On Wed, Sep 08, 2021 at 03:33:05PM +0200, fo...@gmx.de wrote: > Hello together, > I have "Ubuntu 20.04.3 LTS" on a raspberry pi 4, and I'm trying to config > postfix to rewrite local-addresses and use then sender-dependent relayhosts. > > Postfix is mail_version = 3.4.13 and i have a dynamic IP. > > The setup looks /should be like this: > > 1) local user sends email to postfix (local emailserver) > 2) postfix rewrites FROM Address > 3) dependent on the rewriten FROM Address pick the right relayhost > 4) submits the mail to the relayhost via port 587 with the credentials from > pass_smarthost > > For point 1) an 2) i have a file sender_canonical created: > ------------------------------------------------------------------------- > Local_User_A@local.homenet us...@gmx.de > Local_User_B@local.homenet us...@gmail.com > ------------------------------------------------------------------------- > > For point 3) i have a file relaymap created: > ------------------------------------------------------------------------- > @gmx.de mail.gmx.net:587 > @gmail.com smtp.gmail.com:587 > ------------------------------------------------------------------------- > > For point 4) i have a file pass_smarthost created: > ------------------------------------------------------------------------- > us...@gmx.de us...@gmx.de:UserA-GMX-Password > us...@gmail.com us...@gmail.com:UserB-Gmail-Password > ------------------------------------------------------------------------- > > I tested it with this: > ------------------------------------------------------------------------- > echo "test" | sendmail -f ttm xxxx...@posteo.de > ------------------------------------------------------------------------- > > But currently i get: > > tail -f /var/log/syslog | grep --line-buffered "postfix\|relay\|generic" > ------------------------------------------------------------------------- > Sep 7 18:28:29 ubuntu-RPI4 postfix/pickup[24810]: 5CFF24028B: uid=0 > from=<ttm> > Sep 7 18:28:29 ubuntu-RPI4 postfix/cleanup[24830]: 5CFF24028B: > message-id=<20210907182829.5CFF24028B@ttmsacer.homenet> > Sep 7 18:28:29 ubuntu-RPI4 postfix/qmgr[24811]: 5CFF24028B: > from=<ttm@ttmsacer.homenet>, size=256, nrcpt=1 (queue active) > Sep 7 18:28:29 ubuntu-RPI4 postfix/smtp[24833]: connect to > mx04.posteo.de[185.67.36.64]:25: Connection refused > Sep 7 18:28:29 ubuntu-RPI4 postfix/smtp[24833]: connect to > mx01.posteo.de[185.67.36.61]:25: Connection refused > Sep 7 18:28:29 ubuntu-RPI4 postfix/smtp[24833]: connect to > mx01.posteo.de[185.67.36.62]:25: Connection refused > Sep 7 18:28:29 ubuntu-RPI4 postfix/smtp[24833]: connect to > mx03.posteo.de[185.67.36.63]:25: Connection refused > Sep 7 18:28:29 ubuntu-RPI4 postfix/smtp[24833]: connect to > mx03.posteo.de[185.67.36.70]:25: Connection refused > Sep 7 18:28:29 ubuntu-RPI4 postfix/smtp[24833]: 5CFF24028B: > to=<xxxx...@posteo.de>, relay=none, delay=0.51, delays=0.07/0.08/0.36/0, > dsn=4.4.1, status=deferred (connect to mx03.posteo.de[185.67.36.70]:25: > Connection refused) > ------------------------------------------------------------------------- > > For me it looks like, that postfix tries to deliver the email directly > to the recipient server on port 25 - instead of using the relayhost > (here gmx.de). > And the rewrite didnt come to the correct address - maybe a circle? > After the rewrite the FROM Address should be the us...@gmx.de not > ttm@ttmsacer.homenet. > > I tried to add the "-v" option in the master.cf to see more details or get a > hint whats going round. > > But i didn't get the error. What am I missing? Any hint would be helpful. > > Thank you in advance. > > main.cf > ------------------------------------------------------------------------- > [...] > receive_override_options = no_address_mappings
I could be wrong, but I don't think you want the above setting. You have canonical address maps and virtual alias maps, and this setting disables them both. Normally, I think you'd only use this setting when there's an external filter, and you want the address mappings to take place after the filter so that the filter itself has access to the original addresses. But you don't have a content_filter, so address mapping is just completely disabled. http://www.postfix.org/postconf.5.html#receive_override_options The above documentation doesn't specifically mention "sender canonical address mapping", but it might be implied where it refers to "canonical address mapping". Not sure about that, but you did say that the address rewriting isn't happening, so it probably is implied. > [...] > sender_canonical_maps = hash:/etc/postfix/sender_canonical > sender_dependent_relayhost_maps = hash:/etc/postfix/relaymap > [...] > smtp_generic_maps = hash:/etc/postfix/sender_canonical Does it make sense to use the same map for sender_canonical_maps and smtp_generic_maps? Perhaps it does. It just struck me as possibly odd. Perhaps it's fine. According to http://www.postfix.org/ADDRESS_REWRITING_README.html, the generic maps aren't turned off by receive_override_options (because it's for the sending stage, not the receiving stage), so maybe they at least are being performed, but only once the mail is already on its way out via the smtp(8). I think you still want the canonical address mapping to take place before that (by removing receive_override_options) so that the sender_dependent_relayhost_maps can have an effect. > smtp_sasl_security_options = noanonymous I'd leave the above at its more secure default value to ensure that passwords can't be sent unencrypted. But perhaps I just don't understand the reason why people change this setting. But it probably never actually results in passwords being sent unencrypted anyway, so it probably doesn't really matter. > [...] > smtpd_sasl_auth_enable = yes The above should probably be removed from main.cf and added to the submission service in master.cf instead. It won't solve your problem, but it's better. You don't need or want authentication on port 25. The other smtpd_sasl_* settings can stay in main.cf or be moved to master.cf. Actually, smtpd_sasl_auth_enable is already in master.cf, so you can just delete it from main.cf to prevent unwanted authentication attempts on port 25. > -- > best regards, > Thomas I hope some of that helps. cheers, raf
