Mail forwarding

[Jeff Bernier]

Can I use Postfix as a host for email forwarding?
 
The scenario I envision is an Alum or Faculty member authenticates to a web 
portal, then tells the system where to forward their email. All email destined 
for Staff would go to our current email system.
 
Any thoughts are welcome.
 
Regards,
Jeff
 
"It does not require many words to speak the truth." - Chief Joseph, Great Nez 
Perce Indian Chief 

Mail forwarding

[pch0317]

Hi,
I want to forward mail only for one user u...@mydomain.tld to 
u...@otherdomain.tld.


I try do it in this way:
/etc/postfix/virtual:
  ...
  u...@mydomain.tld u...@mydomain.tld, u...@otherdomain.tld
  ...

When I send mail to u...@mydomain.tld it receive message but user 
u...@otherdomain.tld receive 2 identical copy of mail.

How to send only one copy of mail to u...@otherdomain.tld


Thanks

Mail Forwarding

[Doug Hardie]

I thought I had everything working, but something broke. What I need to do is 
to accept mail for local delivery for several users on a couple domains 
(sermon-archive.info and one other) and relay mail for a number of users on 
domain (lafn.org) to a variety of different locations.  Each user could be on a 
different server.  My tests seemed to work, but when adding in the full tables, 
it broke.  Here are the various config files etc:

mail# postconf -n
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
max_use = 5
message_size_limit = 102400
mydestination = localhost.$mydomain, localhost
mydomain = sermon-archive.info
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
postscreen_access_list = permit_mynetworks, 
cidr:/usr/local/etc/postfix/access.cidr
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_destination_recipient_limit = 25
smtpd_authorized_xclient_hosts = 10.0.1.0/24
smtpd_command_filter = pcre:/usr/local/etc/postfix/quote
smtpd_error_sleep_time = 10
smtpd_hard_error_limit = 10
smtpd_milters = unix:/var/run/clamav/clmilter.sock
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 1
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/usr/local/etc/postfix/vmail_domains
virtual_alias_maps = hash:/usr/local/etc/postfix/vmail_alias
virtual_gid_maps = static:
virtual_mailbox_base = /var/mail/
virtual_mailbox_domains = hash:/usr/local/etc/postfix/local_domains
virtual_mailbox_limit = 102400
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmail_mailbox
virtual_minimum_uid = 
virtual_transport = dovecot
virtual_uid_maps = static:

mail# more local_domains
sermon-archive.info OK
mail.sermon-archive.infoOK
second.domain   OK


mail# more vmail_alias
postmaster  doug
bc979   doug
bc979-1 edward
bc979-4 jeanne
user1   mailb...@gmail.com
user2   mailb...@aol.com
refund  mailb...@hotmail.com


Plus a bunch more.  Other than postmaster, I thought that the left names should 
have @lafn.org, but that didn't seem to work either.


mail# more vmail_domains
lafn.orgOK


mail# more vmail_mailbox
d...@sermon-archive.infohome_mail/doug/
d...@mail.sermon-archive.info   home_mail/doug/


I also wanted to be able to have different users with the same name of 
different addresses such as d...@sermon-archive.info and doug@second.domain and 
have them go to different places.  Both seem to get local delivery to doug.

I am sure I have something configured wrong.  

When I try to send from a non-local system I get the following:

brain% telnet sermon-archive.info 25
Trying 71.177.216.148...
Connected to sermon-archive.info.
Escape character is '^]'.
220 mail.sermon-archive.info ESMTP Postfix
helo me
250 mail.sermon-archive.info
mail from:wa6...@arrl.net
250 2.1.0 Ok
rcpt to:ref...@lafn.org
550 5.1.1 : Recipient address rejected: User unknown in 
virtual alias table


— Doug

Re: Mail forwarding

[Victor Duchovni]

On Wed, Mar 11, 2009 at 01:35:26PM -0400, Jeff Bernier wrote:

> Can I use Postfix as a host for email forwarding?
>  
> The scenario I envision is an Alum or Faculty member authenticates to
> a web portal, then tells the system where to forward their email. All
> email destined for Staff would go to our current email system.
>  

You *can* do this, but probably should not. The problem is that your
forwarder will be saturated with spam that you will be poorly positioned
to process. Receiving systems will soon blacklist your forwarder, and
it becomes useless. Quaranine is not an option, and tagging will not
be acceptable to receiving sites. Your only choice is to have a very
effective filter to reject spam during SMTP, not easy to do.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail forwarding

[Jeff Bernier]

Thank you Viktor for your reply.
 
We already have an anti-spam/anti-virus system sitting in front of our mail 
system. Would this then work if Postfix were positioned similarly?
 

>>> Victor Duchovni  3/11/2009 1:48 PM >>>
On Wed, Mar 11, 2009 at 01:35:26PM -0400, Jeff Bernier wrote:

> Can I use Postfix as a host for email forwarding?
>  
> The scenario I envision is an Alum or Faculty member authenticates to
> a web portal, then tells the system where to forward their email. All
> email destined for Staff would go to our current email system.
>  

You *can* do this, but probably should not. The problem is that your
forwarder will be saturated with spam that you will be poorly positioned
to process. Receiving systems will soon blacklist your forwarder, and
it becomes useless. Quaranine is not an option, and tagging will not
be acceptable to receiving sites. Your only choice is to have a very
effective filter to reject spam during SMTP, not easy to do.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail forwarding

[Victor Duchovni]

On Wed, Mar 11, 2009 at 01:55:03PM -0400, Jeff Bernier wrote:

> We already have an anti-spam/anti-virus system sitting in front of our
> mail system. Would this then work if Postfix were positioned similarly?

Yes, but is it sufficiently effective? Does it reject during SMTP or
quarantine after? The devil is in the details. If you spam system can
reject all bad content during SMTP and output less than 0.3% spam, you
can forward the resulting stream via Postfix, just configure a virtual
alias domain:

http://www.postfix.org/VIRTUAL_README.html

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail forwarding

[mouss]

Le 26/05/2011 18:41, pch0317 a écrit :
> Hi,
> I want to forward mail only for one user u...@mydomain.tld to
> u...@otherdomain.tld.
> 
> I try do it in this way:
> /etc/postfix/virtual:
>   ...
>   u...@mydomain.tld u...@mydomain.tld, u...@otherdomain.tld
>   ...
> 
> When I send mail to u...@mydomain.tld it receive message but user
> u...@otherdomain.tld receive 2 identical copy of mail.
> How to send only one copy of mail to u...@otherdomain.tld
> 

http://www.postfix.org/FILTER_README.html
http://www.postfix.org/postconf.5.html#receive_override_options

Re: Mail forwarding

[pch0317]

On 26/05/11 21:46, mouss wrote:

Le 26/05/2011 18:41, pch0317 a écrit :

Hi,
I want to forward mail only for one user u...@mydomain.tld to
u...@otherdomain.tld.

I try do it in this way:
/etc/postfix/virtual:
   ...
   u...@mydomain.tld u...@mydomain.tld, u...@otherdomain.tld
   ...

When I send mail to u...@mydomain.tld it receive message but user
u...@otherdomain.tld receive 2 identical copy of mail.
How to send only one copy of mail to u...@otherdomain.tld


http://www.postfix.org/FILTER_README.html
http://www.postfix.org/postconf.5.html#receive_override_options




perfect help

Thanks

Mail forwarding loop

[Daniele Nicolodi]

Hello,

I think I have a problem with my simple mail server. I noticed several
bounce mails in the queue, which postfix in unable to deliver.

> C0B0160EC 12730 Thu Nov  8 12:35:47  MAILER-DAEMON
> (lost connection with eforward5.registrar-servers.com[38.101.213.202] while 
> receiving the initial server greeting)
>  
> instant.checkm...@designakeackson.info

All of them destined to what look to be fake addresses. The original
mails that originate the bounce are indeed spam.

On this server I use spamassassin as content filter, which re-injects
the mail into postfix after scanning it via local delivery. Spam is then
discarded via a sieve rule (not bounced).

It looks like postfix detects a mail forwarding loop when the mail is
re-injected by spamassassin via local delivery. Why isn't the loop
detected when the mail is received by the smtpd? I do not like to
generate unnecessary bounce mails. Is this a real problem? How can I fix it?

Here is what I think is a relevant log excerpt:

> # egrep 2ABF060A6\|BCDF560EF\|C0B0160EC\|FD01D4DD-1DEF-1BC3-9A2A-5EDE8F9DD6C5 
> /var/log/mail.log
> Nov  8 12:35:46 zed postfix/smtpd[2515]: 2ABF060A6: 
> client=designakeackson.info[176.126.174.9]
> Nov  8 12:35:46 zed postfix/cleanup[2517]: 2ABF060A6: 
> message-id=
> Nov  8 12:35:46 zed postfix/qmgr[3850]: 2ABF060A6: 
> from=, size=9793, nrcpt=1 (queue 
> active)
> Nov  8 12:35:46 zed spamd[2282]: spamd: processing message 
>  for daniele:1000
> Nov  8 12:35:47 zed spamd[2282]: spamd: result: Y 5 - 
> BAYES_50,HTML_MESSAGE,RP_MATCHES_RCVD,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL
>  
> scantime=1.4,size=9786,user=daniele,uid=1000,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=60966,mid=,bayes=0.50,autolearn=no
> Nov  8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 
> from=
> Nov  8 12:35:47 zed postfix/cleanup[2517]: BCDF560EF: 
> message-id=
> Nov  8 12:35:47 zed postfix/pipe[2518]: 2ABF060A6: to=, 
> relay=spamassassin, delay=1.7, delays=0.24/0.01/0/1.4, dsn=2.0.0, status=sent 
> (delivered via spamassassin service)
> Nov  8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: 
> from=, size=10941, nrcpt=1 (queue 
> active)
> Nov  8 12:35:47 zed postfix/qmgr[3850]: 2ABF060A6: removed
> Nov  8 12:35:47 zed postfix/local[2522]: BCDF560EF: to=, 
> relay=local, delay=0.02, delays=0/0.01/0/0.01, dsn=5.4.6, status=bounced 
> (mail forwarding loop for dani...@grinta.net)
> Nov  8 12:35:47 zed postfix/cleanup[2517]: C0B0160EC: 
> message-id=<20121108123547.c0b016...@zed.grinta.net>
> Nov  8 12:35:47 zed postfix/bounce[2523]: BCDF560EF: sender non-delivery 
> notification: C0B0160EC
> Nov  8 12:35:47 zed postfix/qmgr[3850]: C0B0160EC: from=<>, size=12730, 
> nrcpt=1 (queue active)
> Nov  8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: removed
> Nov  8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host 
> eforward3.registrar-servers.com[209.105.246.196] said: 450 4.1.1 
> : Recipient address rejected: 
> unverified address: unknown user: "instant.checkm...@designakeackson.info" 
> (in reply to RCPT TO command)
> Nov  8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host 
> eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 421 
> 4.3.2 All server ports are busy
> Nov  8 12:35:54 zed postfix/smtp[2512]: C0B0160EC: 
> to=, 
> relay=eforward2.registrar-servers.com[209.105.246.195]:25, delay=7.2, 
> delays=0/0/7/0.17, dsn=4.1.1, status=deferred (host 
> eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 
> : Recipient address rejected: 
> unverified address: unknown user: "instant.checkm...@designakeackson.info" 
> (in reply to RCPT TO command))
> Nov  8 12:45:42 zed postfix/qmgr[3850]: C0B0160EC: from=<>, size=12730, 
> nrcpt=1 (queue active)
> Nov  8 12:45:43 zed postfix/smtp[2566]: C0B0160EC: host 
> eforward3.registrar-servers.com[209.105.246.196] refused to talk to me: 421 
> 4.3.2 All server ports are busy
> Nov  8 12:46:05 zed postfix/smtp[2566]: C0B0160EC: host 
> eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 
> : Recipient address rejected: 
> unverified address: unknown user: "instant.checkm...@designakeackson.info" 
> (in reply to RCPT TO command)
> Nov  8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: host 
> eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 421 
> 4.3.2 All server ports are busy
> Nov  8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: host 
> eforward4.registrar-servers.com[69.160.33.74] refused to talk to me: 421 
> 4.3.2 All server ports are busy
> Nov  8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: 
> to=, 
> relay=eforward5.registrar-servers.com[38.101.213.202]:25, d

Yahoo mail forwarding

[LuKreme]

Wondering if anyone else has had this issue with Yahoo.

I have a user who setup his mail to forward to his yahoo account. All of his 
mail (he changed his forwarding from gmail to yahoo) went to yahoo for about a 
month.

About a week after the forward was setup, all mail to yahoo is rejected with a 
554:Con:b1 error. Now, a year or so later, mail to yahoo is sporadic, sometimes 
it sends, sometimes I get a 554 for a couple of days and everything clears up 
for another month or 5.

I never seem to get 421 errors, just 521.

I remember having horrible problems with Yahoo blacklisting any server at the 
drop of a hat about  decade ago, but I thought they'd mostly pulled their heads 
out since then.

Anything I can do on my end for the occasional yahoo emails (the user in 
question switched back to gmail) that will make them happier without too much 
effort on my part?

-- 
When a distinguished but elderly scientist states that something is
possible, he is almost certainly right. When he states that something is
impossible, he is probably wrong.

Re: Mail Forwarding

[Wietse Venema]

Doug Hardie:
> 550 5.1.1 : Recipient address rejected: User unknown in 
> virtual alias table

The domain name 'lafn.org' matches $virtual_alias_domains, but the
address 'ref...@lafn.org' does not match $virtual_alias_maps.

Should domain name 'lafn.org' match $virtual_alias_domains? If so,
make an entry

ref...@lafn.org  ref...@lafn.org

in $virtual_alias_maps, so that Postfix knows the address is real.

If the domain should not match $virtual_alias_domains, update that
table.

Wietse

Re: Mail Forwarding

[wa6vvv]

I think I have it working now.  Typos are killers.  I added @lafn.org to each
of the keys in the virtual_alias_maps file.  That seems to have worked.  I
am not sure why I needed (or if I needed) the virtual_mailbox_domains table.  

