[pfx] Re: content filter sends mail twice
Hi, On Mon, May 22, 2023 at 9:47 PM Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > On Mon, May 22, 2023 at 06:06:00PM -0400, Alex wrote: > > > Yes, I wasn't aware that's how it worked. I've now explicitly defined the > > bcc-user to use the same transport, but the problem is that there is one > > bcc-user but multiple transports, each with their own policy. > > This is where recipient_bcc_maps comes into play, you can have a bcc > recipient per domain or per-user (the latter preserves the message > envelope as part of the BCC side-channel). > > Or (in a multi-instance configuration), you can add Bcc recipients > in a per-domain output (back-end) instance. > recipient_bcc_maps worked beautifully, thanks. Thanks so much for so selflessly helping the community. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
On Mon, May 22, 2023 at 06:06:00PM -0400, Alex wrote: > Yes, I wasn't aware that's how it worked. I've now explicitly defined the > bcc-user to use the same transport, but the problem is that there is one > bcc-user but multiple transports, each with their own policy. This is where recipient_bcc_maps comes into play, you can have a bcc recipient per domain or per-user (the latter preserves the message envelope as part of the BCC side-channel). Or (in a multi-instance configuration), you can add Bcc recipients in a per-domain output (back-end) instance. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
Hi,
>
> The BCC recipient is processed in much the same way as any other message
> recipient. The only special handling that comes to mind is DSN, where
> this recipient is treated as if NOTIFY=NEVER were specified.
>
> > local_transport = error:5.1.1 Mailbox unavailable
> > default_transport = smtp:[127.0.0.1]:10024
> > relay_transport = $default_transport
> > virtual_transport = $default_transport
> > transport_maps = ${indexed}transport
>
> Perhaps the BCC recipient (domain) did not match any transport
> table keys, but the real recipient did?
>
Yes, I wasn't aware that's how it worked. I've now explicitly defined the
bcc-user to use the same transport, but the problem is that there is one
bcc-user but multiple transports, each with their own policy.
>
> > /etc/postfix-120/transport
> > domain1.comalex:[127.0.0.1]:10029
>
> What is the domain part of the always BCC address.
>
It's the same as the hostname, while domain1.com (and domain2, domain3,
etc) each use their own transport. Associating bcc-user with the policy
that corresponds with domain would help me to better understand how the
policy is being applied to users and be able to view header details as if
they were to the actual user. Hopefully that makes sense. Email to one
domain may be blocked with a given policy, while email to another domain
may not, so it would be good to have the same policy applied to the always
BCC user as every other user using that transport.
Thanks,
Alex
>
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
On Sun, May 21, 2023 at 02:05:31PM -0400, Alex via Postfix-users wrote:
> Can I follow up on this? I can't figure out why always_bcc mail is being
> sent through the default content filter while mail designated for my
> domain-specific transport is sent through another in my multi-instance
> postfix config. I'd like the always_bcc user mail to still benefit from
> being filtered through amavis, but through the transport designed for the
> domain for which it was intended.
The BCC recipient is processed in much the same way as any other message
recipient. The only special handling that comes to mind is DSN, where
this recipient is treated as if NOTIFY=NEVER were specified.
> local_transport = error:5.1.1 Mailbox unavailable
> default_transport = smtp:[127.0.0.1]:10024
> relay_transport = $default_transport
> virtual_transport = $default_transport
> transport_maps = ${indexed}transport
Perhaps the BCC recipient (domain) did not match any transport
table keys, but the real recipient did?
>
> /etc/postfix-120/transport
> domain1.comalex:[127.0.0.1]:10029
What is the domain part of the always BCC address.
> May 21 13:40:12 cable postfix-120/qmgr[3714211]: 494948B53: from=<
> mysqlstud...@gmail.com>, size=3214, nrcpt=2 (queue active)
This message has two recipients, one original and one BCC.
> May 21 13:40:12 cable amavis[3558243]: (3558243-06) ESMTP [127.0.0.1]:10024
> /var/spool/amavisd/tmp/amavis-20230521T020900-3558243-jefENl_V: <
> mysqlstud...@gmail.com> -> SIZE=3214 Received:
> from cable.example.com ([145.239.111.120]) by localhost (cable.example.com
> [127.0.0.1]) (amavis, port 10024) with ESMTP for ;
> Sun, 21 May 2023 13:40:12 -0400 (EDT)
The Bcc address does not match
"domain1.com", and unsurprisingly went to the default transport.
