,fred,george Where bob, fred, and george are all local users. bob doesn’t have a .forward, and I looked at his .procmailrc and it’s not forwarding mail anywhere. Where else do I look? postmap -q b...@covisp.net /etc/postfix/virtual doesn’t return any results. I'd start with the headers in a message that's looped - that might help track things down. Miles Fidelman
Tracking down a mail forwarding loop
I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq. Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=*bob*@covisp.net, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net) The only place that “*bob*” is mentioned in virtual is in line like this: bill...@covisp.net bob,fred,george Where bob, fred, and george are all local users. bob doesn’t have a .forward, and I looked at his .procmailrc and it’s not forwarding mail anywhere. Where else do I look? postmap -q b...@covisp.net /etc/postfix/virtual doesn’t return any results. -- Behind every great man there's a woman with a vibrator -- Hawkeye Pierce
Re: Tracking down a mail forwarding loop
LuKreme: I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq. Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=*bob*@covisp.net, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net) The only place that ?*bob*? is mentioned in virtual is in line like this: bill...@covisp.net bob,fred,george Where bob, fred, and george are all local users. bob doesn?t have a .forward, and I looked at his .procmailrc and it?s not forwarding mail anywhere. Where else do I look? Other opportunities for forwarding, such as postconf mailbox_command? Wietse
Re: Tracking down a mail forwarding loop
On 04 Feb 2015, at 07:38 , Wietse Venema wie...@porcupine.org wrote: LuKreme: I have a local user who is generating occasional mail forwarding loop errors, which are causing forged emails to cause NDNs and fill up mailq. Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=*bob*@covisp.net, relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net) The only place that ?*bob*? is mentioned in virtual is in line like this: bill...@covisp.net bob,fred,george Where bob, fred, and george are all local users. bob doesn?t have a .forward, and I looked at his .procmailrc and it?s not forwarding mail anywhere. Where else do I look? Other opportunities for forwarding, such as postconf mailbox_command”? Yeah, that’s why I checked procmailrc. I do see that the modification date on the procmailrc is quite recent. Maybe he munged something and got it fixed. I’ll keep watching. -- Growing up leads to growing old, and then to dying/And dying to me don't sound like all that much fun.
mail forwarding loop exploit
Hello, I have a working setup with a dedicated MX inbound which deliver via transport to a postfix / dovecot backend server. I found some mail, probably with forged Delivered-To header that make the backend bounce with mail forwarding loop Here is the log of the backend : Feb 25 05:19:37 mut-mx-1 postfix/smtpd[9860]: connect from mail-in-1.numeezy.com[188.165.154.163] Feb 25 05:19:38 mut-mx-1 postfix/smtpd[9860]: 0B34B4400A0: client=mail-in-1.numeezy.com[188.165.154.163] Feb 25 05:19:38 mut-mx-1 postfix/cleanup[9864]: 0B34B4400A0: message-id=ofrfeclgtctkpalthwjctaefxrwyp_mrwifpb_qyhswspshayisgy...@mydomain.com Feb 25 05:19:38 mut-mx-1 postfix/qmgr[24187]: 0B34B4400A0: from=accu...@mtnl.net.in, size=52696, nrcpt=1 (queue active) Feb 25 05:19:38 mut-mx-1 postfix/smtpd[9860]: disconnect from mail-in-1.numeezy.com[188.165.154.163] Feb 25 05:19:39 mut-mx-1 postfix/smtpd[9894]: connect from localhost[127.0.0.1] Feb 25 05:19:39 mut-mx-1 postfix/smtpd[9894]: 01DCB4400A2: client=localhost[127.0.0.1] Feb 25 05:19:39 mut-mx-1 postfix/cleanup[9864]: 01DCB4400A2: message-id=ofrfeclgtctkpalthwjctaefxrwyp_mrwifpb_qyhswspshayisgy...@mydomain.com Feb 25 05:19:39 mut-mx-1 postfix/smtpd[9894]: disconnect from localhost[127.0.0.1] Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 01DCB4400A2: from=accu...@mtnl.net.in, size=52912, nrcpt=1 (queue active) Feb 25 05:19:39 mut-mx-1 amavis[8589]: (08589-03) Passed CLEAN {RelayedInbound}, [188.165.154.163]:54450 [182.56.200.64] accu...@mtnl.net.in - accu...@mydomain.com, Queue-ID: 0B34B4400A0, Message-ID: ofrfeclgtctkpalthwjctaefxrwyp_mrwifpb_qyhswspshayisgy...@mydomain.com, mail_id: l5DBpkJG4N6C, Hits: 2.87, size: 52695, pt: 9, queued_as: 01DCB4400A2, 966 ms Feb 25 05:19:39 mut-mx-1 postfix/smtp[9865]: 0B34B4400A0: to=accu...@mydomain.com, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.17/0/0/0.97, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 01DCB4400A2) Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 0B34B4400A0: removed Feb 25 05:19:39 mut-mx-1 postfix/pipe[9895]: 01DCB4400A2: to=accu...@mydomain.com, relay=dovecot, delay=0.04, delays=0.02/0.01/0/0.02, dsn=5.4.6, status=bounced (mail forwarding loop for accu...@mydomain.com) Feb 25 05:19:39 mut-mx-1 postfix/cleanup[9897]: 0E3E04400A0: message-id=20140225041939.0e3e0440...@mail.numeezy.com Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 0E3E04400A0: from=, size=3486, nrcpt=1 (queue active) Feb 25 05:19:39 mut-mx-1 postfix/bounce[9896]: 01DCB4400A2: sender non-delivery notification: 0E3E04400A0 Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 01DCB4400A2: removed Feb 25 05:19:39 mut-mx-1 postfix/smtp[9898]: 0E3E04400A0: to=accu...@mtnl.net.in, relay=37.59.203.171[37.59.203.171]:8025, delay=0.15, delays=0.03/0.01/0.02/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 19D241A73BE) Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 0E3E04400A0: removed I found 5 similar mail in my logs. Each mail is sent from a different IP but each time the first part of sender email is the same as recipient (from=accu...@mtnl.net.in to accu...@mydomain.com in my exemple). I don't know if that matters, but I smell like Spam although Amavis says it's clean I think I'm in the case discuss here : http://forum.spamcop.net/forums/lofiversion/index.php/t10734.html Do you think I can be a backscatter source ? Your advices are greatly appreciated. Thanks. Alexandre
Re: What is causing this mail forwarding loop bounce?
On 17 Oct 2013, at 12:34, Wietse Venema [via Postfix] [Masked] fwd_sxh9d...@opayq.com wrote: Preview: sendu: You mail is bounced because it contains a Delivere Safely received through a Masked Email. IF THIS IS SPAM, CLICK HERE TO BLOCK THIS MASKED EMAIL. sendu: You mail is bounced because it contains a Delivered-To: header with the address of the recipient. Postfix adds this header upon delivery. The above error normally means that you have an email fordwading loop. Wietse Yes, I already understood that I have a mail forwarding loop according to the error - see the subject line. My question is what is causing it, and how do I solve it? Why didn't the other email suffer the same problem? Does the Delivered-To: header already exist in the message? If that is the case, you have been forwarding mail back and forth between Postfix and some other server. That is a mail delivery loop. Well not back and forth between my Postfix server. But in any case, the messages in Google's quarantine do indeed already have the Delivered-To header prior to delivery. Their suggestion to me was that I turn off the D flag to avoid this problem. How do I turn off the D flag? -- View this message in context: http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-tp62199p62342.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: What is causing this mail forwarding loop bounce?
On 18 Oct 2013, at 17:45, Wietse Venema [Masked] wrote: Wietse: Does the Delivered-To: header already exist in the message? If that is the case, you have been forwarding mail back and forth between Postfix and some other server. That is a mail delivery loop. Sendu: Well not back and forth between my Postfix server. But in any case, the messages in Google's quarantine do indeed already have the Delivered-To header prior to delivery. And what put that header in there? If it was added by your own system, then you have a broken mail handling architecture. If you are passing mail between different systems that use the same Delivered-To: address, than that also is a broken mail handling architecture. My system isn't doing anything. Google's spam system is adding the header. It is outside of my control. At this point I don't care about absolute correctness. I just want to receive my email. How do I disable the D flag?
Re: What is causing this mail forwarding loop bounce?
Wietse: Does the Delivered-To: header already exist in the message? If that is the case, you have been forwarding mail back and forth between Postfix and some other server. That is a mail delivery loop. Sendu: Well not back and forth between my Postfix server. But in any case, the messages in Google's quarantine do indeed already have the Delivered-To header prior to delivery. And what put that header in there? If it was added by your own system, then you have a broken mail handling architecture. If you are passing mail between different systems that use the same Delivered-To: address, than that also is a broken mail handling architecture. Wietse
Re: What is causing this mail forwarding loop bounce?
On Fri, Oct 18, 2013 at 09:03:47AM -0700, sendu wrote: On 17 Oct 2013, at 12:34, Wietse Venema [via Postfix] [Masked] fwd_sxh9d...@opayq.com wrote: sendu: You mail is bounced because it contains a Delivered-To: header with the address of the recipient. Postfix adds this header upon delivery. The above error normally means that you have an email fordwading loop. Yes, I already understood that I have a mail forwarding loop according to the error - see the subject line. My question is what is causing it, and how do I solve it? Why didn't the other email suffer the same problem? AFAICT you have yet to share information which would enable us to answer these questions. Does the Delivered-To: header already exist in the message? If that is the case, you have been forwarding mail back and forth between Postfix and some other server. That is a mail delivery loop. Well not back and forth between my Postfix server. But in any case, the messages in Google's quarantine do indeed already have the Delivered-To header prior to delivery. Their suggestion to me was that I turn off the D flag to avoid this problem. Was that supposed to be Postfix advice? It sounds like it might be a reference to the flags setting under COMMAND ATTRIBUTE SYNTAX in the Postfix pipe(8) manual. However, nothing posted upthread seems to indicate that you are actually using pipe. Changing pipe settings won't work if you are using some other delivery agent. local(8) and virtual(8) have no flags. How do I turn off the D flag? What is this D flag? Perhaps you need to go back to the one who made the suggestion to you. I would suggest that you start over with non-verbose logs (and perhaps mail headers) which illustrate the problem, and current postconf -n output. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: What is causing this mail forwarding loop bounce?
ecd60...@opayq.com: Sendu: But in any case, the messages in Google's quarantine do indeed already have the Delivered-To header prior to delivery. Wietse: And what put that header in there? Sendu: Google's spam system is adding the header. It is outside of my control. If you are passing mail between different systems that use the same Delivered-To: address, than that is a broken mail handling architecture. At this point I don't care about absolute correctness. I just want to receive my email. How do I disable the D flag? The D flag exists only in the pipe(8) daemon and ADDS delivered-to headers. That does not appear to be your problem. The fix is not to use the same domain name in Postfix and Google. Using the same domain name just causes no end of pain when you forward mail. Wietse
Re: What is causing this mail forwarding loop bounce?