I did notice there were no entries for [second_domain] in
virtual_alias_maps.  Those are all locally delivered so I assumed they were
not necessary.  I am receiving mail for that domain without them.

I have found the diagrams in the documentation quite helpful in
understanding postfix.  However, is there similar information on how the
various tables are used and in which order?



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Mail-Forwarding-tp91078p91095.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: Mail Forwarding

[/dev/rob0]

On Sat, Jul 01, 2017 at 11:42:30AM -0700, wa6vvv wrote:
> I think I have it working now.  Typos are killers.  I added 
> @lafn.org to each of the keys in the virtual_alias_maps file.  That 
> seems to have worked.  I am not sure why I needed (or if I needed) 
> the virtual_mailbox_domains table.
> 
> I did notice there were no entries for [second_domain] in 
> virtual_alias_maps.  Those are all locally delivered so I assumed 
> they were not necessary.  I am receiving mail for that domain 
> without them.
> 
> I have found the diagrams in the documentation quite helpful in 
> understanding postfix.  However, is there similar information on 
> how the various tables are used and in which order?

Postfix has four "address classes" for receiving mail (for which 
Postfix is either the final destination or an intermediate MX), and 
these classes and the lookups they need/use are documented here:

http://www.postfix.org/ADDRESS_CLASS_README.html

Not a diagram, but it does have the answers to your questions.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Mail forwarding loop

[Jeroen Geilman]

On 11/08/2012 05:25 PM, Daniele Nicolodi wrote:

Hello,

I think I have a problem with my simple mail server. I noticed several
bounce mails in the queue, which postfix in unable to deliver.


C0B0160EC 12730 Thu Nov  8 12:35:47  MAILER-DAEMON
(lost connection with eforward5.registrar-servers.com[38.101.213.202] while 
receiving the initial server greeting)
  instant.checkm...@designakeackson.info

All of them destined to what look to be fake addresses. The original
mails that originate the bounce are indeed spam.

On this server I use spamassassin as content filter, which re-injects
the mail into postfix after scanning it via local delivery. Spam is then
discarded via a sieve rule (not bounced).

It looks like postfix detects a mail forwarding loop when the mail is
re-injected by spamassassin via local delivery. Why isn't the loop
detected when the mail is received by the smtpd?


Postfix cannot detect a mail loop if it has never seen the message before.
You are not re-injecting the filtered message, you are calling 
sendmail(1), which in turn invokes pickup(8):



  I do not like to
generate unnecessary bounce mails. Is this a real problem? How can I fix it?

Here is what I think is a relevant log excerpt:


# egrep 2ABF060A6\|BCDF560EF\|C0B0160EC\|FD01D4DD-1DEF-1BC3-9A2A-5EDE8F9DD6C5 
/var/log/mail.log
Nov  8 12:35:46 zed postfix/smtpd[2515]: 2ABF060A6: 
client=designakeackson.info[176.126.174.9]
Nov  8 12:35:46 zed postfix/cleanup[2517]: 2ABF060A6: 
message-id=
Nov  8 12:35:46 zed postfix/qmgr[3850]: 2ABF060A6: 
from=, size=9793, nrcpt=1 (queue active)
Nov  8 12:35:46 zed spamd[2282]: spamd: processing message 
 for daniele:1000
Nov  8 12:35:47 zed spamd[2282]: spamd: result: Y 5 - 
BAYES_50,HTML_MESSAGE,RP_MATCHES_RCVD,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL
 
scantime=1.4,size=9786,user=daniele,uid=1000,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=60966,mid=,bayes=0.50,autolearn=no
Nov  8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 
from=
Nov  8 12:35:47 zed postfix/cleanup[2517]: BCDF560EF: 
message-id=
Nov  8 12:35:47 zed postfix/pipe[2518]: 2ABF060A6: to=, 
relay=spamassassin, delay=1.7, delays=0.24/0.01/0/1.4, dsn=2.0.0, status=sent 
(delivered via spamassassin service)
Nov  8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: 
from=, size=10941, nrcpt=1 (queue 
active)
Nov  8 12:35:47 zed postfix/qmgr[3850]: 2ABF060A6: removed
Nov  8 12:35:47 zed postfix/local[2522]: BCDF560EF: to=, 
relay=local, delay=0.02, delays=0/0.01/0/0.01, dsn=5.4.6, status=bounced (mail 
forwarding loop for dani...@grinta.net)
Nov  8 12:35:47 zed postfix/cleanup[2517]: C0B0160EC: 
message-id=<20121108123547.c0b016...@zed.grinta.net>
Nov  8 12:35:47 zed postfix/bounce[2523]: BCDF560EF: sender non-delivery 
notification: C0B0160EC
Nov  8 12:35:47 zed postfix/qmgr[3850]: C0B0160EC: from=<>, size=12730, nrcpt=1 
(queue active)
Nov  8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: removed
Nov  8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host 
eforward3.registrar-servers.com[209.105.246.196] said: 450 4.1.1 
: Recipient address rejected: unverified address: 
unknown user: "instant.checkm...@designakeackson.info" (in reply to RCPT TO command)
Nov  8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host 
eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 421 4.3.2 
All server ports are busy
Nov  8 12:35:54 zed postfix/smtp[2512]: C0B0160EC: to=, 
relay=eforward2.registrar-servers.com[209.105.246.195]:25, delay=7.2, delays=0/0/7/0.17, dsn=4.1.1, 
status=deferred (host eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 
: Recipient address rejected: unverified address: 
unknown user: "instant.checkm...@designakeackson.info" (in reply to RCPT TO command))
Nov  8 12:45:42 zed postfix/qmgr[3850]: C0B0160EC: from=<>, size=12730, nrcpt=1 
(queue active)
Nov  8 12:45:43 zed postfix/smtp[2566]: C0B0160EC: host 
eforward3.registrar-servers.com[209.105.246.196] refused to talk to me: 421 
4.3.2 All server ports are busy
Nov  8 12:46:05 zed postfix/smtp[2566]: C0B0160EC: host 
eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 
: Recipient address rejected: unverified address: 
unknown user: "instant.checkm...@designakeackson.info" (in reply to RCPT TO command)
Nov  8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: host 
eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 421 4.3.2 
All server ports are busy
Nov  8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: host 
eforward4.registrar-servers.com[69.160.33.74] refused to talk to me: 421 4.3.2 
All server ports are busy
Nov  8 12:46:06 zed postfix/smtp[2566]: C0B0160EC: 
to=, 
relay=eforward5.registrar-servers.com[38.101.213.202]:25, delay=619, 
delays=595/0.04/24/0, dsn=4.3.2, status=deferred (host 
eforward5.registrar-servers.com[38.101.213.202] refused to talk to me: 42

Re: Mail forwarding loop

[Jeroen Geilman]

On 11/08/2012 11:12 PM, Jeroen Geilman wrote:

On 11/08/2012 05:25 PM, Daniele Nicolodi wrote:

Hello,

I think I have a problem with my simple mail server. I noticed several
bounce mails in the queue, which postfix in unable to deliver.


C0B0160EC 12730 Thu Nov  8 12:35:47 MAILER-DAEMON
(lost connection with 
eforward5.registrar-servers.com[38.101.213.202] while receiving the 
initial server greeting)

instant.checkm...@designakeackson.info

All of them destined to what look to be fake addresses. The original
mails that originate the bounce are indeed spam.

On this server I use spamassassin as content filter, which re-injects
the mail into postfix after scanning it via local delivery. Spam is then
discarded via a sieve rule (not bounced).

It looks like postfix detects a mail forwarding loop when the mail is
re-injected by spamassassin via local delivery. Why isn't the loop
detected when the mail is received by the smtpd?





And now without thick-fingering CTRL-Enter:

Postfix cannot detect a mail loop if it has never seen the message before.
You are not re-injecting the filtered message, you are (or, rather, SA 
is) calling sendmail(1), which in turn invokes pickup(8):


Nov  8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 
from=


This means a different path is followed from the original submission 
over SMTP; sendmail-submitted mail generally lacks features that allow 
such loops to be detected.
In this case, you are using the "nobody" user to re-submit the message, 
which will throw postfix off further, since it has no MAIL FROM: to 
match it with.


Re-inject the message over a separate smtpd(8) instance instead; the 
content filter loopback will not alter the envelope, thus enabling 
postfix to detect a loop.


smtpd(8): MAIL FROM: joe@home, RCPT TO: jim@work -> Spamassassin -> SMTP 
re-inject: MAIL FROM: joe@home, RCPT TO: jim@work.
sendmail(1): MAIL FROM: joe@home, RCPT TO: jim@work -> Spamassassin -> 
sendmail: MAIL FROM: nobody (uid=65534), RCPT TO: jim@work.


Note the "nobody" above.


  I do not like to
generate unnecessary bounce mails. Is this a real problem? How can I 
fix it?


Here is what I think is a relevant log excerpt:

# egrep 
2ABF060A6\|BCDF560EF\|C0B0160EC\|FD01D4DD-1DEF-1BC3-9A2A-5EDE8F9DD6C5 /var/log/mail.log 

Nov  8 12:35:46 zed postfix/smtpd[2515]: 2ABF060A6: 
client=designakeackson.info[176.126.174.9]
Nov  8 12:35:46 zed postfix/cleanup[2517]: 2ABF060A6: 
message-id=
Nov  8 12:35:46 zed postfix/qmgr[3850]: 2ABF060A6: 
from=, size=9793, nrcpt=1 
(queue active)
Nov  8 12:35:46 zed spamd[2282]: spamd: processing message 
 for 
daniele:1000
Nov  8 12:35:47 zed spamd[2282]: spamd: result: Y 5 - 
BAYES_50,HTML_MESSAGE,RP_MATCHES_RCVD,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL 
scantime=1.4,size=9786,user=daniele,uid=1000,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=60966,mid=,bayes=0.50,autolearn=no 

Nov  8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 
from=
Nov  8 12:35:47 zed postfix/cleanup[2517]: BCDF560EF: 
message-id=
Nov  8 12:35:47 zed postfix/pipe[2518]: 2ABF060A6: 
to=, relay=spamassassin, delay=1.7, 
delays=0.24/0.01/0/1.4, dsn=2.0.0, status=sent (delivered via 
spamassassin service)
Nov  8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: 
from=, size=10941, nrcpt=1 
(queue active)

Nov  8 12:35:47 zed postfix/qmgr[3850]: 2ABF060A6: removed
Nov  8 12:35:47 zed postfix/local[2522]: BCDF560EF: 
to=, relay=local, delay=0.02, 
delays=0/0.01/0/0.01, dsn=5.4.6, status=bounced (mail forwarding 
loop for dani...@grinta.net)
Nov  8 12:35:47 zed postfix/cleanup[2517]: C0B0160EC: 
message-id=<20121108123547.c0b016...@zed.grinta.net>
Nov  8 12:35:47 zed postfix/bounce[2523]: BCDF560EF: sender 
non-delivery notification: C0B0160EC
Nov  8 12:35:47 zed postfix/qmgr[3850]: C0B0160EC: from=<>, 
size=12730, nrcpt=1 (queue active)

Nov  8 12:35:47 zed postfix/qmgr[3850]: BCDF560EF: removed
Nov  8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host 
eforward3.registrar-servers.com[209.105.246.196] said: 450 4.1.1 
: Recipient address 
rejected: unverified address: unknown user: 
"instant.checkm...@designakeackson.info" (in reply to RCPT TO command)
Nov  8 12:35:52 zed postfix/smtp[2512]: C0B0160EC: host 
eforward1.registrar-servers.com[69.160.33.82] refused to talk to me: 
421 4.3.2 All server ports are busy
Nov  8 12:35:54 zed postfix/smtp[2512]: C0B0160EC: 
to=, 
relay=eforward2.registrar-servers.com[209.105.246.195]:25, 
delay=7.2, delays=0/0/7/0.17, dsn=4.1.1, status=deferred (host 
eforward2.registrar-servers.com[209.105.246.195] said: 450 4.1.1 
: Recipient address 
rejected: unverified address: unknown user: 
"instant.checkm...@designakeackson.info" (in reply to RCPT TO command))
Nov  8 12:45:42 zed postfix/qmgr[3850]: C0B0160EC: from=<>, 
size=12730, nrcpt=1 (queue active)
Nov  8 12:45:43 zed postfix/smtp[2566]: C0B0160EC: ho

Re: Mail forwarding loop

[Daniele Nicolodi]

On 08/11/2012 23:21, Jeroen Geilman wrote:
> Postfix cannot detect a mail loop if it has never seen the message before.
> You are not re-injecting the filtered message, you are (or, rather, SA 
> is) calling sendmail(1), which in turn invokes pickup(8):
> 
>  Nov  8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534 
> from=
> 
> This means a different path is followed from the original submission 
> over SMTP; sendmail-submitted mail generally lacks features that allow 
> such loops to be detected.
> In this case, you are using the "nobody" user to re-submit the message, 
> which will throw postfix off further, since it has no MAIL FROM: to 
> match it with.
> 
> Re-inject the message over a separate smtpd(8) instance instead; the 
> content filter loopback will not alter the envelope, thus enabling 
> postfix to detect a loop.
> 
> smtpd(8): MAIL FROM: joe@home, RCPT TO: jim@work -> Spamassassin -> SMTP 
> re-inject: MAIL FROM: joe@home, RCPT TO: jim@work.
> sendmail(1): MAIL FROM: joe@home, RCPT TO: jim@work -> Spamassassin -> 
> sendmail: MAIL FROM: nobody (uid=65534), RCPT TO: jim@work.
> 
> Note the "nobody" above.

Hello Jeroen,

thank you for your reply, but I do not follow you. My problem is that a
mail forwarding loop is detected where I suppose there should be none,
not the opposite. The same log you quite, imho shows that a proper FROM
was indeed provided by sendmail, as I believe that Postfix reports the
envelope sendere and not the From: header in its logs.

My configuration is basically what described as "Simple content filter
example" in the documentation: http://www.postfix.org/FILTER_README.html

Cheers,
Daniele

Re: Mail forwarding loop

[David Rees]

On Thu, Nov 8, 2012 at 8:25 AM, Daniele Nicolodi  wrote:
> I think I have a problem with my simple mail server. I noticed several
> bounce mails in the queue, which postfix in unable to deliver.

