Hi Wietse thanks for your appreciated input. Maybe I did not strike out enough that is mainly related to bounces generated locally by the system. So not about incoming bounces but locally generated. Based on your input I tried the following:
First defined a dedicated bounce and cleanup service bounce unix - - y - 0 bounce -o myhostname=[REDACTED] -o cleanup_service_name=bounce-cleanup bounce-cleanup unix n - - - 0 cleanup -o myhostname=[REDACTED] the idea was to have a dedicated hostname that will be used after @ in message-id when the local bounce is generated. So a local bounce could be distinguished from "normal" bounces. And this works, I can see that the domain part of the Message-ID in the bounce is [REDACTED] Then added a header_checks on top of the file /^Message-ID: <.+@[REDACTED]>$/ FILTER smtp:[our.bouncer.tld]:25 so the rule should only match if the bounce was generated locally. But seems that header_checks are not executed for local generated bounces. Even when I add -o header_checks=pcre:/path/to/file to the custom bounce-cleanup above, the bounce was always routed according to transport_maps and not through the FILTER from header_checks. As this did not work out I tried with a content_filter approach, but even with a very simple testscript I always got > Aug 28 15:57:46 prv-deliver postfix/pipe[2751934]: fatal: service bounce-router requires privileged operation for testing I even set user=root but no help (same fatal from postfix) Is there a possibility at all to route local generated bounces on postfix not according to the transport_maps? Any more ideas? Or maybe you spot on first view what I did wrong? :-) Cheers and have a good one tobi On Thu, 2025-08-28 at 07:15 -0400, Wietse Venema via Postfix-users wrote: > Tobi via Postfix-users: > > Hi list > > > > we have an issue that we're currently not able to solve because of > > the > > precedence of postfix maps. From the manpage I get that the order > > is > > > > For recipient domains in the default domain class: In order of > > decreasing precedence, the delivery transport is taken from 1) > > $transport_maps, 2) $sender_dependent_default_transport_maps or > > $default_transport. > > > > in our transport_map we have a dedicated nexthop config for all our > > customer domains. > > > > Now the problem is that we want to route bounces (especially > > locally > > generated bounces) to our customer domains via a dedicated bouncer > > system. So my first thought was to create a map for bounces > > > > @ smtp:[our.bouncer.tld]:25 > > > > and add it as sender_dependent_default_transport_maps to main.cf > > > > But this does only work if the RCPT domain has no entry in the > > transport_maps as transport_maps has precedence and therefore > > always > > "wins" if rcpt domain is in there. > > > > Does anyone have a creative idea how to solve that? > > > > Thanks for any input/idea/voodoo-magic ;-) > > The 'content_filter' feature and FILTER actions in > access tables or header/body_checks take precedence > over the above. > > If the bounces arrive via SMTP, an access map like > > <> filter smtp:[our.bouncer.tld]:25 > > check_policy_service can produce the same result. > > Otherwise it may be difficult. > > Wietse > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
