I have a new IP address of unknown quality (188.183.101.186).
I am therefore for the time being using an external smarthost. But I
would like to test direct mail to various places by using a specific
sender address with no disturbance of other users.
So I have tried the following:
root@nuser:~# postconf -n | egrep "relay|transport" |grep -v restrictions
relayhost = [smarthost.arrowmail.co.uk]:587
sender_dependent_default_transport_maps =
cdb:/etc/postfix/sender_default_transport
root@nuser:~# cat /etc/postfix/sender_default_transport
jd-dir...@dybdal.dk smtp
Which I had hoped would cause direct to MX delivery of mail from
jd-dir...@dybdal.dk.
But mails from that address is still delivered to the smarthost.
So what have I mosunderstood? Is the syntax of
/etc/postfix/sender_default_transport not correct?
Log example:
Sep 23 21:30:05 nuser postfix/qmgr[16383]: 46cZCd2SKMz4FSCx:
from=<jd-dir...@dybdal.dk>, size=1869, nrcpt=1 (queue active)
Sep 23 21:30:05 nuser amavis[14701]: (14701-09) Passed CLEAN
{RelayedInternal}, ORIGINATING LOCAL [10.148.46.2]:50022
<jd-dir...@dybdal.dk> -> <RECIPIENT>,
Message-ID: <73522761-a639-2af1-2b12-d0a87e2a9...@dybdal.dk>,
mail_id: UIl63qJ0WKFg, Hits: -2.899, size: 646, queued_as:
46cZCd2SKMz4FSCx, dkim_new=dybdal-20171111:dyb
dal.dk, 732 ms
Sep 23 21:30:05 nuser postfix/587/smtpd[16385]: proxy-accept:
END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0
Ok: queued as 46cZCd2SKMz4FSCx; from
=<jd-dir...@dybdal.dk> to=<RECIPIENT> proto=ESMTP helo=<[10.148.46.2]>
Sep 23 21:30:05 nuser postfix/587/smtpd[16385]: disconnect from
spir.h.dybdal.dk[10.148.46.2] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1
data=1 quit=1 commands=8
Sep 23 21:30:05 nuser postfix/smtp[16396]: Untrusted TLS connection
established to smarthost.arrowmail.co.uk[78.129.199.227]:587: TLSv1.2
with cipher ECDHE-RSA-AES256-S
HA384 (256/256 bits)
Sep 23 21:30:05 nuser dovecot: imap(jdimap): Connection closed (IDLE
running for 0.001 + waiting input for 0.002 secs, 2 B in + 10+0 B out,
state=wait-input) in=7758 ou
t=58197
Sep 23 21:30:05 nuser postfix/smtp[16396]: 46cZCd2SKMz4FSCx:
to=<RECIPIENT>, relay=smarthost.arrowmail.co.uk[78.129.199.227]:587,
delay=0.59, delays=0.06/0
.01/0.37/0.15, dsn=2.6.0, status=sent (250 2.6.0 Ok, message saved
<Message-ID: <73522761-a639-2af1-2b12-d0a87e2a9...@dybdal.dk>>)
Sep 23 21:30:05 nuser postfix/qmgr[16383]: 46cZCd2SKMz4FSCx: removed
postconf -n:
root@nuser:~# postconf -n
alias_database = cdb:/etc/aliases
alias_maps = cdb:/etc/aliases
append_dot_mydomain = no
authorized_submit_users = /etc/postfix/authorized_submit_users
biff = no
body_checks = regexp:/etc/postfix/regexp_bodychecks
body_checks_size_limit = 150000
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
compatibility_level = 2
default_database_type = cdb
delay_warning_time = 2h
enable_long_queue_ids = yes
fast_flush_domains =
header_checks = regexp:/etc/postfix/regexp_headerchecks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = ipv4
local_header_rewrite_clients = permit_inet_interfaces,
permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts
mailbox_command = procmail -a "$RECIPIENT"
mailbox_size_limit = 0
message_size_limit = 52428800
mime_header_checks = regexp:/etc/postfix/regexp_mimeheaderchecks
mydestination = nuser.dybdal.dk, localhost.dybdal.dk,
nuser.h.dybdal.dk, localhost.h.dybdal.dk, localhost
myhostname = nuser.dybdal.dk
mynetworks_style = host
myorigin = /etc/mailname
not_jd_access_check = check_recipient_access