On 18 Oct 2013, at 18:18, /dev/rob0 [via Postfix] [Masked] fwd_osgke...@opayq.com wrote: How do I turn off the D flag? What is this D flag? Perhaps you need to go back to the one who made the suggestion to you. It was a tech support person quoting the man page for pipe. I would suggest that you start over with non-verbose logs (and perhaps mail headers) which illustrate the problem, and current postconf -n output. Please read the thread; these have already been supplied. -- View this message in context: http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-tp62199p62353.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: What is causing this mail forwarding loop bounce?
On 18 Oct 2013, at 18:29, Wietse Venema [via Postfix] [Masked] fwd_lhtv7...@opayq.com wrote: At this point I don't care about absolute correctness. I just want to receive my email. How do I disable the D flag? The D flag exists only in the pipe(8) daemon and ADDS delivered-to headers. That does not appear to be your problem. The D flag also enforces loop detection is why the person from Google suggested disabling it. How else can I disable loop detection? (And how do I know if I'm using the pipe daemon and it really is or is not the problem?) The fix is not to use the same domain name in Postfix and Google. Using the same domain name just causes no end of pain when you forward mail. Google's service is supposed to just be a filter for email sent to me; how can I have different domain names in them? Can I just lie to Postfix about what my domain is, but still have it deliver mail correctly? -- View this message in context: http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-tp62199p62354.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: What is causing this mail forwarding loop bounce?
sendu: On 18 Oct 2013, at 18:29, Wietse Venema [via Postfix] [Masked] fwd_lhtv7...@opayq.com wrote: At this point I don't care about absolute correctness. I just want to receive my email. How do I disable the D flag? The D flag exists only in the pipe(8) daemon and ADDS delivered-to headers. That does not appear to be your problem. The D flag also enforces loop detection is why the person from Google suggested disabling it. How else can I disable loop detection? And where does your configuration actually USE the pipe daemon? Clearly someone has no clue what advice they are giving. The fix is not to use the same domain name in Postfix and Google. Using the same domain name just causes no end of pain when you forward mail. Google's service is supposed to just be a filter for email sent to me; how can I have different domain names in them? Can I just lie to Postfix about what my domain is, but still have it deliver mail correctly? I do not understand. - They handle mail for y...@example.com. - They add Delivered-To: y...@example.com. - They forward that mail then your mail server which also claims to be example.com. That would be totally messed up. They should have used something else (X-Google-Filtered: y...@example.com) and could provide a better service without breaking down-stream systems. You can use header_checks to remove the problem header, but I will not help with implementing such iodiocy. Wietse
Re: What is causing this mail forwarding loop bounce?
On 2013-10-14 sendu wrote: I'm using Google's Postini replacement as a spam filter before mail gets to my smtp server. I currently have a problem where most emails that get spam trapped by Google disappear when I attempt to have them delivered. Google gives me the ability to reattempt delivery and I have a repeatable case where one example spam always gets bounced by my Postfix, and one always comes through fine. Here are my smtpd logs from a case where I tried to deliver the 2 spam emails seconds apart; the first one failed and the second one worked: http://pastebin.com/XUYR4ZDe Please do not enable verbose logging unless specifically asked to. Normal Postfix logging usually suffices for troubleshooting delivery problems. Regards Ansgar Wiechers -- Abstractions save us time working, but they don't save us time learning. --Joel Spolsky
Re: What is causing this mail forwarding loop bounce?
Here's another delivery attempt, this time with all verbose logging turned off: http://pastebin.com/TtyDXKBX It bounces; I don't know why. Is there any way to find out? -- View this message in context: http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-tp62199p62229.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: What is causing this mail forwarding loop bounce?
On 2013-10-15 10:01 AM, sendu ecd60...@opayq.com wrote: Here's another delivery attempt, this time with all verbose logging turned off: http://pastebin.com/TtyDXKBX Please post such things inline in the email body, many people will not click on links to unknown destinations... It bounces; I don't know why. Is there any way to find out? Maybe follow the instructions you received in the welcome message? Ie, provide postconf -n output for starters? -- Best regards, */Charles/*
Re: What is causing this mail forwarding loop bounce?
sendu: Here's another delivery attempt, this time with all verbose logging turned off: http://pastebin.com/TtyDXKBX It bounces; I don't know why. Is there any way to find out? This is the error message: Oct 15 14:58:40 64x2 postfix/local[9029]: D67363381FE: to=se...@x.me.uk, relay=local, delay=0.6, delays=0.56/0.02/0/0.02, dsn=5.4.6, status=bounced (mail forwarding loop for se...@x.me.uk) (with X instead of sendu to make life harder for scrapers). You mail is bounced because it contains a Delivered-To: header with the address of the recipient. Postfix adds this header upon delivery. The above error normally means that you have an email fordwading loop. Wietse
Re: What is causing this mail forwarding loop bounce?
You mail is bounced because it contains a Delivered-To: header with the address of the recipient. Postfix adds this header upon delivery. The above error normally means that you have an email fordwading loop. Wietse Yes, I already understood that I have a mail forwarding loop according to the error - see the subject line. My question is what is causing it, and how do I solve it? Why didn't the other email suffer the same problem? Here are the logs for the successful delivery of a message from Google quarantine: Oct 15 15:25:21 64x2 postfix/smtpd[9455]: sql auxprop plugin using mysql engine Oct 15 15:25:21 64x2 postfix/smtpd[9455]: connect from mail-qe0-f77.google.com[209.85.128.77] Oct 15 15:25:22 64x2 postfix/smtpd[9455]: 6D2783381FE: client=mail-qe0-f77.google.com[209.85.128.77] Oct 15 15:25:22 64x2 postfix/cleanup[9422]: 6D2783381FE: message-id=725921480.7881521381574873880.JavaMail.root@ip-10-204-86-63.ec2.internal Oct 15 15:25:22 64x2 postfix/qmgr[21535]: 6D2783381FE: from=fwd_tfomi...@opayq.com, size=6950, nrcpt=1 (queue active) Oct 15 15:25:22 64x2 postfix/local[9456]: 6D2783381FE: to=ecd60...@opayq.com, relay=local, delay=0.36, delays=0.33/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir) Oct 15 15:25:22 64x2 postfix/qmgr[21535]: 6D2783381FE: removed Oct 15 15:25:22 64x2 postfix/smtpd[9455]: disconnect from mail-qe0-f77.google.com[209.85.128.77] What might be special about the problematic email? -- View this message in context: http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-tp62199p62231.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: What is causing this mail forwarding loop bounce?
sendu: You mail is bounced because it contains a Delivered-To: header with the address of the recipient. Postfix adds this header upon delivery. The above error normally means that you have an email fordwading loop. Wietse Yes, I already understood that I have a mail forwarding loop according to the error - see the subject line. My question is what is causing it, and how do I solve it? Why didn't the other email suffer the same problem? Does the Delivered-To: header already exist in the message? If that is the case, you have been forwarding mail back and forth between Postfix and some other server. That is a mail delivery loop. If the Delivered-To: header does not already exist in the message before Postfix receives it, then YOU have configured Postfix to forward mail to itself. Don't do that. Here are the logs for the successful delivery of a message from Google quarantine: Oct 15 15:25:21 64x2 postfix/smtpd[9455]: sql auxprop plugin using mysql engine Oct 15 15:25:21 64x2 postfix/smtpd[9455]: connect from mail-qe0-f77.google.com[209.85.128.77] Oct 15 15:25:22 64x2 postfix/smtpd[9455]: 6D2783381FE: client=mail-qe0-f77.google.com[209.85.128.77] Oct 15 15:25:22 64x2 postfix/cleanup[9422]: 6D2783381FE: message-id=725921480.7881521381574873880.JavaMail.root@ip-10-204-86-63.ec2.internal Oct 15 15:25:22 64x2 postfix/qmgr[21535]: 6D2783381FE: from=fwd_tfomi...@opayq.com, size=6950, nrcpt=1 (queue active) Oct 15 15:25:22 64x2 postfix/local[9456]: 6D2783381FE: to=ecd60...@opayq.com, relay=local, delay=0.36, delays=0.33/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir) Oct 15 15:25:22 64x2 postfix/qmgr[21535]: 6D2783381FE: removed Oct 15 15:25:22 64x2 postfix/smtpd[9455]: disconnect from mail-qe0-f77.google.com[209.85.128.77] What might be special about the problematic email? Obviously, this message has taken taking a different path than the one that does bounce. Maybe you can figure out what the difference between the mail paths that bounce and the ones that don't bounce. That difference is responsible for the problem. Wietse
What is causing this mail forwarding loop bounce?
I'm using Google's Postini replacement as a spam filter before mail gets to my smtp server. I currently have a problem where most emails that get spam trapped by Google disappear when I attempt to have them delivered. Google gives me the ability to reattempt delivery and I have a repeatable case where one example spam always gets bounced by my Postfix, and one always comes through fine. Here are my smtpd logs from a case where I tried to deliver the 2 spam emails seconds apart; the first one failed and the second one worked: http://pastebin.com/XUYR4ZDe Here's another attempt to deliver the same problematic email, this time with -v verbosity added to just about everything in /etc/postfix/master.cf: http://pastebin.com/ENkgTXz6 AFAICT, everything seems to go normally but then I get: send attr reason = mail forwarding loop for se...@sendu.me.uk and it eventually bounces. My postconf -n: postconf -n address_verify_relayhost = alias_database = hash:/etc/mail/aliases alias_maps = mysql:/etc/postfix/mysql-aliases.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = //usr/lib64/postfix data_directory = /var/lib/postfix debug_peer_level = 1 default_destination_concurrency_limit = 2 home_mailbox = .maildir/ html_directory = /usr/share/doc/postfix-2.5.5/html inet_interfaces = all local_destination_concurrency_limit = 2 local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname local_transport = local mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = sendu.me.uk myhostname = 64x2.sendu.me.uk mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5/readme relayhost = outbound.mailhop.org relocated_maps = mysql:/etc/postfix/mysql-relocated.cf sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_tls_CAfile = /etc/ssl/private/sub.class1.server.ca.pem smtp_tls_CApath = /etc/ssl/certs smtp_tls_cert_file = /etc/ssl/private/sendu.me.uk.crt smtp_tls_key_file = /etc/ssl/private/sendu.me.uk.decrypted.key smtp_tls_loglevel = 0 smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache smtp_tls_session_cache_timeout = 3600s smtp_use_tls = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_client_access cidr:/etc/postfix/allowed_clients.cidr, reject smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/ssl/private/sub.class1.server.ca.pem smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/private/sendu.me.uk.crt smtpd_tls_key_file = /etc/ssl/private/sendu.me.uk.decrypted.key smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf virtual_gid_maps = static:$vmail-gid virtual_mailbox_base = / virtual_mailbox_domains = mail.sendu.me.uk senduphotography.com bala.me.uk virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf virtual_minimum_uid = 1000 virtual_transport = virtual virtual_uid_maps = static:$vmail-uid I'm running Postfix 2.8.4 Any help greatly appreciated. -- View this message in context: http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-tp62199.html Sent from the Postfix Users mailing list archive at Nabble.com.
