header_checks - transport problem

Tue, 16 Nov 2021 06:10:16 -0800 

Hi all,
I try to use header_checks to route mails with a specific header through a different SMTP with special TLS options. 

Therefore I configured a new SMTP service in master.cf:
    smtp-sec      unix  -       -       y       -       -       smtp
      -o smtp_header_checks=
      -o syslog_name=postfix_smtp-sec
      -o smtp_tls_security_level=secure

and a test header check:
    /^Subject: test1test/   FILTER smtp-sec:

This is for testing only. Later I wanted to do this with special headers.


According to the documentation 
(http://www.postfix.org/header_checks.5.html) it should be possible 
since Postfix 2.7 with this entry to change the transport but not the 
nexthop:
  "... To override the recipient's transport but not the next-hop 
destination, specify an empty filter destination ..."

I use postfix 3.5.6-1+b1 (Debian 11).


My postfix has a transport table for sending mails for the internal 
domain to a mailbox server:

    testdomain.net        relay:[10.0.0.2]


But now when a mail for testdomain.net with the subject "test1test" 
arrives, postfix does a MX lookup and gives an error:

    end attr reason = mail for testdomain.net loops back to myself


The log shows that trivial-rewrite does a lookup on the transport map 
and sets the nexthop:
    Nov 16 13:38:19 mailtest1 postfix/trivial-rewrite[1143350]: 
`t...@example.org' -> `tes...@testdomain.net' -> (`relay' `[10.0.0.2]' 
`tes...@testdomain.net' `2048')
    Nov 16 13:38:19 mailtest1 postfix/trivial-rewrite[1143350]: send 
attr flags = 0
    Nov 16 13:38:19 mailtest1 postfix/trivial-rewrite[1143350]: send 
attr transport = relay
    Nov 16 13:38:19 mailtest1 postfix/trivial-rewrite[1143350]: send 
attr nexthop = [10.0.0.2]


Then cleanup sets the transport:

    Nov 16 13:38:19 mailtest1 postfix/cleanup[1147934]: 5C0D85B05: 
filter: header Subject: test1test from unknown[192.0.2.1]; 
from=<t...@example.org> to=<tes...@testdomain.net> proto=ESMTP 
helo=<mailer.example.org>: smtp-safe:


But the smtp-sec service does a MX loopup and ends in an

    Nov 16 13:38:19 mailtest1 postfix_smtp-sec/smtp[1147935]: send attr 
action = failed
    Nov 16 13:38:19 mailtest1 postfix_smtp-sec/smtp[1147935]: send attr 
reason = mail for testdomain.net loops back to myself


Do I miss anything or is it an incorrect approach?

Regards
  Marcus






















					Reply via email to