You're seeing the same issue as was posted the other day in the thread
"Best way to handle a Delivered-To exploit??". Searching the archives
similar issues have come up before, but no real good solutions that I
could find.

-Dave

Re: Mail forwarding loop

[Jeroen Geilman]

On 11/08/2012 11:39 PM, Daniele Nicolodi wrote:

On 08/11/2012 23:21, Jeroen Geilman wrote:

Postfix cannot detect a mail loop if it has never seen the message before.
You are not re-injecting the filtered message, you are (or, rather, SA
is) calling sendmail(1), which in turn invokes pickup(8):

  Nov  8 12:35:47 zed postfix/pickup[2485]: BCDF560EF: uid=65534
from=

This means a different path is followed from the original submission
over SMTP; sendmail-submitted mail generally lacks features that allow
such loops to be detected.
In this case, you are using the "nobody" user to re-submit the message,
which will throw postfix off further, since it has no MAIL FROM: to
match it with.

Re-inject the message over a separate smtpd(8) instance instead; the
content filter loopback will not alter the envelope, thus enabling
postfix to detect a loop.

smtpd(8): MAIL FROM: joe@home, RCPT TO: jim@work -> Spamassassin -> SMTP
re-inject: MAIL FROM: joe@home, RCPT TO: jim@work.
sendmail(1): MAIL FROM: joe@home, RCPT TO: jim@work -> Spamassassin ->
sendmail: MAIL FROM: nobody (uid=65534), RCPT TO: jim@work.

Note the "nobody" above.

Hello Jeroen,

thank you for your reply, but I do not follow you. My problem is that a
mail forwarding loop is detected where I suppose there should be none,
not the opposite. The same log you quite, imho shows that a proper FROM
was indeed provided by sendmail, as I believe that Postfix reports the
envelope sendere and not the From: header in its logs.


Ah, I see. I misread the question, then.
See David's response for a possible explanation.


My configuration is basically what described as "Simple content filter
example" in the documentation: http://www.postfix.org/FILTER_README.html

Cheers,
Daniele





--
J.

Re: Mail forwarding loop

[Jamie Paul Griffin]

/ David Rees wrote on Thu  8.Nov'12 at 14:59:01 -0800 /

> On Thu, Nov 8, 2012 at 8:25 AM, Daniele Nicolodi  wrote:
> > I think I have a problem with my simple mail server. I noticed several
> > bounce mails in the queue, which postfix in unable to deliver.
> 
> You're seeing the same issue as was posted the other day in the thread
> "Best way to handle a Delivered-To exploit??". Searching the archives
> similar issues have come up before, but no real good solutions that I
> could find.
> 
> -Dave

If you want to use content filtering with postfix, you might have better 
results if you use amavisd-new + spamassassin + clamav. It's just a suggestion 
but it does work well and it's dead easy to configure. May I also recommend the 
unofficial clamav signatures as well with my suggested filtering set-up. I 
believe plenty of postfix users have good results with this filtering method. 

Re: Mail forwarding loop

[Daniele Nicolodi]

On 09/11/2012 08:40, Jamie Paul Griffin wrote:
> / David Rees wrote on Thu  8.Nov'12 at 14:59:01 -0800 /
> 
>> On Thu, Nov 8, 2012 at 8:25 AM, Daniele Nicolodi  wrote:
>>> I think I have a problem with my simple mail server. I noticed several
>>> bounce mails in the queue, which postfix in unable to deliver.
>>
>> You're seeing the same issue as was posted the other day in the thread
>> "Best way to handle a Delivered-To exploit??". Searching the archives
>> similar issues have come up before, but no real good solutions that I
>> could find.
>>
>> -Dave
> 
> If you want to use content filtering with postfix, you might have
> better results if you use amavisd-new + spamassassin + clamav. It's
> just a suggestion but it does work well and it's dead easy to
> configure. May I also recommend the unofficial clamav signatures as
> well with my suggested filtering set-up. I believe plenty of postfix
> users have good results with this filtering method.

Hello Jamie,

I do not understand your hint. What does this have to do with incoming
messages having a bogus Delivered-To header? As far as I know neither
spamassassin or clamav have a feature that detects those.

Best,
Daniele

Re: Mail forwarding loop

[Jamie Paul Griffin]

/ Daniele Nicolodi wrote on Fri  9.Nov'12 at 10:06:14 +0100 /

> On 09/11/2012 08:40, Jamie Paul Griffin wrote:
> > / David Rees wrote on Thu  8.Nov'12 at 14:59:01 -0800 /
> > 
> >> On Thu, Nov 8, 2012 at 8:25 AM, Daniele Nicolodi  
> >> wrote:
> >>> I think I have a problem with my simple mail server. I noticed several
> >>> bounce mails in the queue, which postfix in unable to deliver.
> >>
> >> You're seeing the same issue as was posted the other day in the thread
> >> "Best way to handle a Delivered-To exploit??". Searching the archives
> >> similar issues have come up before, but no real good solutions that I
> >> could find.
> >>
> >> -Dave
> > 
> > If you want to use content filtering with postfix, you might have
> > better results if you use amavisd-new + spamassassin + clamav. It's
> > just a suggestion but it does work well and it's dead easy to
> > configure. May I also recommend the unofficial clamav signatures as
> > well with my suggested filtering set-up. I believe plenty of postfix
> > users have good results with this filtering method.
> 
> Hello Jamie,
> 
> I do not understand your hint. What does this have to do with incoming
> messages having a bogus Delivered-To header? As far as I know neither
> spamassassin or clamav have a feature that detects those.
> 
> Best,
> Daniele

Of course, you're right but having read the follow-ups from others, the issue 
looks as though there is some configuration issue with your spamassassin set-up 
so I thought it might be useful to suggest that you try using spamassassin with 
amavisd-new. I didn't mean to confuse you, and my comments may have seemed a 
bit random so sorry about that. :-)

Re: Mail forwarding loop

[Daniele Nicolodi]

On 09/11/2012 10:35, Jamie Paul Griffin wrote:
> / Daniele Nicolodi wrote on Fri  9.Nov'12 at 10:06:14 +0100 /
> 
>> On 09/11/2012 08:40, Jamie Paul Griffin wrote:
>>>
>>> If you want to use content filtering with postfix, you might have
>>> better results if you use amavisd-new + spamassassin + clamav. It's
>>> just a suggestion but it does work well and it's dead easy to
>>> configure. May I also recommend the unofficial clamav signatures as
>>> well with my suggested filtering set-up. I believe plenty of postfix
>>> users have good results with this filtering method.
>>
>> Hello Jamie,
>>
>> I do not understand your hint. What does this have to do with incoming
>> messages having a bogus Delivered-To header? As far as I know neither
>> spamassassin or clamav have a feature that detects those.
>>
>> Best,
>> Daniele
> 
> Of course, you're right but having read the follow-ups from others,
> the issue looks as though there is some configuration issue with your
> spamassassin set-up so I thought it might be useful to suggest that
> you try using spamassassin with amavisd-new. I didn't mean to confuse
> you, and my comments may have seemed a bit random so sorry about
> that. :-)
> 

Can you please pinpoint the configuration issues you are mentioning? I
believe my system is configured just right for what it is supposed to do.

Cheers,
Daniele

Re: Mail forwarding loop

[Jamie Paul Griffin]

/ Daniele Nicolodi wrote on Fri  9.Nov'12 at 11:01:54 +0100 /

> On 09/11/2012 10:35, Jamie Paul Griffin wrote:
> > / Daniele Nicolodi wrote on Fri  9.Nov'12 at 10:06:14 +0100 /
> > 
> >> On 09/11/2012 08:40, Jamie Paul Griffin wrote:
> >>>
> >>> If you want to use content filtering with postfix, you might have
> >>> better results if you use amavisd-new + spamassassin + clamav. It's
> >>> just a suggestion but it does work well and it's dead easy to
> >>> configure. May I also recommend the unofficial clamav signatures as
> >>> well with my suggested filtering set-up. I believe plenty of postfix
> >>> users have good results with this filtering method.
> >>
> >> Hello Jamie,
> >>
> >> I do not understand your hint. What does this have to do with incoming
> >> messages having a bogus Delivered-To header? As far as I know neither
> >> spamassassin or clamav have a feature that detects those.
> >>
> >> Best,
> >> Daniele
> > 
> > Of course, you're right but having read the follow-ups from others,
> > the issue looks as though there is some configuration issue with your
> > spamassassin set-up so I thought it might be useful to suggest that
> > you try using spamassassin with amavisd-new. I didn't mean to confuse
> > you, and my comments may have seemed a bit random so sorry about
> > that. :-)
> > 
> 
> Can you please pinpoint the configuration issues you are mentioning? I
> believe my system is configured just right for what it is supposed to do.
> 
> Cheers,
> Daniele

It's difficult to know how you've set up your spam filter. Some more 
information would help more.

On the machine i'm using now, I don't use postfix, but I do use spamassassin. I 
have procmail recipies that use spamc to filter the messages. On my Mac I do 
use postfix and use amavisd-new, with spamassassin and clamav. That isn't 
especially relevent to you but it's just to highlight that people use different 
methods - your method isn't clear to me from the information you've posted so 
far. Sorry I can't be more helpful right now. It shouldn't take too long to 
provide a solution with more info. 

Re: Mail forwarding loop

[Daniele Nicolodi]

On 10/11/2012 11:16, Jamie Paul Griffin wrote:
> It's difficult to know how you've set up your spam filter. Some more
> information would help more.
> 
> On the machine i'm using now, I don't use postfix, but I do use
> spamassassin. I have procmail recipies that use spamc to filter the
> messages. On my Mac I do use postfix and use amavisd-new, with
> spamassassin and clamav. That isn't especially relevent to you but
> it's just to highlight that people use different methods - your
> method isn't clear to me from the information you've posted so far.
> Sorry I can't be more helpful right now. It shouldn't take too long
> to provide a solution with more info.

I don't really get why you would like to help me fix something that is
working just fine. The problem I'm asking advice for is completely
unrelated to spamassassin.

What I observe is that postfix is receiving messages containing a forged
Delivered-To header that makes postfix think it is seeing a mail
forwarding loop. The local(8) daemon bounces the messages, but
those messages are spam and the from addresses are invalid, therefore
the bounces get stock in the delivery queue. This is not a problem in
itself, but I do not like to generate bounces for spam messages.

Best,
Daniele

Re: Mail forwarding loop

[Sahil Tandon]

On Sat, 2012-11-10 at 16:09:24 +0100, Daniele Nicolodi wrote:
> ... 
> What I observe is that postfix is receiving messages containing a
> forged Delivered-To header that makes postfix think it is seeing a
> mail forwarding loop. The local(8) daemon bounces the messages, but
> those messages are spam and the from addresses are invalid, therefore
> the bounces get stock in the delivery queue. This is not a problem in
> itself, but I do not like to generate bounces for spam messages.

See the list archives for previous discussion of this issue.  For
example:

 http://thread.gmane.org/gmane.mail.postfix.user/148887

Read the entire thread before trying to implement the suggestion
"solutions".

-- 
Sahil Tandon

Re: Mail forwarding loop

[Noel Jones]

On 11/10/2012 9:09 AM, Daniele Nicolodi wrote:
> 
> What I observe is that postfix is receiving messages containing a forged
> Delivered-To header that makes postfix think it is seeing a mail
> forwarding loop. The local(8) daemon bounces the messages, but
> those messages are spam and the from addresses are invalid, therefore
> the bounces get stock in the delivery queue. This is not a problem in
> itself, but I do not like to generate bounces for spam messages.
> 


If it's just a handful of messages, probably "do nothing" is the
best solution.  It's also worth examining the spam to see if there
is some common feature other the the Delivered-to header you can use
to reject them.

If you are seeing a lot of these, there is no perfect solution, but
there are some things you can do.  Do whatever seems to work best in
your environment, or do nothing.

Separate incoming and outgoing - If you happen to have (or care to
set up) multiple postfix instances to separate incoming and outgoing
mail, it is somewhat safe to REJECT incoming internet mail
containing a Delivered-to @yourdomain.  Don't do this on outgoing
mail; your users won't be able to forward messages.

Plus-1 loop detection - Use header_checks something like
/^X-Loop.*@example\.com$/  REJECT
/^(Delivered-to: .*@example\.com)$/  REPLACE X-Loop-$1
This will push the loop detection back one loop.  I can imagine
cases where this will break horribly.

Nuclear option - Remove the Delivered-To header and hope real loops
get detected by the presence of too many Received: headers before
something melts.
/^Delivered-To: .*@example.com/ IGNORE
Some forwarding methods alter/remove Received: headers, so this is
Not Recommended.  Use this as a temporary crutch if you're getting
hammered with forged headers and can't tell which are legit and
which aren't.

Run spamasssassin sooner - detect spam before local(8) gets the mail
by using a smtpd_proxy_filter or milter to detect and reject spam
before it enters your server.  amavisd-new and spamass-milter are
popular and effective choices.  Note running spamassassin pre-queue
may require more resources than running it during delivery since
there's a time limit involved; your server must be able to finish
scanning the mail before the remote server disconnects.


Good luck.




