Thanks again Jason - I get this using your specified telnet test:
500 Hash invalid in SRS address.
So I have been playing around with it more now in light of this new
information - here is what I have found:
* It works and delivers mail when the "-I" switch is NOT present (this
has been my usage in all examples). However, when I try to decode
in this mode I get "500 Hash invalid in SRS address." when testing
in telnet - which could explain why bounces are not working. Telnet
encode tests on port 10001 work fine.
* When the "-I" switch IS present, it does not deliver mail. However,
it passes both telnet encode/decode tests. Here is the delivery
problem I see in the logs:
Feb 3 16:31:00 quimby0 postfix/smtpd[32357]: connect from
homer.terabytemedia.com[74.206.115.225]
Feb 3 16:31:00 quimby0 postfix/smtpd[32357]: warning:
tcp:127.0.0.1:10002 lookup error for "~us...@forwardingdomain.com~"
Feb 3 16:31:00 quimby0 postfix/smtpd[32357]: NOQUEUE: reject: RCPT
from homer.terabytemedia.com[74.206.115.225]: 451 4.3.0
<mikeboun...@acermanuals.com>: Temporary lookup failure;
from=<mikemc@terabyte[added_to_prevent_spam]media.com>
to=<~us...@forwardingdomain.com~> proto=ESMTP
helo=<homer.terabytemedia.com>
Feb 3 16:31:00 quimby0 postfix/smtpd[32357]: disconnect from
homer.terabytemedia.com[74.206.115.225]
So I am now getting some "warning: tcp:127.0.0.1:10002 lookup error"
with the -I switch enabled - but it passes telnet encode/decode tests.
I am confused why it is logging a decoding error with -I as opposed to
without -I in the logs above - you would think it would do that in
either case since ~us...@forwardingdomain.com~ is not SRS encoded. One
thing that might explain this - when testing on telnet with -I off, I
get a "400 external domains are ignored" error (maybe 4xx errors are
warnings to Postfix and it continues to send and moves on to encoding?)
- with -I on, I get a "500 Not an SRS address." which I assume is fatal.
One fix might be to patch pfix-srsd (I don't program in C but could
probably figure it out) to return a 400 error for the "500 Not an SRS
address.". I cannot think of any way that opens me up to problems since
I assume the address would just not be rewritten by Postfix in this case.
Any ideas?
Michael