Hi all,
I try to use header_checks to route mails with a specific header through
a different SMTP with special TLS options.
Therefore I configured a new SMTP service in master.cf:
smtp-sec unix - - y - - smtp
-o smtp_header_checks=
-o syslog_name=postfix_smtp-sec
-o smtp_tls_security_level=secure
and a test header check:
/^Subject: test1test/ FILTER smtp-sec:
This is for testing only. Later I wanted to do this with special headers.
According to the documentation
(http://www.postfix.org/header_checks.5.html) it should be possible
since Postfix 2.7 with this entry to change the transport but not the
nexthop:
"... To override the recipient's transport but not the next-hop
destination, specify an empty filter destination ..."
I use postfix 3.5.6-1+b1 (Debian 11).
My postfix has a transport table for sending mails for the internal
domain to a mailbox server:
testdomain.net relay:[10.0.0.2]
But now when a mail for testdomain.net with the subject "test1test"
arrives, postfix does a MX lookup and gives an error:
end attr reason = mail for testdomain.net loops back to myself
The log shows that trivial-rewrite does a lookup on the transport map
and sets the nexthop:
Nov 16 13:38:19 mailtest1 postfix/trivial-rewrite[1143350]:
`t...@example.org' -> `tes...@testdomain.net' -> (`relay' `[10.0.0.2]'
`tes...@testdomain.net' `2048')
Nov 16 13:38:19 mailtest1 postfix/trivial-rewrite[1143350]: send
attr flags = 0
Nov 16 13:38:19 mailtest1 postfix/trivial-rewrite[1143350]: send
attr transport = relay
Nov 16 13:38:19 mailtest1 postfix/trivial-rewrite[1143350]: send
attr nexthop = [10.0.0.2]
Then cleanup sets the transport:
Nov 16 13:38:19 mailtest1 postfix/cleanup[1147934]: 5C0D85B05:
filter: header Subject: test1test from unknown[192.0.2.1];
from=<t...@example.org> to=<tes...@testdomain.net> proto=ESMTP
helo=<mailer.example.org>: smtp-safe:
But the smtp-sec service does a MX loopup and ends in an
Nov 16 13:38:19 mailtest1 postfix_smtp-sec/smtp[1147935]: send attr
action = failed
Nov 16 13:38:19 mailtest1 postfix_smtp-sec/smtp[1147935]: send attr
reason = mail for testdomain.net loops back to myself
Do I miss anything or is it an incorrect approach?
Regards
Marcus