> May 21 13:40:18 cable postfix/alex/smtp[3719703]: 494948B53: to=<
> jre...@domain1.com>, relay=127.0.0.1[127.0.0.1]:10029, delay=6.9,
> delays=1.2/0.02/0.01/5.7, dsn=2.0.0, status=sent (250 2.0.0 from
> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0671630014B43)
You neglected to share the other delivery log entry. Presumably BCC
address via port 10024.
The BCC address does not "inherit" the transport entry of any particular
original recipient of the message, it gets resolved to a
transport:nexthop "naturally".
--
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
Hi,
Can I follow up on this? I can't figure out why always_bcc mail is being
sent through the default content filter while mail designated for my
domain-specific transport is sent through another in my multi-instance
postfix config. I'd like the always_bcc user mail to still benefit from
being filtered through amavis, but through the transport designed for the
domain for which it was intended.
local_transport = error:5.1.1 Mailbox unavailable
default_transport = smtp:[127.0.0.1]:10024
relay_transport = $default_transport
virtual_transport = $default_transport
transport_maps = ${indexed}transport
/etc/postfix-120/transport
domain1.comalex:[127.0.0.1]:10029
I've tried adding "receive_override_options = no_address_mappings" in
main.cf but it seems to be ignored.
I thought it might be helpful to show the log entries (except for the more
involved amavisd entries). cable.example.com is my mail router. domain1.com
is the recipient domain. I believe this shows how the mail goes from
gmail.com to the domain1.com transport on port 10029 (amavisd). Both emails
were then sent back to postfix-out on 10025 to be relayed on (or the
always_bcc user to be delivered locally).
Maybe this is even the preferred approach? I'm not used to seeing it this
way, but I would think the transport corresponding with the recipient would
be the one that should be used for the always_bcc user.
May 21 13:40:12 cable postfix-120/qmgr[3714211]: 494948B53: from=<
mysqlstud...@gmail.com>, size=3214, nrcpt=2 (queue active)
May 21 13:40:12 cable amavis[3558243]: (3558243-06) ESMTP [127.0.0.1]:10024
/var/spool/amavisd/tmp/amavis-20230521T020900-3558243-jefENl_V: <
mysqlstud...@gmail.com> -> SIZE=3214 Received:
from cable.example.com ([145.239.111.120]) by localhost (cable.example.com
[127.0.0.1]) (amavis, port 10024) with ESMTP for ;
Sun, 21 May 2023 13:40:12 -0400 (EDT)
May 21 13:40:12 cable amavis[3558246]: (3558246-06) ESMTP [127.0.0.1]:10029
/var/spool/amavisd/tmp/amavis-20230521T032452-3558246-T4MBowCR: <
mysqlstud...@gmail.com> -> Received: from
cable.example.com ([145.239.111.120]) by localhost (cable.example.com
[127.0.0.1]) (amavis, port 10029) with ESMTP for ; Sun,
21 May 2023 13:40:12 -0400 (EDT)
May 21 13:40:18 cable amavis[3558246]: (3558246-06) yz4rjN5FRAbF FWD from <
mysqlstud...@gmail.com> -> , BODY=7BIT 250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0671630014B43
May 21 13:40:18 cable amavis[3558243]: (3558243-06) 1GoUW-HU8Lsg FWD from <
mysqlstud...@gmail.com> -> , BODY=7BIT 250
2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as
070A730014B58
May 21 13:40:18 cable postfix/alex/smtp[3719703]: 494948B53: to=<
jre...@domain1.com>, relay=127.0.0.1[127.0.0.1]:10029, delay=6.9,
delays=1.2/0.02/0.01/5.7, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0671630014B43)
May 21 13:40:19 cable postfix-out/smtp[3719782]: 0671630014B43: to=<
jre...@domain1.com>, relay=68.195.111.42[68.195.111.42]:25, delay=1.2,
delays=0.01/0.02/0.82/0.33, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
E293A8078BEB)
Thanks,
Alex
>> > Maybe my issue is that the always_bcc user is going through a transport
>> at
>> > all, and instead should just be delivered locally, or perhaps processed
>> > only by the local_transport? How can I do that?
>> >
>> > I recall many years ago doing that, before I set up multi-instance
>> postfix.