Yahoo mail forwarding
Wondering if anyone else has had this issue with Yahoo. I have a user who setup his mail to forward to his yahoo account. All of his mail (he changed his forwarding from gmail to yahoo) went to yahoo for about a month. About a week after the forward was setup, all mail to yahoo is rejected with a 554:Con:b1 error. Now, a year or so later, mail to yahoo is sporadic, sometimes it sends, sometimes I get a 554 for a couple of days and everything clears up for another month or 5. I never seem to get 421 errors, just 521. I remember having horrible problems with Yahoo blacklisting any server at the drop of a hat about decade ago, but I thought they'd mostly pulled their heads out since then. Anything I can do on my end for the occasional yahoo emails (the user in question switched back to gmail) that will make them happier without too much effort on my part? -- When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is probably wrong.
Re: OT: Mail forwarding services
Am 30.01.2013 13:13, schrieb Fernando Maior: In the area where my office is, internet providers cannot offer us links with fixed ip, only dhcp. I wonder if someone in the list knows about a mail forwarder server that can receive emails from my server and forwards them to the internet in our behalf. your provider should have a relayhost on the other hand: if you receive mails the MX can not be on a dynamic IP, so why is on the mailserver which is your MX not a smtpd? signature.asc Description: OpenPGP digital signature
Re: OT: Mail forwarding services
On Wed, 30 Jan 2013 10:13:58 -0200 Fernando Maior articulated: In the area where my office is, internet providers cannot offer us links with fixed ip, only dhcp. I wonder if someone in the list knows about a mail forwarder server that can receive emails from my server and forwards them to the internet in our behalf. Perhaps something like this is what you are looking for: http://dyn.com/ -- Jerry ✌ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Re: OT: Mail forwarding services
On 1/30/2013 6:13 AM, Fernando Maior wrote: Hello All, In the area where my office is, internet providers cannot offer us links with fixed ip, only dhcp. I wonder if someone in the list knows about a mail forwarder server that can receive emails from my server and forwards them to the internet in our behalf. In this case simply configure a relayhost and outbound SASL auth, and use the provider's submission server. Basic configuration information can be found here: http://www.hardwarefreak.com/postfix-adsl-relay-config.txt That covers outbound. With a dynamic IP, how are you receiving mail to your domain/server? Are you using a dynamic DNS service? If so, those services usually offer mail relaying, albeit for an extra fee. -- Stan
Re: OT: Mail forwarding services
On Wed, Jan 30, 2013 at 10:13:58AM -0200, Fernando Maior wrote: In the area where my office is, internet providers cannot offer us links with fixed ip, only dhcp. I wonder if someone in the list knows about a mail forwarder server that can receive emails from my server and forwards them to the internet in our behalf. Perhaps cheaper, and perhaps better than this: you could get a VPS and run your own mail service, both MX and outbound, from there. There are many different VPS providers, as well as different virtualization technologies they use. http://en.wikipedia.org/wiki/Virtual_private_server I wouldn't say a VPS is for everyone: you generally do need to be (or to have employed) a competent system administrator, not to mention a mail system administrator . But it's also an affordable way to gain such experience. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: OT: Mail forwarding services
Le 30/01/2013 13:13, Fernando Maior a écrit : Hello All, In the area where my office is, internet providers cannot offer us links with fixed ip, only dhcp. I wonder if someone in the list knows about a mail forwarder server that can receive emails from my server and forwards them to the internet in our behalf. well, it really depends on a way too many things! how much mail do you send? are you ready to pay for or are you looking for a free service (free also means no contractual guarantee)? ... etc. for a free service, you can try google or other. if you want something else, many of us here (including $self) can setup that for you. the richer you are, the more we will make you pay:) If it's for a charity org or the like, I'll do that for free (with the usual things: no mass mail, no stupid sender).
Re: mail forwarding loop from certain spam only
* Noel Jones postfix-users@postfix.org: On 11/28/2012 1:17 PM, Will Yardley wrote: [Apologies in advance for the less than complete information below; hoping someone may have an idea of what's happening anyway] I'm having a problem where messages are accepted but then seem to generate a mail forwarding loop. It seems to happen a lot with mail from a particular spammer. There was a discussion earlier this month about some spammer including a Delivered-To: header in their spam. Postfix local(8) uses this header to detect loops and will bounce messages with a Delivered-To: header equal to the current recipient. Seems likely this is your problem too. There were some suggestions for dealing with it in that discussion, but there is no particularly good solution -- see archives. The best solution is to detect the message as spam and reject it before the Delivered-To: header is a factor. To verify this, use a header_checks entry like: /^Delivered-To:/ WARN -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: mail forwarding loop from certain spam only
On Wed, Nov 28, 2012 at 04:02:57PM -0600, Noel Jones wrote: On 11/28/2012 1:17 PM, Will Yardley wrote: I'm having a problem where messages are accepted but then seem to generate a mail forwarding loop. It seems to happen a lot with mail from a particular spammer. There was a discussion earlier this month about some spammer including a Delivered-To: header in their spam. Postfix local(8) uses this header to detect loops and will bounce messages with a Delivered-To: header equal to the current recipient. Thanks. I was tearing my hair out about this one, and couldn't see anything really obviously weird in the raw message, but this explanation makes sense. I will poke through the archives and see if any of the nasty solutions might help, now that I have an idea of what to look for. Our architecture is fairly simple, so may be able to just unset $nested_header_checks and define a header check to block these. You are right that the messages have 'Delivered-To' headers set to the user's address, and I can reproduce this behavior with later Postfix versions as well. The To: header in the raw email as viewed in postcat looks like this: To: f...@example.edu f...@example.edu Postfix doesn't use To: headers for delivery, only envelope information. Right, I understand that, and could see that the env recipient looked correct in the logs -- it just stood out, esp. since Postfix does seems to rewrite it before delivering it if I send a test message with similar headers. Nov 27 05:05:47 hostname postfix/smtpd[32160]: 0C18B32807B: client=ajaxkottely.info[93.115.135.15] This client is listed in the zen and barracudacentral RBLs today, maybe they weren't listed yet yesterday. You are using some RBLs? Just an example, but yes, we do use some RBLs, including Zen. We have classes which allow users to choose a more or less restrictive policy (or no blocking), but this user does have our recommended class. At this time, I'm seeing this particular source in zen [from one of our SMTP servers this morning]: $ dig 15.135.115.93.zen.spamhaus.org +sh 127.0.0.3 However, my guess is that they've already started sending from other IPs that aren't blocked in major blocklists - don't see any new mail from that source today. Also have some messages from back on 31.14.46.16 (also listed) from back on Tues. w
mail forwarding loop from certain spam only
[Apologies in advance for the less than complete information below; hoping someone may have an idea of what's happening anyway] I'm having a problem where messages are accepted but then seem to generate a mail forwarding loop. It seems to happen a lot with mail from a particular spammer. The To: header in the raw email as viewed in postcat looks like this: To: f...@example.edu f...@example.edu (where f...@example.edu is a valid address which works in other cases; the unbracketed address isn't quoted, though in my tests, Postfix seems to fix this by quoting the bare address, so I'm not sure why that's not the case in the queue file). Postfix accepts the mail initially, but then the mail gets rejected (and, since the sender domain resolves to a host which has no mail server listening, the DSN sits in our queues for days). Nov 27 05:05:47 hostname postfix/smtpd[32160]: 0C18B32807B: client=ajaxkottely.info[93.115.135.15] Nov 27 05:05:47 hostname postfix/cleanup[32525]: 0C18B32807B: message-id=673371cd-8f1f-0dc8-cd7d-a4571d4c1...@ajaxkottely.info Nov 27 05:05:47 hostname postfix/qmgr[7633]: 0C18B32807B: from=medicare.enrollm...@ajaxkottely.info, size=8323, nrcpt=1 (queue active) Nov 27 05:05:47 hostname postfix/lmtp[31222]: DD086328056: to=f...@example.edu, relay=127.0.0.1[127.0.0.1]:33325, conn_use=2, delay=9.4, delays=1.8/0/0/7.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:33326): 250 2.0.0 Ok: queued as 0C18B32807B) Nov 27 05:05:47 hostname postfix/local[32177]: 0C18B32807B: to=f...@example.edu, relay=local, delay=0.04, delays=0.02/0.02/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for f...@example.edu) Unfortunately, I can't post full postconf -n output here (see snippets below), but suffice it to say that I'm confident that mail to f...@example.edu works under most conditions. Is there anything I can do to figure out the cause of this? Users are defined in LDAP, and in this case, example.edu is *not* a virtual domain. localhost:33326 is the return from amavis. mail_version = 2.3.3 alias_maps = proxy:ldap:acct_alias_ldap, proxy:ldap:other_alias_ldap, hash:/etc/postfix/config/aliases virtual_alias_maps = hash:/etc/postfix/config/virtusertable I will try adding the sending host in question to $debug_peer_list to see if I get any more information. I am happy to provide other debugging information within reason if it's possible. w
Re: Mail forwarding loop
On 10/11/2012 23:58, Noel Jones wrote: On 11/10/2012 9:09 AM, Daniele Nicolodi wrote: What I observe is that postfix is receiving messages containing a forged Delivered-To header that makes postfix think it is seeing a mail forwarding loop. The local(8) daemon bounces the messages, but those messages are spam and the from addresses are invalid, therefore the bounces get stock in the delivery queue. This is not a problem in itself, but I do not like to generate bounces for spam messages. If it's just a handful of messages, probably do nothing is the best solution. It's also worth examining the spam to see if there is some common feature other the the Delivered-to header you can use to reject them. If you are seeing a lot of these, there is no perfect solution, but there are some things you can do. Do whatever seems to work best in your environment, or do nothing. Separate incoming and outgoing - If you happen to have (or care to set up) multiple postfix instances to separate incoming and outgoing mail, it is somewhat safe to REJECT incoming internet mail containing a Delivered-to @yourdomain. Don't do this on outgoing mail; your users won't be able to forward messages. Plus-1 loop detection - Use header_checks something like /^X-Loop.*@example\.com$/ REJECT /^(Delivered-to: .*@example\.com)$/ REPLACE X-Loop-$1 This will push the loop detection back one loop. I can imagine cases where this will break horribly. Nuclear option - Remove the Delivered-To header and hope real loops get detected by the presence of too many Received: headers before something melts. /^Delivered-To: .*@example.com/ IGNORE Some forwarding methods alter/remove Received: headers, so this is Not Recommended. Use this as a temporary crutch if you're getting hammered with forged headers and can't tell which are legit and which aren't. Run spamasssassin sooner - detect spam before local(8) gets the mail by using a smtpd_proxy_filter or milter to detect and reject spam before it enters your server. amavisd-new and spamass-milter are popular and effective choices. Note running spamassassin pre-queue may require more resources than running it during delivery since there's a time limit involved; your server must be able to finish scanning the mail before the remote server disconnects. Hello Noel, thank you for the detailed response. I think that the delayed loop detection with header rewriting is the best suited solution in my setup. Best, Daniele
Re: Mail forwarding loop
On 10/11/2012 17:52, Sahil Tandon wrote: On Sat, 2012-11-10 at 16:09:24 +0100, Daniele Nicolodi wrote: ... What I observe is that postfix is receiving messages containing a forged Delivered-To header that makes postfix think it is seeing a mail forwarding loop. The local(8) daemon bounces the messages, but those messages are spam and the from addresses are invalid, therefore the bounces get stock in the delivery queue. This is not a problem in itself, but I do not like to generate bounces for spam messages. See the list archives for previous discussion of this issue. For example: http://thread.gmane.org/gmane.mail.postfix.user/148887 Read the entire thread before trying to implement the suggestion solutions. Hello Sahil, thank for your reply. I searched the list archives as previously suggested, but I found only a thread where no solution was proposed, somehow I missed this one. Best, Daniele
Re: Mail forwarding loop
/ Daniele Nicolodi wrote on Fri 9.Nov'12 at 11:01:54 +0100 / On 09/11/2012 10:35, Jamie Paul Griffin wrote: / Daniele Nicolodi wrote on Fri 9.Nov'12 at 10:06:14 +0100 / On 09/11/2012 08:40, Jamie Paul Griffin wrote: If you want to use content filtering with postfix, you might have better results if you use amavisd-new + spamassassin + clamav. It's just a suggestion but it does work well and it's dead easy to configure. May I also recommend the unofficial clamav signatures as well with my suggested filtering set-up. I believe plenty of postfix users have good results with this filtering method. Hello Jamie, I do not understand your hint. What does this have to do with incoming messages having a bogus Delivered-To header? As far as I know neither spamassassin or clamav have a feature that detects those. Best, Daniele Of course, you're right but having read the follow-ups from others, the issue looks as though there is some configuration issue with your spamassassin set-up so I thought it might be useful to suggest that you try using spamassassin with amavisd-new. I didn't mean to confuse you, and my comments may have seemed a bit random so sorry about that. :-) Can you please pinpoint the configuration issues you are mentioning? I believe my system is configured just right for what it is supposed to do. Cheers, Daniele It's difficult to know how you've set up your spam filter. Some more information would help more. On the machine i'm using now, I don't use postfix, but I do use spamassassin. I have procmail recipies that use spamc to filter the messages. On my Mac I do use postfix and use amavisd-new, with spamassassin and clamav. That isn't especially relevent to you but it's just to highlight that people use different methods - your method isn't clear to me from the information you've posted so far. Sorry I can't be more helpful right now. It shouldn't take too long to provide a solution with more info.
