Wietse Venema:
> Vieri Di Paola:
> > On Wed, Apr 15, 2020 at 3:35 PM Wietse Venema <wie...@porcupine.org> wrote:
> > >
> > > Vieri Di Paola:
> > > > Hi,
> > > >
> > > > I'm using postfix as an smtp filter (antispam) which then forwards the
> > > > messages to another mail server with user mailboxes.
> > > >
> > > > This server has private IP addr. 10.0.0.1, and the mailbox server has
> > > > private IP addr. 10.0.0.10.
> > > > So, external e-mails are first received by this filter and then
> > > > forwarded to the mailboxes.
> > > >
> > > > It has been working fine for years, but a few days ago some e-mails
> > > > were not coming in anymore, and the logs on the filtering server show
> > > > messages such as this one:
> > > >
> > > > postfix/smtp[13093]: A306E1240B1: to=<m...@mydomain.org>, relay=none,
> > > > delay=0.06, delays=0.06/0/0/0, dsn=5.4.6, status=bounced (mail for
> > > > 10.0.0.10 loops back to myself)
> > >
> > > What has changed?
> > >
> > > > I'm still trying to understand what that means exactly.
> > >
> > > 1) It means that postfix/smtp[13093] received a request to deliver
> > > mail for mydomain.org.
> > >
> > > ***Perhaps it should not have received that request.***
> >
> > Yes, it should receive requests for mydomain.org. It is the antispam
> > server where all e-mail for mydomain.org should go through first
> > before being handed over to the mailbox server at 10.0.0.10.
> >
> > > 2) It means that postfix/smtp[13093] looked up the MX for mydomain.org
> > > and found that Postfix itself (through the inet_interfaces and
> > > proxy_interfaces parameter values) is MX for mydomain.org.
> > >
> > > ***Perhaps inet_interfaces or proxy_interfaces are in error.***
> > >
> > > Either way, the Postfix SMTP client will not deliver mail to an IP
> > > address that Postfix is already receiving mail on.
> >
> > Sorry if I might sound foolish, but why? Isn't what "transport" is for?
>
> With this:
>
> /etc/postfix/transport:mydomain.org smtp:[10.0.0.10]
>
> mail was bounced because postfix/smtp[13093] found that
> 10.0.0.10 matches inet_interfaces or proxy_interfaces.
You may want to check this:
$ postconf transport_maps
Output should list /etc/postfix/transport
$ postmap -q mydomain.org /etc/postfix/transport
Output should show mydomain.org smtp:[10.0.0.10]
> Why did postfix/smtp[13093] find this match? I suppose because
> proxy_interfaces uses hostnames, which introduces a dependency
> on DNS or /etc/hosts which are subject to change.
>
> If the sender was external, the undeliverable mail will have been
> returned there. If the sender was in mydomain.org, then there was
> no way to deliver the non-delivery notification. As defined in
> SMTP standards, a non-delivery notification is discarded instead
> of being bounced, as the latter would result in an infinite loop.
>
> Wietse
>