  -- Noel Jones

Re: Mail forwarding loop

[Daniele Nicolodi]

On 10/11/2012 23:58, Noel Jones wrote:
> On 11/10/2012 9:09 AM, Daniele Nicolodi wrote:
>>
>> What I observe is that postfix is receiving messages containing a forged
>> Delivered-To header that makes postfix think it is seeing a mail
>> forwarding loop. The local(8) daemon bounces the messages, but
>> those messages are spam and the from addresses are invalid, therefore
>> the bounces get stock in the delivery queue. This is not a problem in
>> itself, but I do not like to generate bounces for spam messages.
>
> If it's just a handful of messages, probably "do nothing" is the
> best solution.  It's also worth examining the spam to see if there
> is some common feature other the the Delivered-to header you can use
> to reject them.
> 
> If you are seeing a lot of these, there is no perfect solution, but
> there are some things you can do.  Do whatever seems to work best in
> your environment, or do nothing.
> 
> Separate incoming and outgoing - If you happen to have (or care to
> set up) multiple postfix instances to separate incoming and outgoing
> mail, it is somewhat safe to REJECT incoming internet mail
> containing a Delivered-to @yourdomain.  Don't do this on outgoing
> mail; your users won't be able to forward messages.
> 
> Plus-1 loop detection - Use header_checks something like
> /^X-Loop.*@example\.com$/  REJECT
> /^(Delivered-to: .*@example\.com)$/  REPLACE X-Loop-$1
> This will push the loop detection back one loop.  I can imagine
> cases where this will break horribly.
> 
> Nuclear option - Remove the Delivered-To header and hope real loops
> get detected by the presence of too many Received: headers before
> something melts.
> /^Delivered-To: .*@example.com/ IGNORE
> Some forwarding methods alter/remove Received: headers, so this is
> Not Recommended.  Use this as a temporary crutch if you're getting
> hammered with forged headers and can't tell which are legit and
> which aren't.
> 
> Run spamasssassin sooner - detect spam before local(8) gets the mail
> by using a smtpd_proxy_filter or milter to detect and reject spam
> before it enters your server.  amavisd-new and spamass-milter are
> popular and effective choices.  Note running spamassassin pre-queue
> may require more resources than running it during delivery since
> there's a time limit involved; your server must be able to finish
> scanning the mail before the remote server disconnects.

Hello Noel,

thank you for the detailed response. I think that the delayed loop
detection with header rewriting is the best suited solution in my setup.

Best,
Daniele

Re: Mail forwarding loop

[Daniele Nicolodi]

On 10/11/2012 17:52, Sahil Tandon wrote:
> On Sat, 2012-11-10 at 16:09:24 +0100, Daniele Nicolodi wrote:
>> ... 
>> What I observe is that postfix is receiving messages containing a
>> forged Delivered-To header that makes postfix think it is seeing a
>> mail forwarding loop. The local(8) daemon bounces the messages, but
>> those messages are spam and the from addresses are invalid, therefore
>> the bounces get stock in the delivery queue. This is not a problem in
>> itself, but I do not like to generate bounces for spam messages.
> 
> See the list archives for previous discussion of this issue.  For
> example:
> 
>  http://thread.gmane.org/gmane.mail.postfix.user/148887
> 
> Read the entire thread before trying to implement the suggestion
> "solutions".

Hello Sahil,

thank for your reply. I searched the list archives as previously
suggested, but I found only a thread where no solution was proposed,
somehow I missed this one.

Best,
Daniele

mail forwarding loop exploit

[Alexandre Ellert]

Hello,

I have a working setup with a dedicated MX inbound which deliver via transport 
to a postfix / dovecot backend server.
I found some mail, probably with forged "Delivered-To" header that make the 
backend bounce with "mail forwarding loop"

Here is the log of the backend  :

Feb 25 05:19:37 mut-mx-1 postfix/smtpd[9860]: connect from 
mail-in-1.numeezy.com[188.165.154.163]
Feb 25 05:19:38 mut-mx-1 postfix/smtpd[9860]: 0B34B4400A0: 
client=mail-in-1.numeezy.com[188.165.154.163]
Feb 25 05:19:38 mut-mx-1 postfix/cleanup[9864]: 0B34B4400A0: 
message-id=
Feb 25 05:19:38 mut-mx-1 postfix/qmgr[24187]: 0B34B4400A0: 
from=, size=52696, nrcpt=1 (queue active)
Feb 25 05:19:38 mut-mx-1 postfix/smtpd[9860]: disconnect from 
mail-in-1.numeezy.com[188.165.154.163]
Feb 25 05:19:39 mut-mx-1 postfix/smtpd[9894]: connect from localhost[127.0.0.1]
Feb 25 05:19:39 mut-mx-1 postfix/smtpd[9894]: 01DCB4400A2: 
client=localhost[127.0.0.1]
Feb 25 05:19:39 mut-mx-1 postfix/cleanup[9864]: 01DCB4400A2: 
message-id=
Feb 25 05:19:39 mut-mx-1 postfix/smtpd[9894]: disconnect from 
localhost[127.0.0.1]
Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 01DCB4400A2: 
from=, size=52912, nrcpt=1 (queue active)
Feb 25 05:19:39 mut-mx-1 amavis[8589]: (08589-03) Passed CLEAN 
{RelayedInbound}, [188.165.154.163]:54450 [182.56.200.64]  
-> , Queue-ID: 0B34B4400A0, Message-ID: 
, 
mail_id: l5DBpkJG4N6C, Hits: 2.87, size: 52695, pt: 9, queued_as: 01DCB4400A2, 
966 ms
Feb 25 05:19:39 mut-mx-1 postfix/smtp[9865]: 0B34B4400A0: 
to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, 
delays=0.17/0/0/0.97, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 01DCB4400A2)
Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 0B34B4400A0: removed
Feb 25 05:19:39 mut-mx-1 postfix/pipe[9895]: 01DCB4400A2: 
to=, relay=dovecot, delay=0.04, delays=0.02/0.01/0/0.02, 
dsn=5.4.6, status=bounced (mail forwarding loop for accu...@mydomain.com)
Feb 25 05:19:39 mut-mx-1 postfix/cleanup[9897]: 0E3E04400A0: 
message-id=<20140225041939.0e3e0440...@mail.numeezy.com>
Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 0E3E04400A0: from=<>, size=3486, 
nrcpt=1 (queue active)
Feb 25 05:19:39 mut-mx-1 postfix/bounce[9896]: 01DCB4400A2: sender non-delivery 
notification: 0E3E04400A0
Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 01DCB4400A2: removed
Feb 25 05:19:39 mut-mx-1 postfix/smtp[9898]: 0E3E04400A0: 
to=, relay=37.59.203.171[37.59.203.171]:8025, delay=0.15, 
delays=0.03/0.01/0.02/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 
19D241A73BE)
Feb 25 05:19:39 mut-mx-1 postfix/qmgr[24187]: 0E3E04400A0: removed

I found 5 similar mail in my logs. Each mail is sent from a different IP but 
each time the first part of sender email is the same as recipient 
(from= to   in my exemple).
I don't know if that matters, but I smell like Spam although Amavis says it's 
clean

I think I'm in the case discuss here :
http://forum.spamcop.net/forums/lofiversion/index.php/t10734.html

Do you think I can be a backscatter source ?
Your advices are greatly appreciated.

Thanks.

Alexandre

another "mail forwarding loop" question

[Christopher Adams]

Can someone clue me in as to what might be causing this? A person sent
a message to a mailing list named Xlist. There is nothing nonstandard
about Postfix, no Virtual Hosts. I need to know where the fault lies.
I call my server '[EMAIL PROTECTED]'. I have a general idea of what
a mail forwarding loop is, but I just need to be clear with the
customer about it. This is what the sender received back:

Diagnostic information for administrators:

Generating server: myserver.domain.com

[EMAIL PROTECTED]
#< #5.4.6 X-Postfix; mail forwarding loop for [EMAIL PROTECTED]> #SMTP#

Original message headers:

Received: from mailgwisb01.mail.la.gov (mailgwisb01.mail.la.gov
 [204.196.242.62])   by myserver.domain.com (Postfix) with ESMTP id
 CBCC5364037 for <[EMAIL PROTECTED]>; Wed, 13 Aug 2008 12:53:45
 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.32,203,1217826000";
   d="scan'208,217";a="7100986"
Received: from mailfe03.mail.la.gov ([10.4.10.64])
  by mailgwisb01.mail.la.gov with ESMTP; 13 Aug 2008 14:58:55 -0500
Received: from mailht01.MAIL.LA.GOV ([10.4.10.65]) by
MAILFE03.MAIL.LA.GOV with Microsoft SMTPSVC(6.0.3790.3959);
 Wed, 13 Aug 2008 14:58:55 -0500
Received: from mailht03.MAIL.LA.GOV (10.4.10.67) by mailht01.mail.la.gov
 (10.4.10.65) with Microsoft SMTP Server (TLS) id 8.1.291.1; Wed, 13 Aug 2008
 14:58:55 -0500
Received: from MAILMBX02.MAIL.LA.GOV ([10.4.10.105]) by mailht03.MAIL.LA.GOV
 ([10.4.10.67]) with mapi; Wed, 13 Aug 2008 14:58:54 -0500
From: John Smith 
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Date: Wed, 13 Aug 2008 14:58:38 -0500
Subject: FW: change in Listserv email address
Thread-Topic: change in Listserv email address
Thread-Index: Acj9VlgkrTPJ6IlMQy2oGiYT/1KrwgAACBcA
Message-ID: <[EMAIL PROTECTED]>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-originalarrivaltime: 13 Aug 2008 15:09:34.0657 (UTC)
FILETIME=[98704B10:01C8FD56]
x-ironport-av: E=Sophos;i="4.32,201,1217826000"; d="scan'208,217";a="6997685"
delivered-to: [EMAIL PROTECTED]
x-original-to: [EMAIL PROTECTED]
Content-Type: multipart/alternative;
boundary="_000_4EDB8E2A7232FA43B495A019D02B505A364C5CB304MAILMBX02MAIL_"
MIME-Version: 1.0



-- 
Christopher Adams
[EMAIL PROTECTED]

Re: OT: Mail forwarding services

[Reindl Harald]

Am 30.01.2013 13:13, schrieb Fernando Maior:
> In the area where my office is, internet providers cannot offer us links with 
> fixed ip, only dhcp. I wonder if
> someone in the list knows about a mail forwarder server that can receive 
> emails from my server and forwards them to
> the internet in our behalf.

your provider should have a "relayhost"

on the other hand: if you receive mails the MX can not
be on a dynamic IP, so why is on the mailserver which
is your MX not a smtpd?




signature.asc
Description: OpenPGP digital signature

Re: OT: Mail forwarding services

[Jerry]

On Wed, 30 Jan 2013 10:13:58 -0200
Fernando Maior articulated:

> In the area where my office is, internet providers cannot offer us
> links with fixed ip, only dhcp. I wonder if someone in the list knows
> about a mail forwarder server that can receive emails from my server
> and forwards them to the internet in our behalf.

Perhaps something like this is what you are looking for:

http://dyn.com/

-- 
Jerry ✌
postfix-u...@seibercom.net
_
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Re: OT: Mail forwarding services

[Stan Hoeppner]

On 1/30/2013 6:13 AM, Fernando Maior wrote:
> Hello All,
> 
> In the area where my office is, internet providers cannot offer us links
> with fixed ip, only dhcp. I wonder if someone in the list knows about a
> mail forwarder server that can receive emails from my server and forwards
> them to the internet in our behalf.

In this case simply configure a relayhost and outbound SASL auth, and
use the provider's submission server.  Basic configuration information
can be found here:
http://www.hardwarefreak.com/postfix-adsl-relay-config.txt

That covers outbound.  With a dynamic IP, how are you receiving mail to
your domain/server?  Are you using a dynamic DNS service?  If so, those
services usually offer mail relaying, albeit for an extra fee.

-- 
Stan

Re: OT: Mail forwarding services

[/dev/rob0]

On Wed, Jan 30, 2013 at 10:13:58AM -0200, Fernando Maior wrote:
> In the area where my office is, internet providers cannot offer us 
> links with fixed ip, only dhcp. I wonder if someone in the list 
> knows about a mail forwarder server that can receive emails from my 
> server and forwards them to the internet in our behalf.

Perhaps cheaper, and perhaps better than this: you could get a VPS 
and run your own mail service, both MX and outbound, from there. 
There are many different VPS providers, as well as different 
virtualization technologies they use.

http://en.wikipedia.org/wiki/Virtual_private_server

I wouldn't say a VPS is for everyone: you generally do need to be (or 
to have employed) a competent system administrator, not to mention a 
mail system administrator . But it's also an affordable way to gain
such experience.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: OT: Mail forwarding services

[mouss]

Le 30/01/2013 13:13, Fernando Maior a écrit :
> Hello All,
>
> In the area where my office is, internet providers cannot offer us links
> with fixed ip, only dhcp. I wonder if someone in the list knows about a
> mail forwarder server that can receive emails from my server and forwards
> them to the internet in our behalf.
>

well, it really depends on a way too many things! how much mail do you
send? are you ready to pay for or are you looking for a free service
(free also means no contractual guarantee)? ... etc.

for a "free" service, you can try google or other.
if you want "something else", many of us here (including $self) can
setup that for you. the richer you are, the more we will make you pay:)
If it's for  a charity org or the like, I'll do that for free (with the
usual things: no mass mail, no stupid sender).

Mail forwarding through a relay

[John Regan]

Hi,

I have a postfix-3.2.6 system that acts as a mail server and pop/imap using
dovecot for a small domain. The problem is that people are increasingly
using it as a relay to a personal account, such as Gmail and Yahoo.

This is resulting in the receiving system rejecting the message due to SPF
failing.

Sep 11 22:03:06 email postfix/smtp[1187]: 33AA3962A9648: to=<
u...@example.com>, orig_to=,
relay=mx0.digitalwest.net[72.29.183.105]:25,
delay=2.7, delays=0.05/0/1.5/1.1, dsn=5.0.0, status=bounced (host
mx0.digitalwest.net[72.29.183.105] said: 550-[SPF] 44.104.18.100 is not
allowed to send mail from mchat.booking.com. 550-Message blocked - Please
check settings. See 550
http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx
(in reply to RCPT TO command))

Is my only option here to do something like SRS or can this be fixed
another way?

mail forwarding, envelope sender and canonical_maps

[Petar Bogdanovic]

Hi,

until now I worked around the SPF / mail forwarding / envelope-from
problem with using expand_owner_alias and having two local aliases for
every virtual user who wants his mail delivered to another account:

virtual: [EMAIL PROTECTED]  john

aliases: john:  [EMAIL PROTECTED]
aliases: owner-john:postmaster

main.cf: expand_owner_alias = yes


A few days ago I've read on postfix-users that the same can be achieved
with using canonical_maps and canonical_classes. I tried this, set
the latter variable to envelope_sender and created a regexp canonical
map like this one:

!/^.*@(doe.com|bar.net)$/   [EMAIL PROTECTED]


The obvious problem with that setup is that postfix is not only going to
rewrite the envelope from before passing the mail to smtp -- it will
also do it when resubmitting the mail locally.