Re: Mail forwarding loop
On 10/11/2012 11:16, Jamie Paul Griffin wrote: It's difficult to know how you've set up your spam filter. Some more information would help more. On the machine i'm using now, I don't use postfix, but I do use spamassassin. I have procmail recipies that use spamc to filter the messages. On my Mac I do use postfix and use amavisd-new, with spamassassin and clamav. That isn't especially relevent to you but it's just to highlight that people use different methods - your method isn't clear to me from the information you've posted so far. Sorry I can't be more helpful right now. It shouldn't take too long to provide a solution with more info. I don't really get why you would like to help me fix something that is working just fine. The problem I'm asking advice for is completely unrelated to spamassassin. What I observe is that postfix is receiving messages containing a forged Delivered-To header that makes postfix think it is seeing a mail forwarding loop. The local(8) daemon bounces the messages, but those messages are spam and the from addresses are invalid, therefore the bounces get stock in the delivery queue. This is not a problem in itself, but I do not like to generate bounces for spam messages. Best, Daniele
Re: Mail forwarding loop
On Sat, 2012-11-10 at 16:09:24 +0100, Daniele Nicolodi wrote: ... What I observe is that postfix is receiving messages containing a forged Delivered-To header that makes postfix think it is seeing a mail forwarding loop. The local(8) daemon bounces the messages, but those messages are spam and the from addresses are invalid, therefore the bounces get stock in the delivery queue. This is not a problem in itself, but I do not like to generate bounces for spam messages. See the list archives for previous discussion of this issue. For example: http://thread.gmane.org/gmane.mail.postfix.user/148887 Read the entire thread before trying to implement the suggestion solutions. -- Sahil Tandon
Re: Mail forwarding loop
On 11/10/2012 9:09 AM, Daniele Nicolodi wrote: What I observe is that postfix is receiving messages containing a forged Delivered-To header that makes postfix think it is seeing a mail forwarding loop. The local(8) daemon bounces the messages, but those messages are spam and the from addresses are invalid, therefore the bounces get stock in the delivery queue. This is not a problem in itself, but I do not like to generate bounces for spam messages. If it's just a handful of messages, probably do nothing is the best solution. It's also worth examining the spam to see if there is some common feature other the the Delivered-to header you can use to reject them. If you are seeing a lot of these, there is no perfect solution, but there are some things you can do. Do whatever seems to work best in your environment, or do nothing. Separate incoming and outgoing - If you happen to have (or care to set up) multiple postfix instances to separate incoming and outgoing mail, it is somewhat safe to REJECT incoming internet mail containing a Delivered-to @yourdomain. Don't do this on outgoing mail; your users won't be able to forward messages. Plus-1 loop detection - Use header_checks something like /^X-Loop.*@example\.com$/ REJECT /^(Delivered-to: .*@example\.com)$/ REPLACE X-Loop-$1 This will push the loop detection back one loop. I can imagine cases where this will break horribly. Nuclear option - Remove the Delivered-To header and hope real loops get detected by the presence of too many Received: headers before something melts. /^Delivered-To: .*@example.com/ IGNORE Some forwarding methods alter/remove Received: headers, so this is Not Recommended. Use this as a temporary crutch if you're getting hammered with forged headers and can't tell which are legit and which aren't. Run spamasssassin sooner - detect spam before local(8) gets the mail by using a smtpd_proxy_filter or milter to detect and reject spam before it enters your server. amavisd-new and spamass-milter are popular and effective choices. Note running spamassassin pre-queue may require more resources than running it during delivery since there's a time limit involved; your server must be able to finish scanning the mail before the remote server disconnects. Good luck. -- Noel Jones
Re: Mail forwarding loop
On 09/11/2012 08:40, Jamie Paul Griffin wrote: / David Rees wrote on Thu 8.Nov'12 at 14:59:01 -0800 / On Thu, Nov 8, 2012 at 8:25 AM, Daniele Nicolodi dani...@grinta.net wrote: I think I have a problem with my simple mail server. I noticed several bounce mails in the queue, which postfix in unable to deliver. You're seeing the same issue as was posted the other day in the thread Best way to handle a Delivered-To exploit??. Searching the archives similar issues have come up before, but no real good solutions that I could find. -Dave If you want to use content filtering with postfix, you might have better results if you use amavisd-new + spamassassin + clamav. It's just a suggestion but it does work well and it's dead easy to configure. May I also recommend the unofficial clamav signatures as well with my suggested filtering set-up. I believe plenty of postfix users have good results with this filtering method. Hello Jamie, I do not understand your hint. What does this have to do with incoming messages having a bogus Delivered-To header? As far as I know neither spamassassin or clamav have a feature that detects those. Best, Daniele
Re: Mail forwarding loop
/ Daniele Nicolodi wrote on Fri 9.Nov'12 at 10:06:14 +0100 / On 09/11/2012 08:40, Jamie Paul Griffin wrote: / David Rees wrote on Thu 8.Nov'12 at 14:59:01 -0800 / On Thu, Nov 8, 2012 at 8:25 AM, Daniele Nicolodi dani...@grinta.net wrote: I think I have a problem with my simple mail server. I noticed several bounce mails in the queue, which postfix in unable to deliver. You're seeing the same issue as was posted the other day in the thread Best way to handle a Delivered-To exploit??. Searching the archives similar issues have come up before, but no real good solutions that I could find. -Dave If you want to use content filtering with postfix, you might have better results if you use amavisd-new + spamassassin + clamav. It's just a suggestion but it does work well and it's dead easy to configure. May I also recommend the unofficial clamav signatures as well with my suggested filtering set-up. I believe plenty of postfix users have good results with this filtering method. Hello Jamie, I do not understand your hint. What does this have to do with incoming messages having a bogus Delivered-To header? As far as I know neither spamassassin or clamav have a feature that detects those. Best, Daniele Of course, you're right but having read the follow-ups from others, the issue looks as though there is some configuration issue with your spamassassin set-up so I thought it might be useful to suggest that you try using spamassassin with amavisd-new. I didn't mean to confuse you, and my comments may have seemed a bit random so sorry about that. :-)
Re: Mail forwarding loop
On 09/11/2012 10:35, Jamie Paul Griffin wrote: / Daniele Nicolodi wrote on Fri 9.Nov'12 at 10:06:14 +0100 / On 09/11/2012 08:40, Jamie Paul Griffin wrote: If you want to use content filtering with postfix, you might have better results if you use amavisd-new + spamassassin + clamav. It's just a suggestion but it does work well and it's dead easy to configure. May I also recommend the unofficial clamav signatures as well with my suggested filtering set-up. I believe plenty of postfix users have good results with this filtering method. Hello Jamie, I do not understand your hint. What does this have to do with incoming messages having a bogus Delivered-To header? As far as I know neither spamassassin or clamav have a feature that detects those. Best, Daniele Of course, you're right but having read the follow-ups from others, the issue looks as though there is some configuration issue with your spamassassin set-up so I thought it might be useful to suggest that you try using spamassassin with amavisd-new. I didn't mean to confuse you, and my comments may have seemed a bit random so sorry about that. :-) Can you please pinpoint the configuration issues you are mentioning? I believe my system is configured just right for what it is supposed to do. Cheers, Daniele
Mail forwarding loop
Hello, I think I have a problem with my simple mail server. I noticed several bounce mails in the queue, which postfix in unable to deliver. C0B0160EC 12730 Thu Nov 8 12:35:47 MAILER-DAEMON (lost connection with eforward5.registrar-servers.com[38.101.213.202] while receiving the initial server greeting) instant.checkm...@designakeackson.info All of them destined to what look to be fake addresses. The original mails that originate the bounce are indeed spam. On this server I use spamassassin as content filter, which re-injects the mail into postfix after scanning it via local delivery. Spam is then discarded via a sieve rule (not bounced). It looks like postfix detects a mail forwarding loop when the mail is re-injected by spamassassin via local delivery. Why isn't the loop detected when the mail is received by the smtpd? I do not like to generate unnecessary bounce mails. Is this a real problem? How can I fix it? Here is what I think is a relevant log excerpt: # egrep 2ABF060A6\|BCDF560EF\|C0B0160EC\|FD01D4DD-1DEF-1BC3-9A2A-5EDE8F9DD6C5 /var/log/mail.log Nov 8 12:35:46 zed postfix/smtpd[2515]: 2ABF060A6: client=designakeackson.info[176.126.174.9] Nov 8 12:35:46 zed postfix/cleanup[2517]: 2ABF060A6: message-id=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info Nov 8 12:35:46 zed postfix/qmgr[3850]: 2ABF060A6: from=instant.checkm...@designakeackson.info, size=9793, nrcpt=1 (queue active) Nov 8 12:35:46 zed spamd[2282]: spamd: processing message fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info for daniele:1000 Nov 8 12:35:47 zed spamd[2282]: spamd: result: Y 5 - BAYES_50,HTML_MESSAGE,RP_MATCHES_RCVD,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL scantime=1.4,size=9786,user=daniele,uid=1000,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=60966,mid=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info,bayes=0.50,autolearn=no Nov 8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 from=instant.checkm...@designakeackson.info Nov 8 12:35:47 zed postfix/cleanup[2517]: BCDF560EF: message-id=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info Nov 8 12:35:47 zed postfix/pipe[2518]: 2ABF060A6: to=dani...@grinta.net, relay=spamassassin, delay=1.7, delays=0.24/0.01/0/1.4, dsn=2.0.0, status=sent (delivered via spamassassin service) Nov 8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: from=instant.checkm...@designakeackson.info, size=10941, nrcpt=1 (queue active) Nov 8 12:35:47 zed postfix/qmgr[3850]: 2ABF060A6: removed Nov 8 12:35:47 zed postfix/local[2522]: BCDF560EF: to=dani...@grinta.net, relay=local, delay=0.02, delays=0/0.01/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for dani...@grinta.net) Nov 8 12:35:47 zed postfix/cleanup[2517]: C0B0160EC: message-id=20121108123547.c0b016...@zed.grinta.net Nov 8 12:35:47 zed postfix/bounce[2523]: BCDF560EF: sender non-delivery notification: C0B0160EC Nov 8 12:35:47 zed postfix/qmgr[3850]: C0B0160EC: from=, size=12730, nrcpt=1 (queue active) Nov 8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: removed Nov 8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host eforward3.registrar-servers.com[209.105.246.196] said: 450 4.1.1 instant.checkm...@designakeackson.info: Recipient address rejected: unverified address: unknown user: instant.checkm...@designakeackson.info (in reply to RCPT TO command) Nov 8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 421 4.3.2 All server ports are busy Nov 8 12:35:54 zed postfix/smtp[2512]: C0B0160EC: to=instant.checkm...@designakeackson.info, relay=eforward2.registrar-servers.com[209.105.246.195]:25, delay=7.2, delays=0/0/7/0.17, dsn=4.1.1, status=deferred (host eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 instant.checkm...@designakeackson.info: Recipient address rejected: unverified address: unknown user: instant.checkm...@designakeackson.info (in reply to RCPT TO command)) Nov 8 12:45:42 zed postfix/qmgr[3850]: C0B0160EC: from=, size=12730, nrcpt=1 (queue active) Nov 8 12:45:43 zed postfix/smtp[2566]: C0B0160EC: host eforward3.registrar-servers.com[209.105.246.196] refused to talk to me: 421 4.3.2 All server ports are busy Nov 8 12:46:05 zed postfix/smtp[2566]: C0B0160EC: host eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 instant.checkm...@designakeackson.info: Recipient address rejected: unverified address: unknown user: instant.checkm...@designakeackson.info (in reply to RCPT TO command) Nov 8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: host eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 421 4.3.2 All server ports are busy Nov 8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: host eforward4.registrar-servers.com[69.160.33.74] refused to talk to me: 421
