>>>>> "Wietse" == Wietse Venema <wie...@porcupine.org> writes:
> Viktor Dukhovni:
>> On Fri, Dec 02, 2022 at 11:36:30AM -0500, John Stoffel wrote:
>>
>> > I tried setting up /etc/postfix/transport_maps like this:
>> >
>> > charter.net [mobile.charter.net]:587
> The right-hand side should be
> transport:nexthop
> or
> transport:nexthop:service-or-port
> Where transport is the name of a mail delivery service in master.cf,
> like 'smtp' or 'relay'.
Thanks, this was just the nudge I needed to make this work. But... it
turns out that charter.net deliveries to port 587 requires that I
change the following two configs:
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
where I used to just have
smtp_tls_security_level = may
before. So I strongly suspect I need to setup a new transport in
master.cf called "charter" which will overridge those two settings for
deliveries, so I added this:
# Added to deliver mail to charter.net, 20221202
charter unix n - y - - smtp
-o smtp_tls_wrappermode=yes
-o smtp_tls_security_level=encrypt
And this works, but now I need to tweak the transport so that when it
logs in, the MAIL FROM uses the proper name of jstof...@charter.net,
but I haven't been able to make it work quite yet.
I've also setup two pcre maps, and now my transport looks like this:
# Added to deliver mail to charter.net, 20221202
charter unix - - y - - smtp
-o smtp_tls_wrappermode=yes
-o smtp_tls_security_level=encrypt
-o smtp_generic_maps=hash:/etc/postfix/sender_charter
-o header_checks=pcre:/etc/postfix/charter_header_first
-o smtp_header_checks=pcre:/etc/postfix/charter_header_second
And the two maps are:
# cat charter_header_first
/^From:(.*)/ PREPEND X-Original-From: $1
# cat charter_header_second
/^From:(.*)/ REPLACE From: <jstof...@charter.net>
Note: Of course I want this to work properly if I have multiple
recipients in an email but only one of them is in an @charter.net
address, only that single email should be re-written to have the new
From: header.
Anyway, when I do the above, I get the following in the logs, which
tells me I proably need to tweak the masquerade setting for the
charter transport:
Dec 3 16:47:21 localhost postfix/smtp[548460]: Untrusted TLS
connection established to mobile.charter.net[47.43.18.12]:587: TLSv1.2
with cipher AES256-SHA256 (256/256 bits)
Dec 3 16:47:26 localhost postfix/smtp[548460]: EE29D275BF:
to=<jstof...@charter.net>, relay=mobile.charter.net[47.43.18.12]:587,
delay=5.3, delays=0.05/0.01/0.17/5.1, dsn=5.1.0, status=bounced (host
mobile.charter.net[47.43.18.12] said: 550 5.1.0 <j...@stoffel.org>
sender rejected (in reply to MAIL FROM command))
So I'm getting there, but not quite. Would it be smarter to just
setup two instances of postfix, and use the transport map from the
main instance to only send to the second when needed, and then do all
the header re-writing there?
Thanks,
John