Afterwards I considered adding:

-o receive_override_options=no_address_mappings

to smtpd in master.cf but since I was no longer sure about what I was
doing so I gave it up.

Is it even possible to use canonical_maps in order to rewrite envelope
senders for smtp(8) only? Or are there even better ways to accomplish
the same?


Any help appreciated,

Petar

Re: another "mail forwarding loop" question

[Noel Jones]

Christopher Adams wrote:

Can someone clue me in as to what might be causing this? A person sent
a message to a mailing list named Xlist. There is nothing nonstandard
about Postfix, no Virtual Hosts. I need to know where the fault lies.
I call my server '[EMAIL PROTECTED]'. I have a general idea of what
a mail forwarding loop is, but I just need to be clear with the
customer about it. This is what the sender received back:

Diagnostic information for administrators:

Generating server: myserver.domain.com

[EMAIL PROTECTED]
#< #5.4.6 X-Postfix; mail forwarding loop for [EMAIL PROTECTED]> #SMTP#



It's more informative to see what postfix logs.


Original message headers:
...
delivered-to: [EMAIL PROTECTED]


If that delivered-to: header was in the mail that postfix 
received, postfix will treat it as a loop and bounce it.
That header should only be added by a final delivery agent, 
and should never be in mail arriving from the network.


My wild guess is that some broken software is adding that 
header, postfix uses caps. Delivered-To:


It's possible to use a header_checks rule with the IGNORE 
action to remove the offending header, but that's not recommended.


--
Noel Jones

Incorrect mail forwarding with virtual_alias_maps & LDAP

[j...@scusting.com]

Hi,

I have inherited a postfix MDA that I'm just trying to understand and we 
currently have a problem with the forwarding of emails using LDAP lookups.


Currently an email is forwarded if it matches the below map:

virtual_alias_maps = ldap:ldapforward
ldapforward_query_filter = 
(&(|(mail=%s)(mailalternateaddress=%s))(mailforwardingaddress=*))

ldapforward_result_attribute = mailforwardingaddress

Now if we have the following 2 LDAP users:

mail=...@somedomain.com

mail=f...@somedomain.com
mailalternateaddress=catch...@somedomain.com
mailforwardingaddress=f...@elsewhere.com

The initial lookup doesnt match against bob as he has no mailforward, 
but then the postfix catchall lookup matches against the 2nd address and 
forwards the email that should of gone to bob.


Whats the solution for this setup?  How do I stop LDAP filters matching 
the catchall mailbox when a more specific one exists without a mailforward?


We will need to do similar things to this later with AV & anti-spam 
where we will need to match against bob and only match against catchall 
when there is no bob email account etc. I have been searching but havent 
found solutions to this problem, I'm guessing we are doing it wrong if 
others dont have this issue.


Thanks in advance.

Jim.

Mail forwarding based on from address

[Islam, Towhid]

Perhaps this question has been asked before, if so, my apology.  Is it possible 
for postfix to forward mail based on a from address, as in received from a 
certain address or domain?  Thanks.

T Islam
Detroit Media Partnership

mail forwarding loop for sample.em...@firstdomain.com

[admin2]

Hi there,

I am getting error messages for mail sent to 
sample.em...@firstdomain.com but in the /etc/postfix/aliases file I have 
an entry for sample.email to send to sample.em...@anotherdomain.com . 
why am I getting a forwarding loop.


Status: 5.4.6
Diagnostic-Code: X-Postfix; mail forwarding loop for 
sample.em...@firstdomain.com




r...@firstdomain.com:/etc/postfix# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
174.143.253.66 firstdomain.com

# cat /etc/mailname
firstdomain.com


Please help.

Cheers,

Noah

"Received:" headers and mail forwarding loops

[Stefan Förster]

When I submit a mail to my Postfix server (using SASL auth over a TLS
connection), Postfix adds the following received header:

 Received: from aletheia.cite.lan (33.33.33.333.dynamic.cablesurf.de
[33.33.33.333]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested) by mail.incertum.net (Postfix) with
ESMTPSA for ; Fri, 31 Jul 2009 23:42:33 +0200 (CEST)

This is working as expected. If I create a new mail and forcibly
insert the above header before I submit it, I get a NDR saying that
there is a mail forwarding loop for c...@example.net - which is
exactly what I expected, but I'm not 100% sure how this mechanism
works. So my question is:

Does Postfix compare both the sending host _and_ the recipient address
in "Received:" headers? If not, with regard to "Received:" headers,
which (if any) information is compared to detect a mail forwarding
loop?


Cheers
Stefan

Tracking down a mail forwarding loop

[LuKreme]

I have a local user who is generating occasional mail forwarding loop errors, 
which are causing forged emails to cause NDNs and fill up mailq.

Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, 
relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail 
forwarding loop for *bob*@covisp.net)

The only place that “*bob*” is mentioned in virtual is in line like this:

bill...@covisp.net  bob,fred,george

Where bob, fred, and george are all local users.

bob doesn’t have a .forward, and I looked at his .procmailrc and it’s not 
forwarding mail anywhere.

Where else do I look?

postmap -q b...@covisp.net /etc/postfix/virtual doesn’t return any results.

-- 
Behind every great man there's a woman with a vibrator -- Hawkeye Pierce

Re: Mail forwarding through a relay

[Dominic Raferd]

On Thu, 12 Sep 2019 at 05:14, John Regan  wrote:

> Hi,
>
> I have a postfix-3.2.6 system that acts as a mail server and pop/imap
> using dovecot for a small domain. The problem is that people are
> increasingly using it as a relay to a personal account, such as Gmail and
> Yahoo.
>
> This is resulting in the receiving system rejecting the message due to SPF
> failing.
>
> Sep 11 22:03:06 email postfix/smtp[1187]: 33AA3962A9648: to=<
> u...@example.com>, orig_to=, relay=
> mx0.digitalwest.net[72.29.183.105]:25, delay=2.7, delays=0.05/0/1.5/1.1,
> dsn=5.0.0, status=bounced (host mx0.digitalwest.net[72.29.183.105] said:
> 550-[SPF] 44.104.18.100 is not allowed to send mail from mchat.booking.com.
> 550-Message blocked - Please check settings. See 550
> http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx
> (in reply to RCPT TO command))
>
> Is my only option here to do something like SRS or can this be fixed
> another way?
>

I'm puzzled - you mention gmail and yahoo but the example you give is for
digitalwest. They appear to be blocking based purely on SPF (their
information link does not seem to work) - gmail does not do this and I
doubt yahoo do it either. The situation which will cause problems when
relaying to gmail or to yahoo is blocking based on DMARC where the sender
domain has set a p=reject policy but doesn't add a DKIM signature header.
Another problem you may face is that if you are relaying too much spam into
gmail your server might be blacklisted.

Re: Mail forwarding through a relay

[Chris Wedgwood]

> I have a postfix-3.2.6 system that acts as a mail server and
> pop/imap using dovecot for a small domain. The problem is that
> people are increasingly using it as a relay to a personal account,
> such as Gmail and Yahoo.

perhaps i misunderstand

they are sending email from gmail/yahoo addresses from your MTA?  if
so those will get blocked in many cases and marked as spam in many
others


for example with gmail:

  _dmarc.gmail.com.   596 IN  TXT "v=DMARC1; p=none; 
sp=quarantine; rua=mailto:mailauth-repo...@google.com";

  gmail.com.  205 IN  TXT "v=spf1 
redirect=_spf.google.com"

  _spf.google.com.176 IN  TXT "v=spf1 
include:_netblocks.google.com include:_netblocks2.google.com 
include:_netblocks3.google.com ~all"

...

you MTA is not going to be included in any of those records, so you're
MTA isn't a valid origin for @gmail.com

and you're not going to be able to sign messages with a valid (dkim)
signature either


this is how spf/dmarc works

there is in some sense nothing to fix, if you want to send as
some@gmail.com you have to do it through a gmail smtp relay (which
they provide)

Re: Mail forwarding through a relay

[Dominic Raferd]

On Thu, 12 Sep 2019 at 10:24, Chris Wedgwood  wrote:
>
> > I have a postfix-3.2.6 system that acts as a mail server and
> > pop/imap using dovecot for a small domain. The problem is that
> > people are increasingly using it as a relay to a personal account,
> > such as Gmail and Yahoo.
>
> perhaps i misunderstand
>
> they are sending email from gmail/yahoo addresses from your MTA?  if
> so those will get blocked in many cases and marked as spam in many
> others
>
>
> for example with gmail:
>
>   _dmarc.gmail.com.   596 IN  TXT "v=DMARC1; p=none; 
> sp=quarantine; rua=mailto:mailauth-repo...@google.com";
>
>   gmail.com.  205 IN  TXT "v=spf1 
> redirect=_spf.google.com"
>
>   _spf.google.com.176 IN  TXT "v=spf1 
> include:_netblocks.google.com include:_netblocks2.google.com 
> include:_netblocks3.google.com ~all"
>
> ...
>
> you MTA is not going to be included in any of those records, so you're
> MTA isn't a valid origin for @gmail.com and you're not going to be able to 
> sign messages with a valid (dkim)
> signature either. this is how spf/dmarc works


but note in the DMARC record that you quote: ' p=none': Gmail is
telling other servers *not* to block (or quarantine) emails from
@gmail.com that do not obey SPF or DKIM rules. Yahoo by contrast:

# dig +short _dmarc.yahoo.com TXT
"v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_...@yahoo.com;";

Re: Mail forwarding through a relay

[Matus UHLAR - fantomas]

On 11.09.19 22:12, John Regan wrote:

I have a postfix-3.2.6 system that acts as a mail server and pop/imap using
dovecot for a small domain. The problem is that people are increasingly
using it as a relay to a personal account, such as Gmail and Yahoo.


do you mean, they use gmail and yahoo From: addresses, while sending through
your server? Or fdo they simply forward their incoming mail to their
gmail/yahoo addresses?


This is resulting in the receiving system rejecting the message due to SPF
failing.

Sep 11 22:03:06 email postfix/smtp[1187]: 33AA3962A9648: to=<
u...@example.com>, orig_to=,
relay=mx0.digitalwest.net[72.29.183.105]:25,
delay=2.7, delays=0.05/0/1.5/1.1, dsn=5.0.0, status=bounced (host
mx0.digitalwest.net[72.29.183.105] said: 550-[SPF] 44.104.18.100 is not
allowed to send mail from mchat.booking.com. 550-Message blocked - Please
check settings. See 550
http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx
(in reply to RCPT TO command))

Is my only option here to do something like SRS or can this be fixed
another way?


use SRS when forwarding mail. look for postsrsd or postforward 
--

Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?

Re: Mail forwarding through a relay

[Christos Chatzaras]

> 
> use SRS when forwarding mail. look for postsrsd or postforward -- 
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Despite the cost of living, have you noticed how popular it remains?

Using SRS will cause reputation issues (if spam pass) as the e-mail is 
forwarded with his domain, right?

Re: Mail forwarding through a relay

[Matus UHLAR - fantomas]

use SRS when forwarding mail. look for postsrsd or postforward --
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?


On 12.09.19 11:14, Christos Chatzaras wrote:

Using SRS will cause reputation issues (if spam pass) as the e-mail is
forwarded with his domain, right?


he can disable forwarding to avoid any issues...

or install spam filter that won't allow spam being forwarded.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...

Re: Mail forwarding through a relay

[Chris Wedgwood]

> but note in the DMARC record that you quote: ' p=none': Gmail is
> telling other servers *not* to block (or quarantine) emails from
> @gmail.com that do not obey SPF or DKIM rules. Yahoo by contrast:
>
> # dig +short _dmarc.yahoo.com TXT
> "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_...@yahoo.com;";

IME some sites will still block or quarantine.

Re: Mail forwarding through a relay

[John Regan]

Hi,

On Thu, Sep 12, 2019 at 3:14 AM Chris Wedgwood  wrote:

> > I have a postfix-3.2.6 system that acts as a mail server and
> > pop/imap using dovecot for a small domain. The problem is that
> > people are increasingly using it as a relay to a personal account,
> > such as Gmail and Yahoo.
>
> perhaps i misunderstand
>
> they are sending email from gmail/yahoo addresses from your MTA?  if
> so those will get blocked in many cases and marked as spam in many
> others
>

No, the issue is with people sending them email to their address on our
system which is then forwarded on to some remote system - a digitalwest
system in my example, but I'm also concerned with other systems, including
gmail and yahoo, of course.

Do mail providers like digitalwest typically allow forwarding from their
accounts through to other providers? With no easy solution, what do most
providers do?

Is SRS in practical use? Is the general recommendation that it should be
implemented in situations like this, or is disabling forwarding more
common? Is the policy of most systems to reject on SPF fail?

Thanks so much for everyone's help.

Question on Mail Forwarding with Virtual Hosts.

[Daniel V. Reinhardt]

All,

I
just set up virtual maps and virtual hosting using postfix, and would
like to know how I can forward email from a non-unix account to someone
who has a unix account. For example,  cryptodan is a user on the unix
machine and has a shell and login credentials.  However, I would like
to create [EMAIL PROTECTED] to be foardwared to cryptodan
the local unix account.  How would I go about doing this?

Thanks,
Daniel Reinhardt.


  

Re: Incorrect mail forwarding with virtual_alias_maps & LDAP

[Wietse Venema]

j...@scusting.com:
> Hi,
> 
> I have inherited a postfix MDA that I'm just trying to understand and we 
> currently have a problem with the forwarding of emails using LDAP lookups.
> 
> Currently an email is forwarded if it matches the below map:
> 
> virtual_alias_maps = ldap:ldapforward
> ldapforward_query_filter = 
> (&(|(mail=%s)(mailalternateaddress=%s))(mailforwardingaddress=*))
> ldapforward_result_attribute = mailforwardingaddress
> 
> Now if we have the following 2 LDAP users:
> 
> mail=...@somedomain.com
> 
> mail=f...@somedomain.com
> mailalternateaddress=catch...@somedomain.com
> mailforwardingaddress=f...@elsewhere.com
> 
> The initial lookup doesnt match against bob as he has no mailforward, 
> but then the postfix catchall lookup matches against the 2nd address and 
> forwards the email that should of gone to bob.
> 
> Whats the solution for this setup?  How do I stop LDAP filters matching 
> the catchall mailbox when a more specific one exists without a mailforward?