Re: Mail forwarding loop
On 11/08/2012 05:25 PM, Daniele Nicolodi wrote: Hello, I think I have a problem with my simple mail server. I noticed several bounce mails in the queue, which postfix in unable to deliver. C0B0160EC 12730 Thu Nov 8 12:35:47 MAILER-DAEMON (lost connection with eforward5.registrar-servers.com[38.101.213.202] while receiving the initial server greeting) instant.checkm...@designakeackson.info All of them destined to what look to be fake addresses. The original mails that originate the bounce are indeed spam. On this server I use spamassassin as content filter, which re-injects the mail into postfix after scanning it via local delivery. Spam is then discarded via a sieve rule (not bounced). It looks like postfix detects a mail forwarding loop when the mail is re-injected by spamassassin via local delivery. Why isn't the loop detected when the mail is received by the smtpd? Postfix cannot detect a mail loop if it has never seen the message before. You are not re-injecting the filtered message, you are calling sendmail(1), which in turn invokes pickup(8): I do not like to generate unnecessary bounce mails. Is this a real problem? How can I fix it? Here is what I think is a relevant log excerpt: # egrep 2ABF060A6\|BCDF560EF\|C0B0160EC\|FD01D4DD-1DEF-1BC3-9A2A-5EDE8F9DD6C5 /var/log/mail.log Nov 8 12:35:46 zed postfix/smtpd[2515]: 2ABF060A6: client=designakeackson.info[176.126.174.9] Nov 8 12:35:46 zed postfix/cleanup[2517]: 2ABF060A6: message-id=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info Nov 8 12:35:46 zed postfix/qmgr[3850]: 2ABF060A6: from=instant.checkm...@designakeackson.info, size=9793, nrcpt=1 (queue active) Nov 8 12:35:46 zed spamd[2282]: spamd: processing message fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info for daniele:1000 Nov 8 12:35:47 zed spamd[2282]: spamd: result: Y 5 - BAYES_50,HTML_MESSAGE,RP_MATCHES_RCVD,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL scantime=1.4,size=9786,user=daniele,uid=1000,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=60966,mid=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info,bayes=0.50,autolearn=no Nov 8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 from=instant.checkm...@designakeackson.info Nov 8 12:35:47 zed postfix/cleanup[2517]: BCDF560EF: message-id=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info Nov 8 12:35:47 zed postfix/pipe[2518]: 2ABF060A6: to=dani...@grinta.net, relay=spamassassin, delay=1.7, delays=0.24/0.01/0/1.4, dsn=2.0.0, status=sent (delivered via spamassassin service) Nov 8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: from=instant.checkm...@designakeackson.info, size=10941, nrcpt=1 (queue active) Nov 8 12:35:47 zed postfix/qmgr[3850]: 2ABF060A6: removed Nov 8 12:35:47 zed postfix/local[2522]: BCDF560EF: to=dani...@grinta.net, relay=local, delay=0.02, delays=0/0.01/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for dani...@grinta.net) Nov 8 12:35:47 zed postfix/cleanup[2517]: C0B0160EC: message-id=20121108123547.c0b016...@zed.grinta.net Nov 8 12:35:47 zed postfix/bounce[2523]: BCDF560EF: sender non-delivery notification: C0B0160EC Nov 8 12:35:47 zed postfix/qmgr[3850]: C0B0160EC: from=, size=12730, nrcpt=1 (queue active) Nov 8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: removed Nov 8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host eforward3.registrar-servers.com[209.105.246.196] said: 450 4.1.1 instant.checkm...@designakeackson.info: Recipient address rejected: unverified address: unknown user: instant.checkm...@designakeackson.info (in reply to RCPT TO command) Nov 8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 421 4.3.2 All server ports are busy Nov 8 12:35:54 zed postfix/smtp[2512]: C0B0160EC: to=instant.checkm...@designakeackson.info, relay=eforward2.registrar-servers.com[209.105.246.195]:25, delay=7.2, delays=0/0/7/0.17, dsn=4.1.1, status=deferred (host eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 instant.checkm...@designakeackson.info: Recipient address rejected: unverified address: unknown user: instant.checkm...@designakeackson.info (in reply to RCPT TO command)) Nov 8 12:45:42 zed postfix/qmgr[3850]: C0B0160EC: from=, size=12730, nrcpt=1 (queue active) Nov 8 12:45:43 zed postfix/smtp[2566]: C0B0160EC: host eforward3.registrar-servers.com[209.105.246.196] refused to talk to me: 421 4.3.2 All server ports are busy Nov 8 12:46:05 zed postfix/smtp[2566]: C0B0160EC: host eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 instant.checkm...@designakeackson.info: Recipient address rejected: unverified address: unknown user: instant.checkm...@designakeackson.info (in reply to RCPT TO command) Nov 8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: host eforward1.registrar-servers.com[69.160.33.82] refused to talk to me
Re: Mail forwarding loop
On 11/08/2012 11:12 PM, Jeroen Geilman wrote: On 11/08/2012 05:25 PM, Daniele Nicolodi wrote: Hello, I think I have a problem with my simple mail server. I noticed several bounce mails in the queue, which postfix in unable to deliver. C0B0160EC 12730 Thu Nov 8 12:35:47 MAILER-DAEMON (lost connection with eforward5.registrar-servers.com[38.101.213.202] while receiving the initial server greeting) instant.checkm...@designakeackson.info All of them destined to what look to be fake addresses. The original mails that originate the bounce are indeed spam. On this server I use spamassassin as content filter, which re-injects the mail into postfix after scanning it via local delivery. Spam is then discarded via a sieve rule (not bounced). It looks like postfix detects a mail forwarding loop when the mail is re-injected by spamassassin via local delivery. Why isn't the loop detected when the mail is received by the smtpd? And now without thick-fingering CTRL-Enter: Postfix cannot detect a mail loop if it has never seen the message before. You are not re-injecting the filtered message, you are (or, rather, SA is) calling sendmail(1), which in turn invokes pickup(8): Nov 8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 from=instant.checkm...@designakeackson.info This means a different path is followed from the original submission over SMTP; sendmail-submitted mail generally lacks features that allow such loops to be detected. In this case, you are using the nobody user to re-submit the message, which will throw postfix off further, since it has no MAIL FROM: to match it with. Re-inject the message over a separate smtpd(8) instance instead; the content filter loopback will not alter the envelope, thus enabling postfix to detect a loop. smtpd(8): MAIL FROM: joe@home, RCPT TO: jim@work - Spamassassin - SMTP re-inject: MAIL FROM: joe@home, RCPT TO: jim@work. sendmail(1): MAIL FROM: joe@home, RCPT TO: jim@work - Spamassassin - sendmail: MAIL FROM: nobody (uid=65534), RCPT TO: jim@work. Note the nobody above. I do not like to generate unnecessary bounce mails. Is this a real problem? How can I fix it? Here is what I think is a relevant log excerpt: # egrep 2ABF060A6\|BCDF560EF\|C0B0160EC\|FD01D4DD-1DEF-1BC3-9A2A-5EDE8F9DD6C5 /var/log/mail.log Nov 8 12:35:46 zed postfix/smtpd[2515]: 2ABF060A6: client=designakeackson.info[176.126.174.9] Nov 8 12:35:46 zed postfix/cleanup[2517]: 2ABF060A6: message-id=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info Nov 8 12:35:46 zed postfix/qmgr[3850]: 2ABF060A6: from=instant.checkm...@designakeackson.info, size=9793, nrcpt=1 (queue active) Nov 8 12:35:46 zed spamd[2282]: spamd: processing message fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info for daniele:1000 Nov 8 12:35:47 zed spamd[2282]: spamd: result: Y 5 - BAYES_50,HTML_MESSAGE,RP_MATCHES_RCVD,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL scantime=1.4,size=9786,user=daniele,uid=1000,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=60966,mid=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info,bayes=0.50,autolearn=no Nov 8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 from=instant.checkm...@designakeackson.info Nov 8 12:35:47 zed postfix/cleanup[2517]: BCDF560EF: message-id=fd01d4dd-1def-1bc3-9a2a-5ede8f9dd...@designakeackson.info Nov 8 12:35:47 zed postfix/pipe[2518]: 2ABF060A6: to=dani...@grinta.net, relay=spamassassin, delay=1.7, delays=0.24/0.01/0/1.4, dsn=2.0.0, status=sent (delivered via spamassassin service) Nov 8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: from=instant.checkm...@designakeackson.info, size=10941, nrcpt=1 (queue active) Nov 8 12:35:47 zed postfix/qmgr[3850]: 2ABF060A6: removed Nov 8 12:35:47 zed postfix/local[2522]: BCDF560EF: to=dani...@grinta.net, relay=local, delay=0.02, delays=0/0.01/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for dani...@grinta.net) Nov 8 12:35:47 zed postfix/cleanup[2517]: C0B0160EC: message-id=20121108123547.c0b016...@zed.grinta.net Nov 8 12:35:47 zed postfix/bounce[2523]: BCDF560EF: sender non-delivery notification: C0B0160EC Nov 8 12:35:47 zed postfix/qmgr[3850]: C0B0160EC: from=, size=12730, nrcpt=1 (queue active) Nov 8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: removed Nov 8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host eforward3.registrar-servers.com[209.105.246.196] said: 450 4.1.1 instant.checkm...@designakeackson.info: Recipient address rejected: unverified address: unknown user: instant.checkm...@designakeackson.info (in reply to RCPT TO command) Nov 8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 421 4.3.2 All server ports are busy Nov 8 12:35:54 zed postfix/smtp[2512]: C0B0160EC: to=instant.checkm...@designakeackson.info, relay=eforward2.registrar-servers.com[209.105.246.195]:25, delay=7.2
Re: Mail forwarding loop