regexp:/etc/postfix/regexp_not_jd_access
parent_domain_matches_subdomains =
policy-spf_time_limit = 3600s
rblaggressive = reject_rbl_client smtp.dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net, check_client_access
regexp:/etc/postfix/regexp_allow_dk, reject_rbl_client bl.spamcop.net,
rblcountries = reject_rbl_client zen.spamhaus.org, reject_rbl_client
cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net,
check_client_access regexp:/etc/postfix/regexp_allow_dk,
reject_rbl_client bl.spamcop.net, reject_rbl_client
cn.countries.nerd.dk, reject_rbl_client kr.countries.nerd.dk,
reject_rbl_client tw.countries.nerd.dk, reject_rbl_client
ng.countries.nerd.dk
rblmild = reject_rbl_client smtp.dnsbl.sorbs.net,
rblnormal = reject_rbl_client smtp.dnsbl.sorbs.net,
check_client_access regexp:/etc/postfix/regexp_allow_dk,
reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
readme_directory = /usr/share/doc/postfix
recipient_access_check = check_recipient_access
regexp:/etc/postfix/regexp_access,
recipient_delimiter = +
relayhost = [smarthost.arrowmail.co.uk]:587
sasl_access_check = check_sasl_access
regexp:/etc/postfix/regexp_sasl_access
sender_bcc_maps = regexp:/etc/postfix/regexp_sender_bcc_maps
sender_dependent_default_transport_maps =
cdb:/etc/postfix/sender_default_transport
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = cdb:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = recipient_access_check, permit_mynetworks,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_non_fqdn_sender, check_sender_access
regexp:/etc/postfix/regexp_sender, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unlisted_recipient,
reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_discard_ehlo_keywords = silent-discard, etrn
smtpd_etrn_restrictions = reject
smtpd_helo_restrictions = not_jd_access_check, permit
smtpd_recipient_restrictions = permit_mynetworks, check_client_access
regexp:/etc/postfix/regexp_skip_spf_and_greylist_client,
check_recipient_access
regexp:/etc/postfix/regexp_skip_spf_and_greylist_recipient,
check_policy_service unix:private/policy-spf, check_recipient_access
regexp:/etc/postfix/regexp_greylist, check_client_access
cidr:/etc/postfix/cidr_skip_greylist, permit_dnswl_client
list.dnswl.org, check_policy_service inet:127.0.0.1:10023, permit
smtpd_relay_restrictions = permit_mynetworks,
reject_unauth_destination, permit
smtpd_restriction_classes = rblmild, rblnormal, rblaggressive,
rblcountries, recipient_access_check, sasl_access_check,
not_jd_access_check, spamblock_senders
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = regexp:/etc/postfix/regexp_sender_login_maps
smtpd_sender_restrictions = permit_mynetworks, check_client_access
cdb:/etc/postfix/checkip, check_client_access
regexp:/etc/postfix/regexp_checkip,
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
permit_dnswl_client list.dnswl.org=127.0.[0..255].[2..3],
permit_dnswl_client list.dnswl.org=127.0.[3;5].[0..255],
check_recipient_access regexp:/etc/postfix/regexp_select_rbl, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/nuser.dybdal.dk/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/nuser.dybdal.dk/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
smtputf8_enable = no
spamblock_senders = check_sender_access
regexp:/etc/postfix/regexp_spamblock_senders
unknown_address_reject_code = 550
virtual_alias_domains = regexp:/etc/postfix/virtual_regexp
virtual_alias_maps = regexp:/etc/postfix/virtual_regexp
root@nuser:~#
--
Jesper Dybdal
http://www.dybdal.dk