This requires a one-to-one virtual alias mapping:

b...@example.com-> b...@example.com

By design, virtual aliasing stops when a right-hand side address
matches the left-hand side (of course it also stops when a right-hand
side address fails to match the virtual alias table).

Wietse

Mail forwarding possible when mailbox_size_limit is reached?

[Axel Freyn]

Hi,


We are using both mail forwarding (with an alias_database and
$HOME/.forward - files), and a mailbox_size_limit for the user
mailboxes. The local delivery is done by postfix/local.

The problem now is: If the mailbox is full, also the forwarding does not work
anymore -- postfix/local generates a SOFTBOUNCE before trying to forward the
mail:

postfix/smtpd[12341]: A9B8515C6F8: client=localhost.localdomain[127.0.0.1]
postfix/cleanup[12335]: A9B8515C6F8: 
message-id=<20101022181430.e253115c...@...de>
postfix/qmgr[5039]: A9B8515C6F8: from=, size=855, nrcpt=1 (queue 
active)
postfix/local[12342]: A9B8515C6F8: to=, relay=local, delay=1, 
delays=0/0.01/0/1, dsn=4.2.0, status=SOFTBOUNCE (can't create user output file. 
Command output: procmail: Error while writing to "/var/mail/abf" )


When there is space left in the mailbox, the mail is locally delivered and then
also forwarded correctly:

postfix/qmgr[5039]: A9B8515C6F8: from=, size=855, nrcpt=1 (queue 
active)
postfix/local[12401]: A9B8515C6F8: to=, relay=local, delay=425, 
delays=425/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to command: 
/usr/bin/procmail -a "$EXTENSION")
postfix/local[12401]: A9B8515C6F8: to=, relay=local, delay=425, 
delays=425/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as B4E2015C0FA)
postfix/qmgr[5039]: A9B8515C6F8: removed


Is there an (easy) way how I could convince postfix to forward mails
also if local delivery is impossible due to mailbox_size_limit? E.g.
exchanging the order (first forwarding, then delivery in the local
mailbox (and this local delivery maybe followed by the SOFTBOUNCE))
would be perfect for me. (Then it would be possible to distribute
automatic warn messages to users whose mailbox is full).

The configuration:

service "local" is defined in master.cf as:
local unix  -   n   n   -   -   local

The relevant parts of "postconf -n" (except myhostname, the
command-direcotries,..):

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
content_filter = smtp:[127.0.0.1]:10024
default_transport = uucp
inet_interfaces = localhost
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 10240
message_size_limit = 3024
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
recipient_delimiter = +
relayhost = shuttle
sender_canonical_maps = hash:/etc/postfix/sender_canonical
soft_bounce = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550



Axel

Re: Mail forwarding based on from address

[Sahil Tandon]

On Sun, 22 Feb 2009, Islam, Towhid wrote:

> Perhaps this question has been asked before, if so, my apology.  Is it
> possible for postfix to forward mail based on a from address, as in
> received from a certain address or domain?  Thanks.

http://www.postfix.org/postconf.5.html#check_sender_access
http://www.postfix.org/access.5.html (look specifically for the "REDIRECT"
action).

-- 
Sahil Tandon 

Re: Mail forwarding based on from address

[Wietse Venema]

Sahil Tandon:
> On Sun, 22 Feb 2009, Islam, Towhid wrote:
> 
> > Perhaps this question has been asked before, if so, my apology.  Is it
> > possible for postfix to forward mail based on a from address, as in
> > received from a certain address or domain?  Thanks.
> 
> http://www.postfix.org/postconf.5.html#check_sender_access
> http://www.postfix.org/access.5.html (look specifically for the "REDIRECT"
> action).

See also:
http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps

Wietse

Re: mail forwarding loop for sample.em...@firstdomain.com

[Wietse Venema]

admin2:
> Hi there,
> 
> I am getting error messages for mail sent to 
> sample.em...@firstdomain.com but in the /etc/postfix/aliases file I have 
> an entry for sample.email to send to sample.em...@anotherdomain.com . 
> why am I getting a forwarding loop.
> 
> Status: 5.4.6
> Diagnostic-Code: X-Postfix; mail forwarding loop for 
> sample.em...@firstdomain.com
> 
> 
> 
> r...@firstdomain.com:/etc/postfix# cat /etc/hosts
> 127.0.0.1 localhost localhost.localdomain
> 174.143.253.66 firstdomain.com
> 
> # cat /etc/mailname
> firstdomain.com
> 
> 
> Please help.

Please read the mailing list welcome message, repeated below.

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.

mail forwarding is not working at all

[J. Bakshi]

Dear all,

I hope you all are very well.

I have come with a strange problem with my email server which is running
almost 2 years now.  actually I have never tried the mail forwarding
with the system but it has the option. Today I need to add the mail
forwarding feature and found that the forwarding is not working. This is
a suse 10.2 server with postfix-2.5.1-28.5.

I have alredy gone through the mail; mail.info; mail.err and mail.warn
log but no error reports related to this issue.

More details
-

here is the config from my main.cf for forwarding

``
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps =
mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
virtual_uid_maps = static:5000
``

The  mysql-virtual-alias-maps.cf and the mysql-email2email.cf has the
mysql query with the correct  database, userid/password to communicate
the mysql. More over if I check like

``
postmap -q   mysql:/etc/postfix/mysql-virtual-alias-maps.cf

then it replies back the righ alias already set for that email id.

but still the mails received by the  and not its alias email
address.

Is there anything required to enable the forwarding ?

Here is the postconf -n

`
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix/html
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 2048
mydestination = $myhostname, localhost.$mydomain
mydomain = 
myhostname =  
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
receive_override_options = no_address_mappings
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_use_tls = yes
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem
smtpd_use_tls = yes
strict_8bitmime = no
strict_rfc821_envelopes = no
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps =
mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
`

with regards

Re: "Received:" headers and mail forwarding loops

[Wietse Venema]

Stefan F?rster:
> When I submit a mail to my Postfix server (using SASL auth over a TLS
> connection), Postfix adds the following received header:
> 
>  Received: from aletheia.cite.lan (33.33.33.333.dynamic.cablesurf.de
> [33.33.33.333]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 
> bits))
> (No client certificate requested) by mail.incertum.net (Postfix) with
> ESMTPSA for ; Fri, 31 Jul 2009 23:42:33 +0200 (CEST)
> 
> This is working as expected. If I create a new mail and forcibly
> insert the above header before I submit it, I get a NDR saying that
> there is a mail forwarding loop for c...@example.net - which is

As documented, Postfix uses Delivered-To: headers for loop detection.

Local delivery agent:
=
prepend_delivered_header (default: command, file, forward)
   The message delivery contexts where the Postfix local(8) delivery agent
   prepends a Delivered-To:  message header with the address that the mail
   was delivered to. This information  is  used  for  mail  delivery  loop
   detection.

   By  default,  the Postfix local delivery agent prepends a Delivered-To:
   header when forwarding mail and when delivering to file  (mailbox)  and
   command.  Turning  off the Delivered-To: header when forwarding mail is
   not recommended.

   Specify zero or more of forward, file, or command.

   Example:

   prepend_delivered_header = forward

Pipe delivery agent:

   flags=BDFORXhqu.> (optional)
  Optional message processing flags.  By  default,  a  message  is
  copied unchanged.

  ...

  D  Prepend  a  "Delivered-To: recipient" message header with
 the envelope recipient address. Note: for this  to  work,
 the  transport_destination_recipient_limit must be 1 (see
 SINGLE-RECIPIENT DELIVERY above for details).

 The D flag also enforces loop detection (Postfix 2.5  and
 later):  if  a  message  already contains a Delivered-To:
 header with the same recipient address, then the  message
 is  returned  as undeliverable. The address comparison is
 case insensitive.

Wietse

> exactly what I expected, but I'm not 100% sure how this mechanism
> works. So my question is:
> 
> Does Postfix compare both the sending host _and_ the recipient address
> in "Received:" headers? If not, with regard to "Received:" headers,
> which (if any) information is compared to detect a mail forwarding
> loop?
> 
> 
> Cheers
> Stefan
> 
> 

Re: "Received:" headers and mail forwarding loops

[Stefan Förster]

* Wietse Venema  wrote:
> Stefan Förster:
> > This is working as expected. If I create a new mail and forcibly
> > insert the above header before I submit it, I get a NDR saying that
> > there is a mail forwarding loop for c...@example.net - which is
> 
> As documented, Postfix uses Delivered-To: headers for loop detection.

I am very sorry - I had indeed pasted too many lines into my test
email.


Cheers
Stefan

"mail forwarding loop" from certain spam only

[Will Yardley]

[Apologies in advance for the less than complete information below;
hoping someone may have an idea of what's happening anyway]

I'm having a problem where messages are accepted but then seem to
generate a mail forwarding loop. It seems to happen a lot with mail from
a particular spammer.

The To: header in the raw email as viewed in postcat looks like this:
To: f...@example.edu 

(where f...@example.edu is a valid address which works in other cases;
the unbracketed address isn't quoted, though in my tests, Postfix seems
to fix this by quoting the bare address, so I'm not sure why that's not
the case in the queue file).

Postfix accepts the mail initially, but then the mail gets rejected
(and, since the sender domain resolves to a host which has no mail
server listening, the DSN sits in our queues for days).

Nov 27 05:05:47 hostname postfix/smtpd[32160]: 0C18B32807B: 
client=ajaxkottely.info[93.115.135.15]
Nov 27 05:05:47 hostname postfix/cleanup[32525]: 0C18B32807B: 
message-id=<673371cd-8f1f-0dc8-cd7d-a4571d4c1...@ajaxkottely.info>
Nov 27 05:05:47 hostname postfix/qmgr[7633]: 0C18B32807B: 
from=, size=8323, nrcpt=1 (queue active)
Nov 27 05:05:47 hostname postfix/lmtp[31222]: DD086328056: 
to=, relay=127.0.0.1[127.0.0.1]:33325, conn_use=2, delay=9.4, 
delays=1.8/0/0/7.6, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA([127.0.0.1]:33326): 250 2.0.0 Ok: queued as 0C18B32807B)
Nov 27 05:05:47 hostname postfix/local[32177]: 0C18B32807B: 
to=, relay=local, delay=0.04, delays=0.02/0.02/0/0.01, 
dsn=5.4.6, status=bounced (mail forwarding loop for f...@example.edu)

Unfortunately, I can't post full postconf -n output here (see snippets
below), but suffice it to say that I'm confident that mail to
f...@example.edu works under most conditions. Is there anything I can do
to figure out the cause of this?

Users are defined in LDAP, and in this case, example.edu is *not* a
virtual domain. localhost:33326 is the return from amavis.

mail_version = 2.3.3
alias_maps = proxy:ldap:acct_alias_ldap,
 proxy:ldap:other_alias_ldap,
 hash:/etc/postfix/config/aliases
virtual_alias_maps = hash:/etc/postfix/config/virtusertable

I will try adding the sending host in question to $debug_peer_list to
see if I get any more information. I am happy to provide other debugging
information within reason if it's possible.

w

Re: Tracking down a mail forwarding loop

[Wietse Venema]

LuKreme:
> I have a local user who is generating occasional mail forwarding loop errors, 
> which are causing forged emails to cause NDNs and fill up mailq.
> 
> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: 
> to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, 
> dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
> 
> The only place that ?*bob*? is mentioned in virtual is in line like this:
> 
> bill...@covisp.net  bob,fred,george
> 
> Where bob, fred, and george are all local users.
> 
> bob doesn?t have a .forward, and I looked at his .procmailrc and it?s not 
> forwarding mail anywhere.
> 
> Where else do I look?

Other opportunities for forwarding, such as "postconf mailbox_command"?

Wietse

Re: Tracking down a mail forwarding loop

[LuKreme]

On 04 Feb 2015, at 07:38 , Wietse Venema  wrote:
> 
> LuKreme:
>> I have a local user who is generating occasional mail forwarding loop 
>> errors, which are causing forged emails to cause NDNs and fill up mailq.
>> 
>> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: 
>> to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, 
>> dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
>> 
>> The only place that ?*bob*? is mentioned in virtual is in line like this:
>> 
>> bill...@covisp.net  bob,fred,george
>> 
>> Where bob, fred, and george are all local users.
>> 
>> bob doesn?t have a .forward, and I looked at his .procmailrc and it?s not 
>> forwarding mail anywhere.
>> 
>> Where else do I look?
> 
> Other opportunities for forwarding, such as "postconf mailbox_command”?

Yeah, that’s why I checked procmailrc.

I do see that the modification date on the procmailrc is quite recent. Maybe he 
munged something and got it fixed. I’ll keep watching.


-- 
Growing up leads to growing old, and then to dying/And dying to me don't
sound like all that much fun.

Re: Tracking down a mail forwarding loop

[Miles Fidelman]

LuKreme wrote:

I have a local user who is generating occasional mail forwarding loop errors, 
which are causing forged emails to cause NDNs and fill up mailq.

Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: to=<*bob*@covisp.net>, 
relay=local, delay=0.65, delays=0.59/0/0/0.06, dsn=5.4.6, status=bounced (mail 
forwarding loop for *bob*@covisp.net)

The only place that “*bob*” is mentioned in virtual is in line like this:

bill...@covisp.net  bob,fred,george

Where bob, fred, and george are all local users.

bob doesn’t have a .forward, and I looked at his .procmailrc and it’s not 
forwarding mail anywhere.

Where else do I look?

postmap -q b...@covisp.net /etc/postfix/virtual doesn’t return any results.



I'd start with the headers in a message that's looped - that might help 
track things down.