On 08/11/2012 23:21, Jeroen Geilman wrote: Postfix cannot detect a mail loop if it has never seen the message before. You are not re-injecting the filtered message, you are (or, rather, SA is) calling sendmail(1), which in turn invokes pickup(8): Nov 8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 from=instant.checkm...@designakeackson.info This means a different path is followed from the original submission over SMTP; sendmail-submitted mail generally lacks features that allow such loops to be detected. In this case, you are using the nobody user to re-submit the message, which will throw postfix off further, since it has no MAIL FROM: to match it with. Re-inject the message over a separate smtpd(8) instance instead; the content filter loopback will not alter the envelope, thus enabling postfix to detect a loop. smtpd(8): MAIL FROM: joe@home, RCPT TO: jim@work - Spamassassin - SMTP re-inject: MAIL FROM: joe@home, RCPT TO: jim@work. sendmail(1): MAIL FROM: joe@home, RCPT TO: jim@work - Spamassassin - sendmail: MAIL FROM: nobody (uid=65534), RCPT TO: jim@work. Note the nobody above. Hello Jeroen, thank you for your reply, but I do not follow you. My problem is that a mail forwarding loop is detected where I suppose there should be none, not the opposite. The same log you quite, imho shows that a proper FROM was indeed provided by sendmail, as I believe that Postfix reports the envelope sendere and not the From: header in its logs. My configuration is basically what described as Simple content filter example in the documentation: http://www.postfix.org/FILTER_README.html Cheers, Daniele
Re: Mail forwarding loop
On Thu, Nov 8, 2012 at 8:25 AM, Daniele Nicolodi dani...@grinta.net wrote: I think I have a problem with my simple mail server. I noticed several bounce mails in the queue, which postfix in unable to deliver. You're seeing the same issue as was posted the other day in the thread Best way to handle a Delivered-To exploit??. Searching the archives similar issues have come up before, but no real good solutions that I could find. -Dave
Re: Mail forwarding loop
On 11/08/2012 11:39 PM, Daniele Nicolodi wrote: On 08/11/2012 23:21, Jeroen Geilman wrote: Postfix cannot detect a mail loop if it has never seen the message before. You are not re-injecting the filtered message, you are (or, rather, SA is) calling sendmail(1), which in turn invokes pickup(8): Nov 8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 from=instant.checkm...@designakeackson.info This means a different path is followed from the original submission over SMTP; sendmail-submitted mail generally lacks features that allow such loops to be detected. In this case, you are using the nobody user to re-submit the message, which will throw postfix off further, since it has no MAIL FROM: to match it with. Re-inject the message over a separate smtpd(8) instance instead; the content filter loopback will not alter the envelope, thus enabling postfix to detect a loop. smtpd(8): MAIL FROM: joe@home, RCPT TO: jim@work - Spamassassin - SMTP re-inject: MAIL FROM: joe@home, RCPT TO: jim@work. sendmail(1): MAIL FROM: joe@home, RCPT TO: jim@work - Spamassassin - sendmail: MAIL FROM: nobody (uid=65534), RCPT TO: jim@work. Note the nobody above. Hello Jeroen, thank you for your reply, but I do not follow you. My problem is that a mail forwarding loop is detected where I suppose there should be none, not the opposite. The same log you quite, imho shows that a proper FROM was indeed provided by sendmail, as I believe that Postfix reports the envelope sendere and not the From: header in its logs. Ah, I see. I misread the question, then. See David's response for a possible explanation. My configuration is basically what described as Simple content filter example in the documentation: http://www.postfix.org/FILTER_README.html Cheers, Daniele -- J.
Re: Mail forwarding loop
/ David Rees wrote on Thu 8.Nov'12 at 14:59:01 -0800 / On Thu, Nov 8, 2012 at 8:25 AM, Daniele Nicolodi dani...@grinta.net wrote: I think I have a problem with my simple mail server. I noticed several bounce mails in the queue, which postfix in unable to deliver. You're seeing the same issue as was posted the other day in the thread Best way to handle a Delivered-To exploit??. Searching the archives similar issues have come up before, but no real good solutions that I could find. -Dave If you want to use content filtering with postfix, you might have better results if you use amavisd-new + spamassassin + clamav. It's just a suggestion but it does work well and it's dead easy to configure. May I also recommend the unofficial clamav signatures as well with my suggested filtering set-up. I believe plenty of postfix users have good results with this filtering method.
SMTP AUTH on alternative port and mail forwarding domains
Hello, I have a mail server with postfix 2.5.5 (Debian lenny) which is serving mail forwarding domains as described in VIRTUAL_README.html without any problems. The respective part in main.cf contains (domain name removed): virtual_alias_domains = virtual_alias_maps = cdb:/etc/postfix/virtual Now I had to set up a SASL-authenticated (just using sasldb) submission instance on that server on a non-standard port (25025) for a couple of users. The respective section in master.cf then reads like this: smtp inet n - - - - smtpd 25025 inet n - - - - smtpd -o smtpd_tls_auth_only=no -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_security_options=noanonymous,noplaintext -o smtpd_sasl_local_domain= -o broken_sasl_auth_clients=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o content_filter= With this the standard mail server still works like before and ESMTPA relaying for the authenticated users also works like expected but for one case: it bounces for recipients with addresses in the virtual forwarding domains which should be handled (i.e. mapped) by the server itself. I have tried to add the virtual_alias_domains and virtual_alias_maps settings explicitly via -o overwrites to the 25025 service in master.cf, but to no avail. Turning on verbose messages with -v on the 25025 smtpd shows in the logs that this smtpd is able to correctly resolve the virtual names in the section CHECKING RECIPIENT MAPS ... postfix/smtpd[11296]: maps_find: virtual_alias_maps: cdb:/etc/postfix/virtual(0,lock|fold_fix): test@ = test@ postfix/smtpd[11296]: mail_addr_find: test@ - test@ but mail to the address test@ still bounces if submitted via the smtpd on port 25025 while at the same time it is successfully delivered if injected via the standard smtpd. I assumed that for the 25025 smtpd anything which is not overwritten with -o in master.cf is exactly the same as defined in main.cf, but obviously I must be missing something here. Any hint as to what it is is highly appreciated. Kind regards, Ch. Scheurer
Re: SMTP AUTH on alternative port and mail forwarding domains
On 7/9/2011 10:10 AM, Christoph Scheurer wrote: Hello, I have a mail server with postfix 2.5.5 (Debian lenny) which is serving mail forwarding domains as described in VIRTUAL_README.html without any problems. The respective part in main.cf contains (domain name removed): virtual_alias_domains = virtual_alias_maps = cdb:/etc/postfix/virtual Now I had to set up a SASL-authenticated (just using sasldb) submission instance on that server on a non-standard port (25025) for a couple of users. The respective section in master.cf then reads like this: smtp inet n - - - - smtpd 25025 inet n - - - - smtpd -o smtpd_tls_auth_only=no -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_security_options=noanonymous,noplaintext -o smtpd_sasl_local_domain= -o broken_sasl_auth_clients=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o content_filter= With this the standard mail server still works like before and ESMTPA relaying for the authenticated users also works like expected but for one case: it bounces for recipients with addresses in the virtual forwarding domains which should be handled (i.e. mapped) by the server itself. I have tried to add the virtual_alias_domains and virtual_alias_maps settings explicitly via -o overwrites to the 25025 service in master.cf, but to no avail. Turning on verbose messages with -v on the 25025 smtpd shows in the logs that this smtpd is able to correctly resolve the virtual names in the section CHECKING RECIPIENT MAPS ... postfix/smtpd[11296]: maps_find: virtual_alias_maps: cdb:/etc/postfix/virtual(0,lock|fold_fix): test@ = test@ postfix/smtpd[11296]: mail_addr_find: test@ - test@ but mail to the address test@ still bounces if submitted via the smtpd on port 25025 while at the same time it is successfully delivered if injected via the standard smtpd. I assumed that for the 25025 smtpd anything which is not overwritten with -o in master.cf is exactly the same as defined in main.cf, but obviously I must be missing something here. Any hint as to what it is is highly appreciated. Kind regards, Ch. Scheurer Please show us postconf -n output, all non-comment lines from main.cf, and non-verbose logs illustrating the problem. -- Noel Jones
Re: SMTP AUTH on alternative port and mail forwarding domains
Hello, I am replying to myself, because I found the problem: smtp inet n - - - - smtpd 25025 inet n - - - - smtpd -o smtpd_tls_auth_only=no -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_security_options=noanonymous,noplaintext -o smtpd_sasl_local_domain= -o broken_sasl_auth_clients=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination -o content_filter= Here ^ I turned off the content_filter which is not needed for the SMTP AUTH submissions. I overlooked though that I had specified receive_override_options = no_address_mappings in main.cf so virtual mapping would not occur before the content_filter, and thus never for the additional smtpd listening on 25025. After adding a line -o receive_override_options= to it in master.cf now everything works as expected. Kind regards, Ch. Scheurer
Re: Mail forwarding
On 26/05/11 21:46, mouss wrote: Le 26/05/2011 18:41, pch0317 a écrit : Hi, I want to forward mail only for one user u...@mydomain.tld to u...@otherdomain.tld. I try do it in this way: /etc/postfix/virtual: ... u...@mydomain.tld u...@mydomain.tld, u...@otherdomain.tld ... When I send mail to u...@mydomain.tld it receive message but user u...@otherdomain.tld receive 2 identical copy of mail. How to send only one copy of mail to u...@otherdomain.tld http://www.postfix.org/FILTER_README.html http://www.postfix.org/postconf.5.html#receive_override_options perfect help Thanks
Mail forwarding
Hi, I want to forward mail only for one user u...@mydomain.tld to u...@otherdomain.tld. I try do it in this way: /etc/postfix/virtual: ... u...@mydomain.tld u...@mydomain.tld, u...@otherdomain.tld ... When I send mail to u...@mydomain.tld it receive message but user u...@otherdomain.tld receive 2 identical copy of mail. How to send only one copy of mail to u...@otherdomain.tld Thanks
Re: Mail forwarding
Le 26/05/2011 18:41, pch0317 a écrit : Hi, I want to forward mail only for one user u...@mydomain.tld to u...@otherdomain.tld. I try do it in this way: /etc/postfix/virtual: ... u...@mydomain.tld u...@mydomain.tld, u...@otherdomain.tld ... When I send mail to u...@mydomain.tld it receive message but user u...@otherdomain.tld receive 2 identical copy of mail. How to send only one copy of mail to u...@otherdomain.tld http://www.postfix.org/FILTER_README.html http://www.postfix.org/postconf.5.html#receive_override_options
Re: Mail forwarding possible when mailbox_size_limit is reached?
