On 08.09.25 18:37, John, Chris via Postfix-users wrote:
I have a postfix 3.5.2 system that accepts messages from internal hosts
and relays to internal destinations and to an email perimeter that
delivers to external (Internet) domains.
The issue I'm seeing is regarding external domains that do not follow DNS
best practices and have CNAME records published for the same domain that
their MX records are published for.
This is not about following best practices. This is clearly violation of DNS
What I end up with is the recipient being changed from the intended domain
to the value of the published CNAME.
The intended external domain is: bizpro.cn
afaik sendmail does (or at least did this.
bizpro.cn. 600 IN CNAME jsdzwy233com.gotoip2.com.
jsdzwy233com.gotoip2.com. 900 IN CNAME web.b51.abc188.com.
I have no intentional address rewriting on this system, and based on that,
I do not expect this behavior. Is there a known solution besides adding a
manual rewrite for this recipient domain?
Don't fix what passing server has broken. And don't fix what recipient has
broken.
You may need to add their IP to debug_peer_list to show that the sender
rewrote packets. Or, disable TLS from their IP and capture communication on
network level.
Sanitized mail log below.
Sep 2 01:35:39 mailhost postfix/smtpd[25660]: 4cGDwq3YqbzjB8nV:
client=unknown[x.x.x.x]
Sep 2 01:35:39 mailhost postfix/cleanup[26989]: 4cGDwq3YqbzjB8nV: warning: header Received: from
use1otomprd01 (unknown [x.x.x.x])??by mailhost (Postfix) with ESMTPS id 4cGDwq3YqbzjB8nV??for
<[email protected]>; Tue, 2 Sep 2025 0 from unknown[x.x.x.x];
from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<use1otomprd01>
Sep 2 01:35:39 mailhost postfix/cleanup[26989]: 4cGDwq3YqbzjB8nV: warning: header Received:
(from otosadm@localhost)??by use1otomprd01 (8.15.2/8.14.7/Submit) id 5825ZbvF012075??for
[email protected]; Tue, 2 Sep 2025 01:35:37 -0400 from unknown[x.x.x.x];
from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<use1otomprd01>
Sep 2 01:35:39 mailhost postfix/cleanup[26989]: 4cGDwq3YqbzjB8nV:
message-id=<202509020535.5825ZbvF012075@use1otomprd01>
Sep 2 01:35:39 mailhost postfix/cleanup[26989]: 4cGDwq3YqbzjB8nV: warning: header From:
[email protected] from unknown[x.x.x.x]; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<use1otomprd01>
Sep 2 01:35:39 mailhost postfix/qmgr[8958]: 4cGDwq3YqbzjB8nV:
from=<[email protected]>, size=952387, nrcpt=1 (queue active)
Sep 2 01:35:39 mailhost postfix/smtp[27076]: 4cGDwq3YqbzjB8nV:
to=<[email protected]>,
relay=externaldelivery.example.com[y.y.y.y]:25, delay=0.35, delays=0.09/0/0.08/0.18,
dsn=2.0.0, status=sent (250 ok: Message 3591085 accepted)
On 09.09.25 11:27, John, Chris via Postfix-users wrote:
The particular internal sender host is running Sendmail. Their admin sent me
their log for the specific queueID my system accepted.
[root@use1otomprd01 /var/log]# fgrep '5825ZbvF01207' maillog*
maillog-20250907:Sep 2 01:35:37 use1otomprd01 sendmail[12075]: 5825ZbvF012075:
Authentication-Warning: use1otomprd01: otosadm set sender to
[email protected] using -f
maillog-20250907:Sep 2 01:35:39 use1otomprd01 sendmail[12075]: 5825ZbvF012075:
[email protected], size=936398, class=0, nrcpts=1,
msgid=202509020535.5825ZbvF012075@use1otomprd01, relay=otosadm@localhost
maillog-20250907:Sep 2 01:35:39 use1otomprd01 sendmail[12075]: 5825ZbvF012075:
[email protected], [email protected]
(17423/1036), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=966398,
relay=externaldelivery.example.com[y.y.y.y], dsn=2.0.0, stat=Sent (Ok: queued
as 4cGDwq3YqbzjB8nV)
I presumed that the sendmail system did not rewrite the recipient domain
because it (the rewrite) was not present in the sendmail log.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