Miles Fidelman

Re: Tracking down a mail forwarding loop

[Wietse Venema]

LuKreme:
> 
> > On Feb 4, 2015, at 9:20 AM, Miles Fidelman  
> > wrote:
> > 
> > LuKreme wrote:
> >> I have a local user who is generating occasional mail forwarding loop 
> >> errors, which are causing forged emails to cause NDNs and fill up mailq.
> >> 
> >> Jan 30 13:46:08 mail postfix/local[44147]: 7020950D4D4: 
> >> to=<*bob*@covisp.net>, relay=local, delay=0.65, delays=0.59/0/0/0.06, 
> >> dsn=5.4.6, status=bounced (mail forwarding loop for *bob*@covisp.net)
>...
> Delivered-To: b...@covisp.net

Have you considered the possibility that the mail was sent with a
bogus Delivered-To: header (i.e. the header is present, but not
added by Postfix).

Wietse

Re: Tracking down a mail forwarding loop

[LuKreme]

On 05 Feb 2015, at 05:07 , Wietse Venema  wrote:
> Have you considered the possibility that the mail was sent with a
> bogus Delivered-To: header (i.e. the header is present, but not
> added by Postfix).

Yes, but I’m unsure how to diagnose that.

Here is a full dump of one of these files (with only the user name munged)



-- 
"Thank you for sending me a copy of your book; I'll waste no time
reading it." - Moses Hadas

Re: Tracking down a mail forwarding loop

[Wietse Venema]

LuKreme:
> On 05 Feb 2015, at 05:07 , Wietse Venema  wrote:
> > Have you considered the possibility that the mail was sent with a
> > bogus Delivered-To: header (i.e. the header is present, but not
> > added by Postfix).
> 
> Yes, but I'm unsure how to diagnose that.

header_checks:
/^Delivered-To: bob@covisp\.net$/ hold

> Here is a full dump of one of these files (with only the user name munged)
> 
> 

We already know that the message loops because the Delivered-To: header
is present.

Here are the first few headers of the message before delivery:

Return-Path: 
Received: from approvednowauto.com (unknown [170.130.246.204])
by mail.covisp.net (Postfix) with ESMTP id D3F1A212C03
for ; Thu,  5 Feb 2015 14:58:19 -0700 (MST)
Delivered-To: b...@covisp.net

I suggest that you have a look at the other ones. If none of the
other Received: headers belongs to your systems, then they added
"Delivered-To: b...@covisp.net" before sending the message to your
systems.

Wietse

Re: Tracking down a mail forwarding loop

[Miles Fidelman]

wie...@porcupine.org (Wietse Venema) wrote:

LuKreme:

On 05 Feb 2015, at 05:07 , Wietse Venema  wrote:

Have you considered the possibility that the mail was sent with a
bogus Delivered-To: header (i.e. the header is present, but not
added by Postfix).

Yes, but I'm unsure how to diagnose that.

header_checks:
/^Delivered-To: bob@covisp\.net$/ hold


Here is a full dump of one of these files (with only the user name munged)



We already know that the message loops because the Delivered-To: header
is present.

Here are the first few headers of the message before delivery:

Return-Path: 
Received: from approvednowauto.com (unknown [170.130.246.204])
 by mail.covisp.net (Postfix) with ESMTP id D3F1A212C03
 for ; Thu,  5 Feb 2015 14:58:19 -0700 (MST)
Delivered-To: b...@covisp.net

I suggest that you have a look at the other ones. If none of the
other Received: headers belongs to your systems, then they added
"Delivered-To: b...@covisp.net" before sending the message to your
systems.

Wietse


I also noticed a List_Unsubscribe header buried in there - might want to 
look at whatever is doing list expansion.


Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra

Re: Tracking down a mail forwarding loop

[LuKreme]

> On 05 Feb 2015, at 15:53 , Wietse Venema  wrote:
> 
> LuKreme:
>> On 05 Feb 2015, at 05:07 , Wietse Venema  wrote:
>>> Have you considered the possibility that the mail was sent with a
>>> bogus Delivered-To: header (i.e. the header is present, but not
>>> added by Postfix).
>> 
>> Yes, but I'm unsure how to diagnose that.
> 
> header_checks:
> /^Delivered-To: bob@covisp\.net$/ hold

That would hold ALL the mail for bob, right? it is only the occasional email 
that causes this loop error.

is there a difference in virtual between:

bill...@covisp.net   bob,lewis,john

and

bill...@covisp.net   b...@covisp.net,lewiscovisp.net,johncovisp.net

??


-- 
"Sir, you will either die on the gallows or of some unspeakable
disease." "That depends, Sir," said Disraeli, "whether I embrace your
policies or your mistress."

Re: Tracking down a mail forwarding loop

[LuKreme]

Only other thing I can think of is that this is somehow related to always_bcc?


-- 
A dyslexic walks into a bra...

Re: Tracking down a mail forwarding loop

[Wietse Venema]

LuKreme:
> 
> > On 05 Feb 2015, at 15:53 , Wietse Venema  wrote:
> > 
> > LuKreme:
> >> On 05 Feb 2015, at 05:07 , Wietse Venema  wrote:
> >>> Have you considered the possibility that the mail was sent with a
> >>> bogus Delivered-To: header (i.e. the header is present, but not
> >>> added by Postfix).
> >> 
> >> Yes, but I'm unsure how to diagnose that.
> > 
> > header_checks:
> > /^Delivered-To: bob@covisp\.net$/ hold
> 
> That would hold ALL the mail for bob, right? it is only the
> occasional email that causes this loop error.

NORMALLY, that header is present AFTER mail is delivered to b...@covisp.net.

If it is present BEFORE mail is delivered to b...@covisp.net, then you have
a loop (or the sender has added this header to trigger an error).

Wietse

Re: Tracking down a mail forwarding loop

[LuKreme]

On 06 Feb 2015, at 15:05 , Wietse Venema  wrote:
> NORMALLY, that header is present AFTER mail is delivered to b...@covisp.net.
> 
> If it is present BEFORE mail is delivered to b...@covisp.net, then you have
> a loop (or the sender has added this header to trigger an error).

Ah, right. I’ve added it and am eagerly awaiting another of these emails.

-- 
C code. C code run. Run, code, run.

Re: Tracking down a mail forwarding loop

[LuKreme]

On Feb 6, 2015, at 3:43 PM, LuKreme  wrote:
> On 06 Feb 2015, at 15:05 , Wietse Venema  wrote:
>> NORMALLY, that header is present AFTER mail is delivered to b...@covisp.net.
>> 
>> If it is present BEFORE mail is delivered to b...@covisp.net, then you have
>> a loop (or the sender has added this header to trigger an error).
> 
> Ah, right. I’ve added it and am eagerly awaiting another of these emails.

As the old saying goes:

A watched pot never delivers a mail loop causing message.

-- 
'We get that in here some nights, when someone's had a few. Cosmic
speculation about whether the gods exist. Next thing, there's a bolt of
lightning through the door with a note wrapped round it saying, "Yes, we
do" and a pair of sandals with smoke coming out.' (Small Gods)

Re: Tracking down a mail forwarding loop

[Wietse Venema]

LuKreme:
> Received: from thenewestsecret.net (unknown [170.130.246.215])
> by mail.covisp.net (Postfix) with ESMTP id 00E42212DC0
> for <*bob*@covisp.net>; Tue, 10 Feb 2015 08:53:22 -0700 (MST)
> Delivered-To: *bob*@covisp.net
> Received: by 170.130.246.215 with SMTP id 
> 998S7h4.33K03w6s2R18O2.22351x4s23d1n26;
> Tue, 10 Feb 2015 08:51:05 -0700 (PST)
> X-Received: by 170.130.246.215 with SMTP id 134G6f10K6Z34b712c43li;
> Tue, 10 Feb 2015 08:51:05 -0700 (PST)
> Received: from thenewestsecret.net (thenewestsecret.net. )
> by mx.google.com with ESMTP id 
> 59333u4l19.1C4P11z.147.0.5.1.2.5.5.5.1.0.7.0.4
> for <*bob*@covisp.net>;
> Tue, 10 Feb 2015 08:51:05 -0700 (PST)
> Mime-Version: 1.0
> Date: 
> Message-Id: <235.946781y2r0b6qn6-c...@thenewestsecret.net>
> To: *bob*@covisp.net

This message contains a Delivered-To: *bob*@covisp.net header.
Apparently, the sender added this to trigger a delivery error.
Apparently, the sender, c...@thenewestsecret.net, wants to receive
a bounce message. That message would confirm that *bob*@covisp.net
is a valid email address.

Wietse

Re: Tracking down a mail forwarding loop

[LuKreme]

> On Feb 11, 2015, at 6:20 PM, Wietse Venema  wrote:
> 
> LuKreme:
>> Received: from thenewestsecret.net (unknown [170.130.246.215])
>>by mail.covisp.net (Postfix) with ESMTP id 00E42212DC0
>>for <*bob*@covisp.net>; Tue, 10 Feb 2015 08:53:22 -0700 (MST)
>> Delivered-To: *bob*@covisp.net
>> Received: by 170.130.246.215 with SMTP id 
>> 998S7h4.33K03w6s2R18O2.22351x4s23d1n26;
>>Tue, 10 Feb 2015 08:51:05 -0700 (PST)
>> X-Received: by 170.130.246.215 with SMTP id 134G6f10K6Z34b712c43li;
>>Tue, 10 Feb 2015 08:51:05 -0700 (PST)
>> Received: from thenewestsecret.net (thenewestsecret.net. )
>>by mx.google.com with ESMTP id 
>> 59333u4l19.1C4P11z.147.0.5.1.2.5.5.5.1.0.7.0.4
>>for <*bob*@covisp.net>;
>>Tue, 10 Feb 2015 08:51:05 -0700 (PST)
>> Mime-Version: 1.0
>> Date: 
>> Message-Id: <235.946781y2r0b6qn6-c...@thenewestsecret.net>
>> To: *bob*@covisp.net
> 
> This message contains a Delivered-To: *bob*@covisp.net header.
> Apparently, the sender added this to trigger a delivery error.
> Apparently, the sender, c...@thenewestsecret.net, wants to receive
> a bounce message. That message would confirm that *bob*@covisp.net
> is a valid email address.

Does it make sense to reject messages with a Delivered-To: header?

Why does it generate a mail loop in my local postfix?

Could it have anything to do with the always_bcc setting?

$ postconf always_bcc
always_bcc = backups@*otherlocaldomain*.com

Would some other MTA deliver the message anyway, or this simply a spam 
harvesting tactic? The messages don’t seem to generate a valid bounce to a 
valid address…


-- 
S is for SUSAN who perished of fits
T is for TITUS who flew into bits

Re: Tracking down a mail forwarding loop

[Noel Jones]

On 2/12/2015 12:43 AM, LuKreme wrote:
> 
>> On Feb 11, 2015, at 6:20 PM, Wietse Venema  wrote:
>>
>> LuKreme:
>>> Received: from thenewestsecret.net (unknown [170.130.246.215])
>>>by mail.covisp.net (Postfix) with ESMTP id 00E42212DC0
>>>for <*bob*@covisp.net>; Tue, 10 Feb 2015 08:53:22 -0700 (MST)
>>> Delivered-To: *bob*@covisp.net
>>> Received: by 170.130.246.215 with SMTP id 
>>> 998S7h4.33K03w6s2R18O2.22351x4s23d1n26;
>>>Tue, 10 Feb 2015 08:51:05 -0700 (PST)
>>> X-Received: by 170.130.246.215 with SMTP id 134G6f10K6Z34b712c43li;
>>>Tue, 10 Feb 2015 08:51:05 -0700 (PST)
>>> Received: from thenewestsecret.net (thenewestsecret.net. )
>>>by mx.google.com with ESMTP id 
>>> 59333u4l19.1C4P11z.147.0.5.1.2.5.5.5.1.0.7.0.4
>>>for <*bob*@covisp.net>;
>>>Tue, 10 Feb 2015 08:51:05 -0700 (PST)
>>> Mime-Version: 1.0
>>> Date: 
>>> Message-Id: <235.946781y2r0b6qn6-c...@thenewestsecret.net>
>>> To: *bob*@covisp.net
>>
>> This message contains a Delivered-To: *bob*@covisp.net header.
>> Apparently, the sender added this to trigger a delivery error.
>> Apparently, the sender, c...@thenewestsecret.net, wants to receive
>> a bounce message. That message would confirm that *bob*@covisp.net
>> is a valid email address.
> 
> Does it make sense to reject messages with a Delivered-To: header?

Yes.  Incoming mail with that header cannot be delivered by postfix,
regardless whether it's really looping or not.

Although in this particular case it might be better to reject the
spammy-looking client.

> 
> Why does it generate a mail loop in my local postfix?

The presence of that header triggers the loop detection in postfix.
 The sender is adding that header either in a misguided attempt to
improve delivery, or to intentionally cause a bounce to verify the
address.

> 
> Could it have anything to do with the always_bcc setting?

No.  The header is added by the sender.

> Would some other MTA deliver the message anyway, or this simply a spam 
> harvesting tactic? The messages don’t seem to generate a valid bounce to a 
> valid address…


Some MTAs behave the same as postfix eg. qmail.  Some MTAs don't use
Delivered-To: and ignore it eg. Exchange.

We don't know the motive of the sender. We do know this isn't really
a loop and it looks like spam to me.




  -- Noel Jones

Re: Tracking down a mail forwarding loop

[LuKreme]

On 12 Feb 2015, at 08:25 , Noel Jones  wrote:
> On 2/12/2015 12:43 AM, LuKreme wrote:
>> 
>>> On Feb 11, 2015, at 6:20 PM, Wietse Venema  wrote:
>>> 
>>> LuKreme:
 Received: from thenewestsecret.net (unknown [170.130.246.215])
   by mail.covisp.net (Postfix) with ESMTP id 00E42212DC0
   for <*bob*@covisp.net>; Tue, 10 Feb 2015 08:53:22 -0700 (MST)
 Delivered-To: *bob*@covisp.net
 Received: by 170.130.246.215 with SMTP id 
 998S7h4.33K03w6s2R18O2.22351x4s23d1n26;
   Tue, 10 Feb 2015 08:51:05 -0700 (PST)
 X-Received: by 170.130.246.215 with SMTP id 134G6f10K6Z34b712c43li;
   Tue, 10 Feb 2015 08:51:05 -0700 (PST)
 Received: from thenewestsecret.net (thenewestsecret.net. )
   by mx.google.com with ESMTP id 
 59333u4l19.1C4P11z.147.0.5.1.2.5.5.5.1.0.7.0.4
   for <*bob*@covisp.net>;
   Tue, 10 Feb 2015 08:51:05 -0700 (PST)
 Mime-Version: 1.0
 Date: 
 Message-Id: <235.946781y2r0b6qn6-c...@thenewestsecret.net>
 To: *bob*@covisp.net
>>> 
>>> This message contains a Delivered-To: *bob*@covisp.net header.
>>> Apparently, the sender added this to trigger a delivery error.
>>> Apparently, the sender, c...@thenewestsecret.net, wants to receive
>>> a bounce message. That message would confirm that *bob*@covisp.net
>>> is a valid email address.
>> 
>> Does it make sense to reject messages with a Delivered-To: header?
> 
> Yes.  Incoming mail with that header cannot be delivered by postfix,
> regardless whether it's really looping or not.
> 
> Although in this particular case it might be better to reject the
> spammy-looking client.

