> sorry for late reply on this here,
No problem Benny. Thanks for taking the time to review ...
> i noted from logs that you use
> mimedefang and amavisd for same mails, why ?
amavisd runs spamassassin and clamav. No difference in setup between
Postfix 2.11 and 3.1.
I just added mimedefang to perform some additional message mangling to help
out really old clients (like removing redundant html). But I'm confident
that's irrelevant to the From: domain problem since I can take out
mimedefang and the problem persists.
> and as well that postfix send auth users mails to amavisd inbound so its
> classified as incomming mails, clean that up :=)
>
> -o content-filter override in master.cf on postfix solves this very
> nice, dont use content-filer in postfix main.cf, little hint here
We want all emails to go through amavis (spamassassin and clamav), whether
they are from one of our relay domains, virtual domains, a local user, or
the outside world. We follow /usr/share/doc/amavisd-new/README.postfix.html
section 3.1 - Filtering E-mail globally.
Are you suggesting something different? Can you be more explicit?
Regardless, I don't think this is related to the From: domain problem since
the config is the same for Postfix 2.11 and 3.1(unless there's a mistake
that I can't find).
> make sure amavisd have same mynetworks settings as postfix have, both
> should know all border ips aswell as rfc1918, and ipv6 dito, basicly all
> in ifconfig as a minimal
If you're referring to the following line:
amavis[2735]: (02735-07) Open relay? Nonlocal recips but not
originating: @
then, yeah, I've struggled with that. (And based on Internet searches many
others do, too!) I've verified it's not an open relay. We're not using
IPv6 and the IPv4 nets are the same in amavis mynetworks and postfix
mynetworks. Yet it continues to complain.
I'm not sure what you mean by "... both should know all border IPs ...".
Can you be more explicit?
Regardless, the configuration is the same in postfix 2.11 and 3.1 So I
don't see how that could be causing the difference in behavior either
(unless there's a mistake that I can't find).
> and i think you have a problem on how sasl is configured on dovecot, is
> it only local system users auth that can relay mails ?, that way the
> auth only check local part of the mails to allow senders, that explains
> possible to change domain part and still authed for the local part of
> email, check that and ask for help with that on dovecot maillist
Dovecot performs SASL authentication of virtual domain users on the
submission port. There are only a couple of local accounts for sysadmins,
and they don't use submission or SASL. Since the problem with the Postfix
3.1 machine DOES involve the virtual domain being changed to the mail
gateway's hostname and this doesn't happen for relay domains, you may be
onto something. But SASL does check both local part and domain part. And
the SASL config hasn't changed between 2.11 and 3.1 (unless there's a
mistake that I can't find).
I don't understand what problem you see. Can you be more specific?
> basicly random realm domain
>
> to big logs make it harder for me to nerrow it more dowm
Well, thanks for taking a look. I've been over and over the configs using
diff tools and I don't find anything significantly different between the
2.11 and the 3.1 configs. Yet the 3.1 system results in the recipient
seeing the wrong From: domain at one (so far) email hosting provider.
The email hosting provider took a pcap trace and doesn't see anything wrong
yet with the SMTP session, but will continue to research on Monday.
Michael
