>>>>> "Wietse" == Wietse Venema <wie...@porcupine.org> writes:
> Viktor Dukhovni: >> On Fri, Dec 02, 2022 at 11:36:30AM -0500, John Stoffel wrote: >> >> > I tried setting up /etc/postfix/transport_maps like this: >> > >> > charter.net [mobile.charter.net]:587 > The right-hand side should be > transport:nexthop > or > transport:nexthop:service-or-port > Where transport is the name of a mail delivery service in master.cf, > like 'smtp' or 'relay'. Thanks, this was just the nudge I needed to make this work. But... it turns out that charter.net deliveries to port 587 requires that I change the following two configs: smtp_tls_wrappermode = yes smtp_tls_security_level = encrypt where I used to just have smtp_tls_security_level = may before. So I strongly suspect I need to setup a new transport in master.cf called "charter" which will overridge those two settings for deliveries, so I added this: # Added to deliver mail to charter.net, 20221202 charter unix n - y - - smtp -o smtp_tls_wrappermode=yes -o smtp_tls_security_level=encrypt And this works, but now I need to tweak the transport so that when it logs in, the MAIL FROM uses the proper name of jstof...@charter.net, but I haven't been able to make it work quite yet. I've also setup two pcre maps, and now my transport looks like this: # Added to deliver mail to charter.net, 20221202 charter unix - - y - - smtp -o smtp_tls_wrappermode=yes -o smtp_tls_security_level=encrypt -o smtp_generic_maps=hash:/etc/postfix/sender_charter -o header_checks=pcre:/etc/postfix/charter_header_first -o smtp_header_checks=pcre:/etc/postfix/charter_header_second And the two maps are: # cat charter_header_first /^From:(.*)/ PREPEND X-Original-From: $1 # cat charter_header_second /^From:(.*)/ REPLACE From: <jstof...@charter.net> Note: Of course I want this to work properly if I have multiple recipients in an email but only one of them is in an @charter.net address, only that single email should be re-written to have the new From: header. Anyway, when I do the above, I get the following in the logs, which tells me I proably need to tweak the masquerade setting for the charter transport: Dec 3 16:47:21 localhost postfix/smtp[548460]: Untrusted TLS connection established to mobile.charter.net[47.43.18.12]:587: TLSv1.2 with cipher AES256-SHA256 (256/256 bits) Dec 3 16:47:26 localhost postfix/smtp[548460]: EE29D275BF: to=<jstof...@charter.net>, relay=mobile.charter.net[47.43.18.12]:587, delay=5.3, delays=0.05/0.01/0.17/5.1, dsn=5.1.0, status=bounced (host mobile.charter.net[47.43.18.12] said: 550 5.1.0 <j...@stoffel.org> sender rejected (in reply to MAIL FROM command)) So I'm getting there, but not quite. Would it be smarter to just setup two instances of postfix, and use the transport map from the main instance to only send to the second when needed, and then do all the header re-writing there? Thanks, John