On 02/09/2019 18:36, Reio Remma wrote:
On 02/09/2019 17:05, gil...@poolp.org wrote:
September 2, 2019 3:35 PM, "Reio Remma" <r...@mrstuudio.ee> wrote:

I was able to have virtual aliases pointing to external addresses with the old syntax, but it
doesn't seem to work like that with new rules:

Not awake enough to process what follows but the new syntax certainly allows this
as my whole infrastructure depends on it ;-)

I suspect that there's a problem with the ruleset that prevents external addresses
from matching a rule themselves.

Looking at you config at https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/

Now I ended up switcing to tls-require on port 25. I wonder how much spam that will take down! :)

I also notice you're not using match auth anywhere, I think this might make the difference for mails from remote addresses to virtuals aliased to another remote address. I didn't have auth in the old config.


action filter_incoming relay host smtp://
action sign_outgoing   relay host smtp://
action relay_outgoing  relay
action deliver_lmtp    lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <virtuals> userbase <userinfo>

match tag FILTERED     for domain <domains> action deliver_lmtp
match tag SIGNED       for any action relay_outgoing
match auth from any    for domain <domains> action deliver_lmtp
match from any         for domain <domains> rcpt-to <recipients> action filter_incoming
match auth from any    for any action sign_outgoing

Old rules were:

accept tagged Filtered for domain <domains> virtual <virtuals> userbase <userinfo> deliver to lmtp
"/var/run/dovecot/lmtp" rcpt-to
accept from local      for domain <domains> virtual <virtuals> userbase <userinfo> deliver to lmtp
"/var/run/dovecot/lmtp" rcpt-to
accept from !local     for domain <domains> recipient <recipients> relay via smtp://
accept tagged Signed   for any relay
accept from local      for any relay via smtp://

recipi...@mydomain.com used to be nicely redirected to a remote recipi...@someotherdomain.com, but
with the new syntax it doesn't hit any rules.

I found that adding "match tag FILTERED for any action relay_outgoing" after "match tag FILTERED
for domain <domains> action deliver_lmtp" solves the issue.

I suspect that the old "accept tagged Filtered" went straight to MTA after expanding the virtual

Does it sound right to "match tag FILTERED for any" after dealing with FILTERED for our domains?

Can I do anything about DKIM breaking for forwarded mails?


Reio Remma

MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33

Reply via email to