On Sun, Oct 24, 2010 at 09:14:08AM -0400, Wietse Venema wrote: Sending a mail to the test-account with a full mailbox results in postfix/smtpd[29666]: 5A32115CEAA: client=localhost.localdomain[127.0.0.1] postfix/cleanup[29651]: 5A32115CEAA: message-id=20101024125249.gb29...@de postfix/qmgr[28520]: 5A32115CEAA: from=a...@de, size=983, nrcpt=1 (queue active) postfix/smtpd[29666]: disconnect from localhost.localdomain[127.0.0.1] postfix/local[29650]: 5A32115CEAA: to=a...@de, relay=local, delay=0.01, delays=0/0/0/0, dsn=4.2.2, status=SOFTBOUNCE (cannot update mailbox /var/mail/abf for user abf. error writing message: File too large) (again, postfix does not forward the mail) Try without soft bounce (and without EX_TEMPFAIL). Thanks -- that was the problem! Now everything works as expected :-) Beside, I just checked: with soft_bounce=no, the order of the entries in .forward or /etc/aliases is NOT important -- the mails are always forwarded, even when the local mailbox is larger than mailbox_size_limit. Thank you! Axel
Mail forwarding possible when mailbox_size_limit is reached?
Hi, We are using both mail forwarding (with an alias_database and $HOME/.forward - files), and a mailbox_size_limit for the user mailboxes. The local delivery is done by postfix/local. The problem now is: If the mailbox is full, also the forwarding does not work anymore -- postfix/local generates a SOFTBOUNCE before trying to forward the mail: postfix/smtpd[12341]: A9B8515C6F8: client=localhost.localdomain[127.0.0.1] postfix/cleanup[12335]: A9B8515C6F8: message-id=20101022181430.e253115c...@...de postfix/qmgr[5039]: A9B8515C6F8: from=r...@de, size=855, nrcpt=1 (queue active) postfix/local[12342]: A9B8515C6F8: to=a...@de, relay=local, delay=1, delays=0/0.01/0/1, dsn=4.2.0, status=SOFTBOUNCE (can't create user output file. Command output: procmail: Error while writing to /var/mail/abf ) When there is space left in the mailbox, the mail is locally delivered and then also forwarded correctly: postfix/qmgr[5039]: A9B8515C6F8: from=r...@de, size=855, nrcpt=1 (queue active) postfix/local[12401]: A9B8515C6F8: to=a...@.de, relay=local, delay=425, delays=425/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a $EXTENSION) postfix/local[12401]: A9B8515C6F8: to=a...@.de, relay=local, delay=425, delays=425/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as B4E2015C0FA) postfix/qmgr[5039]: A9B8515C6F8: removed Is there an (easy) way how I could convince postfix to forward mails also if local delivery is impossible due to mailbox_size_limit? E.g. exchanging the order (first forwarding, then delivery in the local mailbox (and this local delivery maybe followed by the SOFTBOUNCE)) would be perfect for me. (Then it would be possible to distribute automatic warn messages to users whose mailbox is full). The configuration: service local is defined in master.cf as: local unix - n n - - local The relevant parts of postconf -n (except myhostname, the command-direcotries,..): alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases content_filter = smtp:[127.0.0.1]:10024 default_transport = uucp inet_interfaces = localhost mailbox_command = /usr/bin/procmail -a $EXTENSION mailbox_size_limit = 10240 message_size_limit = 3024 myorigin = /etc/mailname readme_directory = /usr/share/doc/postfix recipient_canonical_maps = hash:/etc/postfix/recipient_canonical recipient_delimiter = + relayhost = shuttle sender_canonical_maps = hash:/etc/postfix/sender_canonical soft_bounce = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 Axel
Re: Mail forwarding possible when mailbox_size_limit is reached?
Axel Freyn: Hi, We are using both mail forwarding (with an alias_database and $HOME/.forward - files), and a mailbox_size_limit for the user mailboxes. The local delivery is done by postfix/local. The problem now is: If the mailbox is full, also the forwarding does not work anymore -- postfix/local generates a SOFTBOUNCE before trying to forward the mail: postfix/smtpd[12341]: A9B8515C6F8: client=localhost.localdomain[127.0.0.1] postfix/cleanup[12335]: A9B8515C6F8: message-id=20101022181430.e253115c...@...de postfix/qmgr[5039]: A9B8515C6F8: from=r...@de, size=855, nrcpt=1 (queue active) postfix/local[12342]: A9B8515C6F8: to=a...@de, relay=local, delay=1, delays=0/0.01/0/1, dsn=4.2.0, status=SOFTBOUNCE (can't create user output file. Command output: procmail: Error while writing to /var/mail/abf ) I see no Postfix errors here. PROCMAIL updates the mailbox (and fails because of the limit) before PROCMAIL forwards the message. Wietse
Re: Mail forwarding possible when mailbox_size_limit is reached?
On 10/23/2010 01:15 PM, Axel Freyn wrote: Hi, We are using both mail forwarding (with an alias_database and $HOME/.forward - files), and a mailbox_size_limit for the user mailboxes. The local delivery is done by postfix/local. No it's not. mailbox_command = /usr/bin/procmail -a $EXTENSION Procmail does local mailbox delivery. -- J.
Re: Mail forwarding possible when mailbox_size_limit is reached?
Hi, On Sat, Oct 23, 2010 at 08:02:08AM -0400, Wietse Venema wrote: We are using both mail forwarding (with an alias_database and $HOME/.forward - files), and a mailbox_size_limit for the user mailboxes. The local delivery is done by postfix/local. The problem now is: If the mailbox is full, also the forwarding does not work anymore -- postfix/local generates a SOFTBOUNCE before trying to forward the mail: postfix/smtpd[12341]: A9B8515C6F8: client=localhost.localdomain[127.0.0.1] postfix/cleanup[12335]: A9B8515C6F8: message-id=20101022181430.e253115c...@...de postfix/qmgr[5039]: A9B8515C6F8: from=r...@de, size=855, nrcpt=1 (queue active) postfix/local[12342]: A9B8515C6F8: to=a...@de, relay=local, delay=1, delays=0/0.01/0/1, dsn=4.2.0, status=SOFTBOUNCE (can't create user output file. Command output: procmail: Error while writing to /var/mail/abf ) I see no Postfix errors here. PROCMAIL updates the mailbox (and fails because of the limit) before PROCMAIL forwards the message. Thanks for your fast reply! Probably my mail was not clear: I agree, there is now error due to Postfix. It probably behaves as it is configured and as it should (but: not as I would like it to behave in this situation ;-)) Let's assume, I have a $HOME/.forward which forwards mails for abf to the external Mail-adress axel-fr...@gmx.de, and keeps a local copy in /var/mail/abf. Then I would like to have the behaviour: a) If the mailbox_size_limit for /var/mail/abf is NOT reached: - a copy of the mail is stored locally in /var/mail/abf (that is done by Procmail, I think?) - a copy of the mail is forwarded to axel-fr...@gmx.de (with a new ID (here: B4E2015C0FA). (that is done by postfix/local?) b) If the mailbox_size_limit for /var/mail/abf IS reached: - local delivery to /var/mail/abf fails, (maybe creating a SOFTBOUNCE) - nevertheless, a copy of the mail is forwarded to axel-fr...@gmx.de. However, I did not succeed to obtain the second case. As my Postfix is configured now, it first tries to do the local delivery using procmail, and it stops the complete delivery process if procmail fails. So, if the mailbox_size_limit IS reached, postfix does NOT forward the mail to axel-fr...@gmx.de. So maybe my question could be reformulated as: Can I tell Postfix: FIRST do all forwarding ($HOME/.forward and /etc/aliases), and THEN pass the mail to procmail? That would result in my desired effect: - Mails are ALWAYS forwarded -- even when the local mailbox is full - Mails are locally delivered if the local mailbox_limit is not reached If the local mailbox is full, this local copy of the mail is returned with a Softbounce. Axel
Re: Mail forwarding possible when mailbox_size_limit is reached?