>>
>> A not uncommon issue is that virtual alias expansion or other address
>> rewriting actions are performed twice, once on each side of a
>> content_filter. This is covered in the "Advanced content filter:
>> requesting that all mail is filtered" section of:
>>
>> http://www.postfix.org/FILTER_README.html#advanced_filter
>>
>> (receive_override_options).
>>
>> And of course you can always go multi-instance, and configure suitable
>> rewriting for the pre and post filter instances.
>>
>
> Yes, that's exactly what I'd like to do. I have multi-instance already
> configured, but adding always_bcc to postfix-out doesn't seem to work.
>
> I've also just experimented with "receive_override_options =
> no_address_mappings" (I also remember doing that many years ago, but would
> have never been able to figure that out on my own this time), and it now
> just doesn't actually create a copy of the email for the always_bcc user.
>
> Ideas on how to do it in my postfix-out instance? Ideally, I'd like it to
> have been processed by amavis so I can benefit from the additional header
> info.
>
>
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
Viktor, On Thu, May 18, 2023 at 7:16 PM Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > On Thu, May 18, 2023 at 09:20:38AM -0400, Alex via Postfix-users wrote: > > > Maybe my issue is that the always_bcc user is going through a transport > at > > all, and instead should just be delivered locally, or perhaps processed > > only by the local_transport? How can I do that? > > > > I recall many years ago doing that, before I set up multi-instance > postfix. > > A not uncommon issue is that virtual alias expansion or other address > rewriting actions are performed twice, once on each side of a > content_filter. This is covered in the "Advanced content filter: > requesting that all mail is filtered" section of: > > http://www.postfix.org/FILTER_README.html#advanced_filter > > (receive_override_options). > > And of course you can always go multi-instance, and configure suitable > rewriting for the pre and post filter instances. > Yes, that's exactly what I'd like to do. I have multi-instance already configured, but adding always_bcc to postfix-out doesn't seem to work. I've also just experimented with "receive_override_options = no_address_mappings" (I also remember doing that many years ago, but would have never been able to figure that out on my own this time), and it now just doesn't actually create a copy of the email for the always_bcc user. Ideas on how to do it in my postfix-out instance? Ideally, I'd like it to have been processed by amavis so I can benefit from the additional header info. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
On Thu, May 18, 2023 at 09:20:38AM -0400, Alex via Postfix-users wrote: > Maybe my issue is that the always_bcc user is going through a transport at > all, and instead should just be delivered locally, or perhaps processed > only by the local_transport? How can I do that? > > I recall many years ago doing that, before I set up multi-instance postfix. A not uncommon issue is that virtual alias expansion or other address rewriting actions are performed twice, once on each side of a content_filter. This is covered in the "Advanced content filter: requesting that all mail is filtered" section of: http://www.postfix.org/FILTER_README.html#advanced_filter (receive_override_options). And of course you can always go multi-instance, and configure suitable rewriting for the pre and post filter instances. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
Hi, Maybe my issue is that the always_bcc user is going through a transport at all, and instead should just be delivered locally, or perhaps processed only by the local_transport? How can I do that? I recall many years ago doing that, before I set up multi-instance postfix. Thanks, Alex On Thu, May 18, 2023 at 8:00 AM Alex wrote: > > > On Thu, May 18, 2023 at 4:39 AM Matus UHLAR - fantomas via Postfix-users < > postfix-users@postfix.org> wrote: > >> On 17.05.23 22:11, Alex via Postfix-users wrote: >> >I'm using postfix (postmulti) with amavisd and trying to have separate >> >content filters based on the domain so I can make decisions on the >> destiny >> >of the email from within amavisd. Currently all mail is processed by the >> >same amavisd policy_bank. >> >> so, amavis returns mail to postfix always the same way? >> >> > The problem now is that mail is being sent >> >through the content filter designated in my transport map as well as the >> >default transport filter. >> >> So, when amavis sends mail back to postfix, it gets filtered again. >> > > No, looking at this again, I think what's happening is the always_bcc user > is being sent through 10024, while the actual recipient is being sent > through 10029: > > May 18 06:57:43 cable amavis[2800375]: (2800375-01) ESMTP > [127.0.0.1]:10024 > /var/spool/amavisd/tmp/amavis-20230518T065743-2800375-wHC33xAt: < > mysqlstud...