Re: Relay mail from virtual domains and issue when the sender and recipient is on same server

[Viktor Dukhovni]

> On Apr 14, 2018, at 12:23 AM, Christos Chatzaras  wrote:
> 
> I think the only way to fix this is to have 2 postfix instances, right? One 
> for incoming and one for outgoing.

If you want to round-trip mail through an external SMTP server,
and then bring it back to the same host, then yes, there typically
need to be two queues (Postfix instances), one that sends all mail
out, and another that accepts and delivers.

One can play games with rewriting, so that mail originally rewrites
to a domain that goes off-box, possibly rewrites in the outbound
smtp delivery agent smtp_generic_maps, and then returns into an
smtpd(8)/cleanup(8) pair that does no or different rewriting.
That could make it possible to use a single queue, because the
destination domain would be different for returned mail than
for originally incoming mail.

-- 
Viktor.

Re: Relay mail from virtual domains and issue when the sender and recipient is on same server

[Christos Chatzaras]

More info to make it clearer:

The 'relay denied' I wrote in my previous is not in smtp.example.com logs.

E-mail from u...@example.com to u...@example.com :

--
client (1) --> server1.example.com (2) --> smtp.example.com (3) --> 
server1.example.com (4)
--

The 'relay denied' message is on server1.example.com logs at step (4).

I can solve the 'relay denied' by changing main.cf at server1.example.com from:

--
smtpd_relay_restrictions =
  permit_sasl_authenticated,
  defer_unauth_destination
--

to:

--
mynetworks = IP_address_for_smtp.example.com

smtpd_relay_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  defer_unauth_destination
--


But then I have an infinitive loop:

--
client --> server1.example.com --> smtp.example.com --> server1.example.com --> 
smtp.example.com -->  server1.example.com --> smtp.example.com --> ...
--


I think the only way to fix this is to have 2 postfix instances, right? One for 
incoming and one for outgoing.

Relay mail from virtual domains and issue when the sender and recipient is on same server

[Christos Chatzaras]

What I want to do:

I want to disable local delivery for e-mails from virtual domains / mailboxes 
when sender / recipient is on same server. I want these e-mails to pass through 
a relay.

--

My setup :

I have postfix and dovecot on server1.example.com and smtp.example.com acts as 
relay for server1.example.com. MX for example.com points to server1.example.com 
so incoming e-mails go to this server. Outgoing e-mails for domains not hosted 
in server1.example.com go through the relay. Now I want the e-mails that sender 
and recipient is on the same server (server1.example.com) to go through the 
relay (smtp.example.com). For example, currently I send e-mail from 
u...@example.com to u...@example.com and it does local delivery (e-mail does 
not leave server1.example.com). I want the e-mail to pass through relay 
smtp.example.com

The problem is that if I remove domain example.com from virtual_mailbox_domains 
then e-mails goes from server1.example.com to smtp.example.com but when it 
comes to server1.example.com it says "Relay denied" which I believe is related 
to postfix don't consider that is the server that actually hosts this domain 
(final destination).

--

/var/log/mailog :

Apr 12 19:49:08 server1 postfix/smtpd[24278]: connect from 
unknown[62.103.227.xxx]
Apr 12 19:49:08 server1 postfix/smtpd[24278]: Anonymous TLS connection 
established from unknown[62.103.227.xxx]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 12 19:49:08 server1 dovecot: auth: 
passwd-file(u...@example.com,62.103.227.xxx): unknown user
Apr 12 19:49:09 server1 postfix/smtpd[24278]: 24B2A2730A: 
client=unknown[62.103.227.xxx], sasl_method=PLAIN, 
sasl_username=u...@example.com
Apr 12 19:49:09 server1 postfix/cleanup[33817]: 24B2A2730A: 
message-id=<671ae13c-dbce-449e-922c-011294a59...@example.com>
Apr 12 19:49:09 server1 postfix/qmgr[77128]: 24B2A2730A: 
from=, size=740, nrcpt=1 (queue active)
Apr 12 19:49:09 server1 dovecot: lmtp(40507): Connect from local
Apr 12 19:49:09 server1 dovecot: 
lmtp(u...@example.com)<40507>: sieve: 
msgid=<671ae13c-dbce-449e-922c-011294a59...@example.com>: stored mail into 
mailbox 'INBOX'
Apr 12 19:49:09 server1 dovecot: lmtp(40507): Disconnect from local: Client has 
quit the connection (state = READY)
Apr 12 19:49:09 server1 postfix/lmtp[34621]: 24B2A2730A: to=, 
relay=server1.example.com[private/dovecot-lmtp], delay=0.24, 
delays=0.22/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0  
w+0rEgWOz1o7ngAAPz4RRA Saved)
Apr 12 19:49:09 server1 postfix/qmgr[77128]: 24B2A2730A: removed

postconf -Mf:

smtp   inet  n   -   n   -   -   smtpd
-o content_filter=filter:
-o receive_override_options=no_address_mappings
submission inet  n   -   n   -   -   smtpd
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps  inet  n   -   n   -   -   smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup fifo  n   -   n   60  1   pickup
cleanupunix  n   -   n   -   0   cleanup
qmgr   fifo  n   -   n   300 1   qmgr
tlsmgr unix  -   -   n   1000?   1   tlsmgr
rewriteunix  -   -   n   -   -   trivial-rewrite
bounce unix  -   -   n   -   0   bounce
defer  unix  -   -   n   -   0   bounce
trace  unix  -   -   n   -   0   bounce
verify unix  -   -   n   -   1   verify
flush  unix  n   -   n   1000?   0   flush
proxymap   unix  -   -   n   -   -   proxymap
proxywrite unix  -   -   n   -   1   proxymap
smtp   unix  -   -   n   -   -   smtp
relay  unix  -   -   n   -   -   smtp
-o smtp_fallback_relay=
showq  unix  n   -   n   -   -   showq
error  unix  -   -   n   -   -   error
retry  unix  -   -   n   -   -   error
discardunix  -   -   n   -   -   discard
local  unix  -   n   n   -   -   local
virtualunix  -   n   n   -   -   virtual
lmtp   unix  -   -   n   -   -   lmtp
anvil  unix  -   -   n   -   1   anvil
scache unix  -   -   n   -   1   scache
filter unix  -   n   n   -   -   pipe flags=Rq
user=filter argv=/usr/local/etc/bogofilter/postfix-filter.sh -f ${sender}
-- ${recipient}

--

postconf -n:

Re: problem with sending emails from second IP'

[Wietse Venema]

Viktor Dukhovni:
> 
> 
> > On Apr 13, 2018, at 7:25 AM, Poliman - Serwis  wrote:
> > 
> > Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal:
> >   smtp_connect_addr: bad smtp_bind_address parameter:
> >   54.38.202.128,: Name or service not known
> 
> That "," there looks like it does not belong.  Something's wrong with your 
> smtp_bind_address syntax.
> 
> > Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal:
> >   smtp_connect_addr: bad smtp_bind_address parameter:
> >   54.38.202.128:10025,: Name or service not known
> 
> Ditto.

Good job. smtp_bind_address needs an IP address, no
commas, no TCP ports.

Wietse

Re: problem with sending emails from second IP'

[Viktor Dukhovni]

> On Apr 13, 2018, at 7:25 AM, Poliman - Serwis  wrote:
> 
> Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal:
>   smtp_connect_addr: bad smtp_bind_address parameter:
>   54.38.202.128,: Name or service not known

That "," there looks like it does not belong.  Something's wrong with your 
smtp_bind_address syntax.

> Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal:
>   smtp_connect_addr: bad smtp_bind_address parameter:
>   54.38.202.128:10025,: Name or service not known

Ditto.

-- 
Viktor.

Re: problem with sending emails from second IP'

[Poliman - Serwis]

Thank you for answer.
About 1st:
root@s1:/tmp/roundcubemail-1.3.6# ifconfig
ens3  Link encap:Ethernet  HWaddr fa:16:3e:21:c7:80
  inet addr:145.239.29.218  Bcast:145.239.29.218
Mask:255.255.255.255
  inet6 addr: fe80::f816:3eff:fe21:c780/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:6751087 errors:0 dropped:0 overruns:0 frame:0
  TX packets:6952810 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:1144198503 (1.1 GB)  TX bytes:14201583464 (14.2 GB)

ens3:0Link encap:Ethernet  HWaddr fa:16:3e:21:c7:80
  inet addr:54.38.202.128  Bcast:54.38.202.128  Mask:255.255.255.255
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:65536  Metric:1
  RX packets:79544422 errors:0 dropped:0 overruns:0 frame:0
  TX packets:79544422 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1
  RX bytes:69690489045 (69.6 GB)  TX bytes:69690489045 (69.6 GB)


I have changes dns for the hostname of the server: reverse and a records in
dns and modify /etc/hosts file. I can ping anything using this interface:
root@s1:/usr/share/roundcube/config# ping -I 54.38.202.128 google.com
PING google.com (172.217.18.206) from 54.38.202.128 : 56(84) bytes of data.
64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=1 ttl=49
time=28.8 ms
64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=2 ttl=49
time=28.8 ms
64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=3 ttl=49
time=28.8 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 28.819/28.820/28.823/0.196 ms

About 2nd:
For Postfix I have added in main.cf the line smtp_bind_address like below:
inet_interfaces = all
smtp_bind_address = 54.38.202.128
inet_protocols = all

In master.cf I tried add above line but it didn't work or I did something
wrong. In my case - Postfix 3.1.0 - part with smtp_bind_address (which is
there by default) looks like below:
amavis unix  -   -   y   -   2   smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
   * -o smtp_bind_address=*
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes


127.0.0.1:10027 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtp_send_xforward_command=yes
-o milter_default_action=accept
-o milter_macro_daemon_name=ORIGINATING
-o disable_dns_lookups=yes

I tried add after equal sign the ip address:

* -o smtp_bind_address=54.38.202.128 *

but without success, so I decided to try in main.cf.


