Hi, I'm using postfix 2.5.7 and having some trouble with the server
domain being appended to incomplete sender addresses. I have set
# postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header
append_at_myorigin = yes
append_dot_mydomain = no
local_header_rewrite_clients =
mydomain = nippynetworks.com
myorigin = $mydomain
remote_header_rewrite_domain =
rewrite_service_name = rewrite
I have amavisd-new installed, but having bumped up the logging I believe
this is happening on initial submission and not on the re-injection.
Log files show the client connecting, checking the FROM address and then:
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: <
office.mydomain.com[X.X.X.X]: RCPT TO: <asdf>
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: extract_addr: input: <asdf>
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: smtpd_check_addr: addr=asdf
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr request = rewrite
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr rule = local
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr address = asdf
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket:
wanted attribute: flags
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: flags
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value: 0
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket:
wanted attribute: address
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: address
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value:
a...@mydomain.com
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket:
wanted attribute: (list terminator)
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: (end)
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: rewrite_clnt: local: asdf ->
a...@mydomain.com
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr request = resolve
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr sender =
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr address =
a...@mydomain.com
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket:
wanted attribute: flags
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: flags
Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value: 0
I guess it must be a reasonably common situation to have a blackbox
mailserver with no local accounts and only virtual users? What do others
use in this config to ensure emails pass through unchanged (and then
bounced since of course the address is invalid). Note for various
reasons this mailserver needs to accept such incorrect emails and bounce
them later - (actually we have two configurations, most emails are
refused unless they have fully qualified addresses, the other
configuration is used for a subset of clients where we need to accept
all emails and bounce errors later)
Can anyone show me what I need to change please?
postconf -n:
address_verify_map = btree:/var/mta/verify
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
append_dot_mydomain = no
body_checks = regexp:/etc/postfix/body_checks
bounce_queue_lifetime = 2d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = lmtp-amavis:[127.0.2.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 2
default_recipient_limit = 500
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
home_mailbox = mbox
html_directory = /usr/share/doc/postfix-2.5.7/html
local_destination_concurrency_limit = 2
local_header_rewrite_clients =
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 30240000
mydestination =
mydomain = mydomain.com
myhostname = mail1.mydomain.com
mynetworks = 127.0.2.1/32, X.X.X.X/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
owner_request_special = no
parent_domain_matches_subdomains =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.7/readme
recipient_delimiter = +
sample_directory = /etc/postfix
sender_bcc_maps = hash:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_helo_timeout = 90
smtpd_client_connection_count_limit = 20
smtpd_data_restrictions = check_policy_service unix:private/my_policy
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access
regexp:/etc/postfix/test.regexp, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, check_sender_access
hash:/etc/postfix/relay_from_bodge, reject_unlisted_recipient,
reject_unlisted_sender, check_policy_service unix:private/my_policy,
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, check_helo_access
hash:/etc/postfix/helo_access, check_recipient_access
regexp:/etc/postfix/recipient_checks.regexp, check_sender_access
hash:/etc/postfix/sender_checks, check_sender_access
pcre:/etc/postfix/sender_checks.pcre, check_client_access
hash:/etc/postfix/client_checks, check_client_access
pcre:/etc/postfix/client_checks.pcre, reject_unauth_pipelining,
reject_invalid_helo_hostname, check_sender_access
hash:/etc/postfix/rhsbl_sender_domain_exceptions,
reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rhsbl_sender
rhsbl.sorbs.net, check_client_access
cidr:/etc/postfix/dnswl/postfix-dnswl-header-x, check_client_access
cidr:/etc/postfix/dnswl/postfix-dnswl-permit,
reject_unknown_reverse_client_hostname, check_sender_access
hash:/etc/postfix/disallow_internal_mail_from_external warn_if_reject
check_sender_mx_access hash:/etc/postfix/mx_access, reject_rbl_client
zen.spamhaus.org, reject_rbl_client psbl.surriel.com,
reject_rbl_client web.dnsbl.sorbs.net, reject_rbl_client
dnsbl.njabl.org, reject_rbl_client dnsbl-1.uceprotect.net,
warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org,
check_policy_service inet:127.0.2.1:10030, permit
smtpd_reject_unlisted_recipient = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/dovecot/server.pem
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_key_file = /etc/ssl/dovecot/server.key
smtpd_tls_security_level = may
soft_bounce = no
transport_maps =
proxy:mysql:/etc/postfix/mysql_mailbox_routing_transport.cf,
pcre:/etc/postfix/transport.pcre,
proxy:mysql:/etc/postfix/mysql_transport.cf
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1000
virtual_transport = maildrop
virtual_uid_maps = static:2000
The email is then accepted over a limited configuration defined here:
11027 inet n - n - - smtpd
-o smtpd_reject_unlisted_recipient=no
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_recipient_restrictions=$smtpd_recipient_restrictions_proxy
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-o smtpd_sasl_authenticated_header=yes