@gmail.com> -> SIZE=3161 > Received: from cable.example.com ([145.239.XXX.120]) by localhost ( > cable.example.com [127.0.0.1]) (amavis, port 10024) with ESMTP for < > bcc-u...@cable.example.com>; Thu, 18 May 2023 06:57:43 -0400 (EDT) > > May 18 06:57:43 cable amavis[2800376]: (2800376-01) ESMTP > [127.0.0.1]:10029 > /var/spool/amavisd/tmp/amavis-20230518T065743-2800376-nYSpx4LR: < > mysqlstud...@gmail.com> -> Received: from > cable.example.com ([145.239.XXX.120]) by localhost (cable.example.com > [127.0.0.1]) (amavis, port 10029) with ESMTP for ; Thu, > 18 May 2023 06:57:43 -0400 (EDT) > > Before I started experimenting with multiple ports, the always_bcc user > and the actual user(s) would be part of the same transport message. > > Thanks, > Alex > > > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
On Thu, May 18, 2023 at 4:39 AM Matus UHLAR - fantomas via Postfix-users < postfix-users@postfix.org> wrote: > On 17.05.23 22:11, Alex via Postfix-users wrote: > >I'm using postfix (postmulti) with amavisd and trying to have separate > >content filters based on the domain so I can make decisions on the destiny > >of the email from within amavisd. Currently all mail is processed by the > >same amavisd policy_bank. > > so, amavis returns mail to postfix always the same way? > > > The problem now is that mail is being sent > >through the content filter designated in my transport map as well as the > >default transport filter. > > So, when amavis sends mail back to postfix, it gets filtered again. > No, looking at this again, I think what's happening is the always_bcc user is being sent through 10024, while the actual recipient is being sent through 10029: May 18 06:57:43 cable amavis[2800375]: (2800375-01) ESMTP [127.0.0.1]:10024 /var/spool/amavisd/tmp/amavis-20230518T065743-2800375-wHC33xAt: < mysqlstud...@gmail.com> -> SIZE=3161 Received: from cable.example.com ([145.239.XXX.120]) by localhost (cable.example.com [127.0.0.1]) (amavis, port 10024) with ESMTP for ; Thu, 18 May 2023 06:57:43 -0400 (EDT) May 18 06:57:43 cable amavis[2800376]: (2800376-01) ESMTP [127.0.0.1]:10029 /var/spool/amavisd/tmp/amavis-20230518T065743-2800376-nYSpx4LR: < mysqlstud...@gmail.com> -> Received: from cable.example.com ([145.239.XXX.120]) by localhost (cable.example.com [127.0.0.1]) (amavis, port 10029) with ESMTP for ; Thu, 18 May 2023 06:57:43 -0400 (EDT) Before I started experimenting with multiple ports, the always_bcc user and the actual user(s) would be part of the same transport message. Thanks, Alex ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: content filter sends mail twice
On 17.05.23 22:11, Alex via Postfix-users wrote:
I'm using postfix (postmulti) with amavisd and trying to have separate
content filters based on the domain so I can make decisions on the destiny
of the email from within amavisd. Currently all mail is processed by the
same amavisd policy_bank.
so, amavis returns mail to postfix always the same way?
The problem now is that mail is being sent
through the content filter designated in my transport map as well as the
default transport filter.
So, when amavis sends mail back to postfix, it gets filtered again.
default_transport = smtp:[127.0.0.1]:10024
local_transport = error:5.1.1 Mailbox unavailable
relay_transport = $default_transport
transport_maps = ${indexed}transport
virtual_transport = $default_transport
/etc/postfix-120/transport:
example.comrelay:[127.0.0.1]:10029
How do I exclude example.com from also being sent through 10024? Is it
necessary to then disable the default transport altogether and explicitly
list all relay_domains?
I recall having some difficulty with transport maps when I first set up
this multi-instance postfix, and Viktor helped me. I had content_filter
defined as:
content_filter = smtp-amavis[127.0.0.1]:10024
and the following service defined in master.cf:
smtp-amavis unix- - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
disable content filter for the instance of postfix that accepts mail from
amavis. You can do that here by using:
-o content_filter=
even without using postmulti.
but that was disabled when I moved to a multi-instance postfix in favor of
transport maps, but I think I'm still confused.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you to install Windows. -- Matthew D. Fuller
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