2018-04-13 15:37 GMT+02:00 Wietse Venema :

> Poliman - Serwis:
> > Strange thing. Google says "spf=pass", mailing works but in mail.err
> file I
> > have:
> >
> > Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: smtp_connect_addr: bad
> > smtp_bind_address parameter: 54.38.202.128,: Name or service not known
> > Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: smtp_connect_addr: bad
> > smtp_bind_address parameter: 54.38.202.128:10025,: Name or service not
> > known
> >
> >
> > As I mentioned in earlier message I set smtp_bind_address = 54.38.202.128
> > in /etc/postfix/main.cf.
>
> 1) You need to 'ifconfig' 54.38.202.128 on your network interface,
> otherwise how would your network stack know how to deliver packets
> for that IP address?
>
> 2) You made a mistake when setting the IP address in master.cf, but
> you failed to show us what you did, so no-one can help with that.
>
> Wietse
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*

Re: problem with sending emails from second IP'

[Wietse Venema]

Poliman - Serwis:
> Strange thing. Google says "spf=pass", mailing works but in mail.err file I
> have:
> 
> Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: smtp_connect_addr: bad
> smtp_bind_address parameter: 54.38.202.128,: Name or service not known
> Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: smtp_connect_addr: bad
> smtp_bind_address parameter: 54.38.202.128:10025,: Name or service not
> known
> 
> 
> As I mentioned in earlier message I set smtp_bind_address = 54.38.202.128
> in /etc/postfix/main.cf.

1) You need to 'ifconfig' 54.38.202.128 on your network interface,
otherwise how would your network stack know how to deliver packets
for that IP address?

2) You made a mistake when setting the IP address in master.cf, but
you failed to show us what you did, so no-one can help with that.

Wietse

Re: problem with sending emails from second IP'

[Poliman - Serwis]

Strange thing. Google says "spf=pass", mailing works but in mail.err file I
have:

Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: smtp_connect_addr: bad
smtp_bind_address parameter: 54.38.202.128,: Name or service not known
Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: smtp_connect_addr: bad
smtp_bind_address parameter: 54.38.202.128:10025,: Name or service not
known


As I mentioned in earlier message I set smtp_bind_address = 54.38.202.128
in /etc/postfix/main.cf.

2018-04-12 16:29 GMT+02:00 Wietse Venema :

> 2018-04-12 15:39 GMT+02:00 Wietse Venema :
>
> > 2018-04-12 12:56 GMT+02:00 Wietse Venema :
> > > Please define "not working".
> >
> > Poliman - Serwis:
> > > main ip - 145.239.29.218
> > > failover ip - 54.38.202.128
> > > Not working means mails do not outbound. This same as for line
> > > inet_interfaces = 54.38.202.128.
> >
> > As documented in http://www.postfix.org/postconf.5.html#inet_interfaces,
> > on a multi-homed host DO NOT restrict inet_interfaces, instead:
> > - specify the server IP address in master.cf.
> > - specify the client IP address with smtp_bind_address.
> >
> > No further support without error messages.
>
> Poliman - Serwis:
> > Thank you for answer. In logs I have this same line which I pasted. I can
>
> Please do not ask me to go read the whole thread.
>
> What is the POSTFIX error message for the configuration cited above?
>
> How does POSTFIX know that it should send mail from the main IP address?
>
> How does POSTFIX know that it should send mail from the failover IP
> address?
>
> Wietse
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*

Re: Postfix [Postfwd2 error]

[Bill Cole]

On 12 Apr 2018, at 18:20, Viktor Dukhovni wrote:

On Apr 12, 2018, at 5:57 PM, Bill Cole 
 wrote:


postfwd2/policy[4807]: warning: Complex regular subexpression 
recursion limit (32766) exceeded at 
/opt/postfix/postfwd/sbin/postfwd2 line 1168, <$fh> line 230.?


Perhaps ask whoever maintains "postfwd2" what they mean by "<$fh>" ?


The "<$fh>" is not the issue. The problem is on line 1168 of the 
postfwd2
Perl script, while matching a regular expression against line 230 of 
the

file handle <$fh>.


One would expect that I'd recognize that error message but it seems that 
I need to write MORE bad Perl. In my defense, I don't use postfwd2 and 
didn't know it was written in Perl.



So the thing to check with the author of postfwd2 is what's going on
with the regular expression on line 1168.


That is a scary one. It seems like an attempt to express all of the 
leniencies in a config format in a single regex, where a preliminary 
canonicalization (reducing all runs of whitespace to a single space 
maybe?) would eliminate the need for some of the complexities.


But yes, that's really an issue to take up with the author and/or other 
postfwd2 users. The postfwd.org site indicates that a user mailing list 
exists.