Wietse: PROCMAIL updates the mailbox (and fails because of the limit) before PROCMAIL forwards the message. Axel Freyn: Thanks for your fast reply! Probably my mail was not clear: I agree, there is now error due to Postfix. It probably behaves as it is configured and as it should (but: not as I would like it to behave in this situation ;-)) Let's assume, I have a $HOME/.forward which forwards mails for abf to the external Mail-adress axel-fr...@gmx.de, and keeps a local copy in /var/mail/abf. Then I would like to have the behaviour: a) If the mailbox_size_limit for /var/mail/abf is NOT reached: - a copy of the mail is stored locally in /var/mail/abf (that is done by Procmail, I think?) - a copy of the mail is forwarded to axel-fr...@gmx.de (with a new ID (here: B4E2015C0FA). (that is done by postfix/local?) b) If the mailbox_size_limit for /var/mail/abf IS reached: - local delivery to /var/mail/abf fails, (maybe creating a SOFTBOUNCE) - nevertheless, a copy of the mail is forwarded to axel-fr...@gmx.de. However, I did not succeed to obtain the second case. As my Postfix is Well, the problem was that PROCMAIL delivered to mailbox BEFORE forwarding, so don't make that same mistake with ~/.forward. Instead, deliver to mailbox AFTER forwarding. ~/.forward: axel-fr...@gmx.de # Postfix local(8) mailbox delivery. abf # procmail mailbox delivery with soft_bounce. # |/some/where/procmail ...procmail_arguments... || exit 75 (Status 75 is defined in /usr/include/sysexits.h as EX_TEMPFAIL). Wietse
Incorrect mail forwarding with virtual_alias_maps LDAP
Hi, I have inherited a postfix MDA that I'm just trying to understand and we currently have a problem with the forwarding of emails using LDAP lookups. Currently an email is forwarded if it matches the below map: virtual_alias_maps = ldap:ldapforward ldapforward_query_filter = ((|(mail=%s)(mailalternateaddress=%s))(mailforwardingaddress=*)) ldapforward_result_attribute = mailforwardingaddress Now if we have the following 2 LDAP users: mail=...@somedomain.com mail=f...@somedomain.com mailalternateaddress=catch...@somedomain.com mailforwardingaddress=f...@elsewhere.com The initial lookup doesnt match against bob as he has no mailforward, but then the postfix catchall lookup matches against the 2nd address and forwards the email that should of gone to bob. Whats the solution for this setup? How do I stop LDAP filters matching the catchall mailbox when a more specific one exists without a mailforward? We will need to do similar things to this later with AV anti-spam where we will need to match against bob and only match against catchall when there is no bob email account etc. I have been searching but havent found solutions to this problem, I'm guessing we are doing it wrong if others dont have this issue. Thanks in advance. Jim.
Re: Incorrect mail forwarding with virtual_alias_maps LDAP
j...@scusting.com: Hi, I have inherited a postfix MDA that I'm just trying to understand and we currently have a problem with the forwarding of emails using LDAP lookups. Currently an email is forwarded if it matches the below map: virtual_alias_maps = ldap:ldapforward ldapforward_query_filter = ((|(mail=%s)(mailalternateaddress=%s))(mailforwardingaddress=*)) ldapforward_result_attribute = mailforwardingaddress Now if we have the following 2 LDAP users: mail=...@somedomain.com mail=f...@somedomain.com mailalternateaddress=catch...@somedomain.com mailforwardingaddress=f...@elsewhere.com The initial lookup doesnt match against bob as he has no mailforward, but then the postfix catchall lookup matches against the 2nd address and forwards the email that should of gone to bob. Whats the solution for this setup? How do I stop LDAP filters matching the catchall mailbox when a more specific one exists without a mailforward? This requires a one-to-one virtual alias mapping: b...@example.com- b...@example.com By design, virtual aliasing stops when a right-hand side address matches the left-hand side (of course it also stops when a right-hand side address fails to match the virtual alias table). Wietse
Received: headers and mail forwarding loops
When I submit a mail to my Postfix server (using SASL auth over a TLS connection), Postfix adds the following received header: Received: from aletheia.cite.lan (33.33.33.333.dynamic.cablesurf.de [33.33.33.333]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.incertum.net (Postfix) with ESMTPSA for c...@example.net; Fri, 31 Jul 2009 23:42:33 +0200 (CEST) This is working as expected. If I create a new mail and forcibly insert the above header before I submit it, I get a NDR saying that there is a mail forwarding loop for c...@example.net - which is exactly what I expected, but I'm not 100% sure how this mechanism works. So my question is: Does Postfix compare both the sending host _and_ the recipient address in Received: headers? If not, with regard to Received: headers, which (if any) information is compared to detect a mail forwarding loop? Cheers Stefan
Re: Received: headers and mail forwarding loops
Stefan F?rster: When I submit a mail to my Postfix server (using SASL auth over a TLS connection), Postfix adds the following received header: Received: from aletheia.cite.lan (33.33.33.333.dynamic.cablesurf.de [33.33.33.333]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.incertum.net (Postfix) with ESMTPSA for c...@example.net; Fri, 31 Jul 2009 23:42:33 +0200 (CEST) This is working as expected. If I create a new mail and forcibly insert the above header before I submit it, I get a NDR saying that there is a mail forwarding loop for c...@example.net - which is As documented, Postfix uses Delivered-To: headers for loop detection. Local delivery agent: = prepend_delivered_header (default: command, file, forward) The message delivery contexts where the Postfix local(8) delivery agent prepends a Delivered-To: message header with the address that the mail was delivered to. This information is used for mail delivery loop detection. By default, the Postfix local delivery agent prepends a Delivered-To: header when forwarding mail and when delivering to file (mailbox) and command. Turning off the Delivered-To: header when forwarding mail is not recommended. Specify zero or more of forward, file, or command. Example: prepend_delivered_header = forward Pipe delivery agent: flags=BDFORXhqu. (optional) Optional message processing flags. By default, a message is copied unchanged. ... D Prepend a Delivered-To: recipient message header with the envelope recipient address. Note: for this to work, the transport_destination_recipient_limit must be 1 (see SINGLE-RECIPIENT DELIVERY above for details). The D flag also enforces loop detection (Postfix 2.5 and later): if a message already contains a Delivered-To: header with the same recipient address, then the message is returned as undeliverable. The address comparison is case insensitive. Wietse exactly what I expected, but I'm not 100% sure how this mechanism works. So my question is: Does Postfix compare both the sending host _and_ the recipient address in Received: headers? If not, with regard to Received: headers, which (if any) information is compared to detect a mail forwarding loop? Cheers Stefan
Re: Received: headers and mail forwarding loops
* Wietse Venema wie...@porcupine.org wrote: Stefan Förster: This is working as expected. If I create a new mail and forcibly insert the above header before I submit it, I get a NDR saying that there is a mail forwarding loop for c...@example.net - which is As documented, Postfix uses Delivered-To: headers for loop detection. I am very sorry - I had indeed pasted too many lines into my test email. Cheers Stefan
mail forwarding is not working at all
Dear all, I hope you all are very well. I have come with a strange problem with my email server which is running almost 2 years now. actually I have never tried the mail forwarding with the system but it has the option. Today I need to add the mail forwarding feature and found that the forwarding is not working. This is a suse 10.2 server with postfix-2.5.1-28.5. I have alredy gone through the mail; mail.info; mail.err and mail.warn log but no error reports related to this issue. More details - here is the config from my main.cf for forwarding `` virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_transport = dovecot dovecot_destination_recipient_limit = 1 virtual_uid_maps = static:5000 `` The mysql-virtual-alias-maps.cf and the mysql-email2email.cf has the mysql query with the correct database, userid/password to communicate the mysql. More over if I check like `` postmap -q email-id mysql:/etc/postfix/mysql-virtual-alias-maps.cf then it replies back the righ alias already set for that email id. but still the mails received by the email-id and not its alias email address. Is there anything required to enable the forwarding ? Here is the postconf -n ` alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 disable_dns_lookups = no disable_mime_output_conversion = no html_directory = /usr/share/doc/packages/postfix/html inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 2048 mydestination = $myhostname, localhost.$mydomain mydomain = mydomain myhostname = my hostname mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES receive_override_options = no_address_mappings relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_use_tls = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem smtpd_tls_key_file = /etc/ssl/private/postfix.pem smtpd_use_tls = yes strict_8bitmime = no strict_rfc821_envelopes = no unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_transport = dovecot virtual_uid_maps = static:5000 ` with regards
Re: mail forwarding is not working at all
On Tue, June 2, 2009 11:08 am, J. Bakshi said: I have come with a strange problem with my email server which is running almost 2 years now. actually I have never tried the mail forwarding with the system but it has the option. Today I need to add the mail forwarding feature and found that the forwarding is not working. This is a suse 10.2 server with postfix-2.5.1-28.5. [...] receive_override_options = no_address_mappings This explicitly disables address rewriting like aliasing. Unless you have something in your master.cf that overrides and enables rewriting, this is the culprit. [...] -- Magnus Bäck mag...@dsek.lth.se
Re: mail forwarding is not working at all
Magnus Bäck wrote: On Tue, June 2, 2009 11:08 am, J. Bakshi said: I have come with a strange problem with my email server which is running almost 2 years now. actually I have never tried the mail forwarding with the system but it has the option. Today I need to add the mail forwarding feature and found that the forwarding is not working. This is a suse 10.2 server with postfix-2.5.1-28.5. [...] receive_override_options = no_address_mappings This explicitly disables address rewriting like aliasing. Unless you have something in your master.cf that overrides and enables rewriting, this is the culprit. Hello Magnus, You are a Hero !!! I have reset the setting like ` receive_override_options = and the forwarding start working. Millions of thanks. [...]
mail forwarding loop for sample.em...@firstdomain.com
Hi there, I am getting error messages for mail sent to sample.em...@firstdomain.com but in the /etc/postfix/aliases file I have an entry for sample.email to send to sample.em...@anotherdomain.com . why am I getting a forwarding loop. Status: 5.4.6 Diagnostic-Code: X-Postfix; mail forwarding loop for sample.em...@firstdomain.com r...@firstdomain.com:/etc/postfix# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain 174.143.253.66 firstdomain.com # cat /etc/mailname firstdomain.com Please help. Cheers, Noah
Re: mail forwarding loop for sample.em...@firstdomain.com
admin2: Hi there, I am getting error messages for mail sent to sample.em...@firstdomain.com but in the /etc/postfix/aliases file I have an entry for sample.email to send to sample.em...@anotherdomain.com . why am I getting a forwarding loop. Status: 5.4.6 Diagnostic-Code: X-Postfix; mail forwarding loop for sample.em...@firstdomain.com r...@firstdomain.com:/etc/postfix# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain 174.143.253.66 firstdomain.com # cat /etc/mailname firstdomain.com Please help. Please read the mailing list welcome message, repeated below. TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
Mail forwarding
Can I use Postfix as a host for email forwarding? The scenario I envision is an Alum or Faculty member authenticates to a web portal, then tells the system where to forward their email. All email destined for Staff would go to our current email system. Any thoughts are welcome. Regards, Jeff It does not require many words to speak the truth. - Chief Joseph, Great Nez Perce Indian Chief