Yes, but my postscreen is already aggressive enough that I had to tone it down 
a tad to let some legitimate mail (well, mail I wanted) in.

>> Why does it generate a mail loop in my local postfix?
> 
> The presence of that header triggers the loop detection in postfix.
> The sender is adding that header either in a misguided attempt to
> improve delivery, or to intentionally cause a bounce to verify the
> address.

What is interesting is that I see these *only* for one specific user, which is 
what made me think it was something on my end.

> We don't know the motive of the sender. We do know this isn't really
> a loop and it looks like spam to me.

Oh, they are all spam so far.

Thanks.

-- 
'Luck is my middle name,' said Rincewind, indistinctly. 'Mind you, my
first name is Bad.' --Interesting Times

Re: Question on Mail Forwarding with Virtual Hosts.

[mouss]

Daniel V. Reinhardt wrote:

All,

I
just set up virtual maps and virtual hosting using postfix, and would
like to know how I can forward email from a non-unix account to someone
who has a unix account. For example,  cryptodan is a user on the unix
machine and has a shell and login credentials.  However, I would like
to create [EMAIL PROTECTED] to be foardwared to cryptodan
the local unix account.  How would I go about doing this?



use virtual_alias_maps

[EMAIL PROTECTED]   [EMAIL PROTECTED]

assuming you have "localhost" in mydestination. otherwise replace it 
with any domain listed in mydestination.

Re: Mail forwarding possible when mailbox_size_limit is reached?

[Wietse Venema]

Axel Freyn:
> 
> Hi,
> 
> 
> We are using both mail forwarding (with an alias_database and
> $HOME/.forward - files), and a mailbox_size_limit for the user
> mailboxes. The local delivery is done by postfix/local.
> 
> The problem now is: If the mailbox is full, also the forwarding does not work
> anymore -- postfix/local generates a SOFTBOUNCE before trying to forward the
> mail:
> 
> postfix/smtpd[12341]: A9B8515C6F8: client=localhost.localdomain[127.0.0.1]
> postfix/cleanup[12335]: A9B8515C6F8: 
> message-id=<20101022181430.e253115c...@...de>
> postfix/qmgr[5039]: A9B8515C6F8: from=, size=855, nrcpt=1 (queue 
> active)
> postfix/local[12342]: A9B8515C6F8: to=, relay=local, delay=1, 
> delays=0/0.01/0/1, dsn=4.2.0, status=SOFTBOUNCE (can't create user output 
> file. Command output: procmail: Error while writing to "/var/mail/abf" )
> 

I see no Postfix errors here.

PROCMAIL updates the mailbox (and fails because of the limit) before
PROCMAIL forwards the message.

Wietse

Re: Mail forwarding possible when mailbox_size_limit is reached?

[Jeroen Geilman]

On 10/23/2010 01:15 PM, Axel Freyn wrote:

Hi,


We are using both mail forwarding (with an alias_database and
$HOME/.forward - files), and a mailbox_size_limit for the user
mailboxes. The local delivery is done by postfix/local.
   


No it's not.



mailbox_command = /usr/bin/procmail -a "$EXTENSION"
   


Procmail does local mailbox delivery.

--
J.

Re: Mail forwarding possible when mailbox_size_limit is reached?

[Axel Freyn]

Hi,
On Sat, Oct 23, 2010 at 08:02:08AM -0400, Wietse Venema wrote:
> > We are using both mail forwarding (with an alias_database and
> > $HOME/.forward - files), and a mailbox_size_limit for the user
> > mailboxes. The local delivery is done by postfix/local.
> > 
> > The problem now is: If the mailbox is full, also the forwarding does not 
> > work
> > anymore -- postfix/local generates a SOFTBOUNCE before trying to forward the
> > mail:
> > 
> > postfix/smtpd[12341]: A9B8515C6F8: client=localhost.localdomain[127.0.0.1]
> > postfix/cleanup[12335]: A9B8515C6F8: 
> > message-id=<20101022181430.e253115c...@...de>
> > postfix/qmgr[5039]: A9B8515C6F8: from=, size=855, nrcpt=1 
> > (queue active)
> > postfix/local[12342]: A9B8515C6F8: to=, relay=local, delay=1, 
> > delays=0/0.01/0/1, dsn=4.2.0, status=SOFTBOUNCE (can't create user output 
> > file. Command output: procmail: Error while writing to "/var/mail/abf" )
> > 
> 
> I see no Postfix errors here.
> 
> PROCMAIL updates the mailbox (and fails because of the limit) before
> PROCMAIL forwards the message.

Thanks for your fast reply! 
Probably my mail was not clear: I agree, there is now error due to
Postfix. It probably behaves as it is configured and as it should (but:
not as I would like it to behave in this situation ;-))

Let's assume, I have a $HOME/.forward which forwards mails for "abf" to
the external Mail-adress "axel-fr...@gmx.de", and keeps a local copy in
/var/mail/abf.

Then I would like to have the behaviour:

a) If the mailbox_size_limit for /var/mail/abf is NOT reached:
   - a copy of the mail is stored locally in /var/mail/abf 
(that is done by Procmail, I think?)
   - a copy of the mail is forwarded to axel-fr...@gmx.de (with a new ID
 (here: B4E2015C0FA). 
(that is done by postfix/local?)

b) If the mailbox_size_limit for /var/mail/abf IS reached:
   - local delivery to /var/mail/abf fails, (maybe creating a
 SOFTBOUNCE)
   - nevertheless, a copy of the mail is forwarded to axel-fr...@gmx.de.

However, I did not succeed to obtain the second case. As my Postfix is
configured now, it first tries to do the local delivery using procmail,
and it stops the complete delivery process if procmail fails. So, if the
mailbox_size_limit IS reached, postfix does NOT forward the mail to
axel-fr...@gmx.de.


So maybe my question could be reformulated as:
Can I tell Postfix: "FIRST do all forwarding ($HOME/.forward and
/etc/aliases), and THEN pass the mail to procmail"?

That would result in my desired effect:
 - Mails are ALWAYS forwarded -- even when the local mailbox is full
 - Mails are locally delivered if the local mailbox_limit is not reached
   If the local mailbox is full, this "local copy" of the mail is
   returned with a Softbounce.

Axel

Re: Mail forwarding possible when mailbox_size_limit is reached?

[Wietse Venema]

Wietse:
> PROCMAIL updates the mailbox (and fails because of the limit) before
> PROCMAIL forwards the message.

Axel Freyn:
> Thanks for your fast reply! 
> Probably my mail was not clear: I agree, there is now error due to
> Postfix. It probably behaves as it is configured and as it should (but:
> not as I would like it to behave in this situation ;-))
> 
> Let's assume, I have a $HOME/.forward which forwards mails for "abf" to
> the external Mail-adress "axel-fr...@gmx.de", and keeps a local copy in
> /var/mail/abf.
> 
> Then I would like to have the behaviour:
> 
> a) If the mailbox_size_limit for /var/mail/abf is NOT reached:
>- a copy of the mail is stored locally in /var/mail/abf 
>   (that is done by Procmail, I think?)
>- a copy of the mail is forwarded to axel-fr...@gmx.de (with a new ID
>  (here: B4E2015C0FA). 
>   (that is done by postfix/local?)
> 
> b) If the mailbox_size_limit for /var/mail/abf IS reached:
>- local delivery to /var/mail/abf fails, (maybe creating a
>  SOFTBOUNCE)
>- nevertheless, a copy of the mail is forwarded to axel-fr...@gmx.de.
> 
> However, I did not succeed to obtain the second case. As my Postfix is

Well, the problem was that PROCMAIL delivered to mailbox BEFORE
forwarding, so don't make that same mistake with ~/.forward.

Instead, deliver to mailbox AFTER forwarding.

~/.forward:
axel-fr...@gmx.de
# Postfix local(8) mailbox delivery.
abf
# procmail mailbox delivery with soft_bounce.
# "|/some/where/procmail ...procmail_arguments... || exit 75"

(Status 75 is defined in /usr/include/sysexits.h as EX_TEMPFAIL).

Wietse

Re: Mail forwarding possible when mailbox_size_limit is reached?

[Axel Freyn]

Hi Wietse,
On Sat, Oct 23, 2010 at 09:26:43AM -0400, Wietse Venema wrote:
> 
> Well, the problem was that PROCMAIL delivered to mailbox BEFORE
> forwarding, so don't make that same mistake with ~/.forward.
> 
> Instead, deliver to mailbox AFTER forwarding.
> 
> ~/.forward:
> axel-fr...@gmx.de
> # Postfix local(8) mailbox delivery.
> abf
> # procmail mailbox delivery with soft_bounce.
> # "|/some/where/procmail ...procmail_arguments... || exit 75"
> 
> (Status 75 is defined in /usr/include/sysexits.h as EX_TEMPFAIL).
> 
Somehow this does not work for me :-( 
What I tried exactly:
 - I removed the "mailbox_command" from main.cf. (and restarted postfix) Now,
   mailbox_command does no longer appear in "postconf -n"
 - I removed everything for my test-account from /etc/aliases, such that
   forwarding is only done by ~/.forward. (and did a "newaliases")
 - ~/.forward contains only:
axel-fr...@gmx.de
abf

Sending a mail to the test-account with a full mailbox results in

postfix/smtpd[29666]: 5A32115CEAA: client=localhost.localdomain[127.0.0.1]
postfix/cleanup[29651]: 5A32115CEAA: message-id=<20101024125249.gb29...@de>
postfix/qmgr[28520]: 5A32115CEAA: from=, size=983, nrcpt=1 (queue 
active)
postfix/smtpd[29666]: disconnect from localhost.localdomain[127.0.0.1]
postfix/local[29650]: 5A32115CEAA: to=, relay=local, delay=0.01, 
delays=0/0/0/0, dsn=4.2.2, status=SOFTBOUNCE (cannot update mailbox 
/var/mail/abf for user abf. error writing message: File too large)

(again, postfix does not forward the mail)

The mail is kept in the postfix mail queue; "postqueue -p" reports:
5A32115CEAA  983 Sun Oct 24 14:52:53  a...@de
(cannot update mailbox /var/mail/abf for user abf. error writing message: File 
too large)
 a...@de


When the mailbox is freed and I flush the queue using "postqueue -i
5A32115CEAA", the mail is correctly sent and forwarded:

zeus postfix/qmgr[28520]: 5A32115CEAA: from=, size=983, nrcpt=1 
(queue active)
zeus postfix/local[29771]: 5A32115CEAA: to=, relay=local, 
delay=450, delays=450/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
zeus postfix/cleanup[29772]: 111E615CEE4: 
message-id=<20101024125249.gb29...@de>
zeus postfix/qmgr[28520]: 111E615CEE4: from=, size=1136, nrcpt=1 
(queue active)
zeus postfix/local[29771]: 5A32115CEAA: to=, relay=local, 
delay=450, delays=450/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 
111E615CEE4)
zeus postfix/qmgr[28520]: 5A32115CEAA: removed
zeus postfix/pipe[29773]: 111E615CEE4: to=, 
orig_to=, relay=uucp, delay=0.01, delays=0/0/0/0, dsn=2.0.0, 
status=sent (delivered via uucp service)
zeus postfix/qmgr[28520]: 111E615CEE4: removed


But according to the order in the logfile, postfix seems to FIRST do the
"deliver to mailbox" and THEN the forwarding? (All these messages have the same
timestamp in the logfile)

Do you have any further ideas what I misconfigured?

Axel

Re: Mail forwarding possible when mailbox_size_limit is reached?

[Wietse Venema]

Axel Freyn:
> Hi Wietse,
> On Sat, Oct 23, 2010 at 09:26:43AM -0400, Wietse Venema wrote:
> > 
> > Well, the problem was that PROCMAIL delivered to mailbox BEFORE
> > forwarding, so don't make that same mistake with ~/.forward.
> > 
> > Instead, deliver to mailbox AFTER forwarding.
> > 
> > ~/.forward:
> > axel-fr...@gmx.de
> > # Postfix local(8) mailbox delivery.
> > abf
> > # procmail mailbox delivery with soft_bounce.
> > # "|/some/where/procmail ...procmail_arguments... || exit 75"
> > 
> > (Status 75 is defined in /usr/include/sysexits.h as EX_TEMPFAIL).
> > 
> Somehow this does not work for me :-( 
> What I tried exactly:
>  - I removed the "mailbox_command" from main.cf. (and restarted postfix) Now,
>mailbox_command does no longer appear in "postconf -n"
>  - I removed everything for my test-account from /etc/aliases, such that
>forwarding is only done by ~/.forward. (and did a "newaliases")
>  - ~/.forward contains only:
> axel-fr...@gmx.de
> abf
> 
> Sending a mail to the test-account with a full mailbox results in
> 
> postfix/smtpd[29666]: 5A32115CEAA: client=localhost.localdomain[127.0.0.1]
> postfix/cleanup[29651]: 5A32115CEAA: 
> message-id=<20101024125249.gb29...@de>
> postfix/qmgr[28520]: 5A32115CEAA: from=, size=983, nrcpt=1 
> (queue active)
> postfix/smtpd[29666]: disconnect from localhost.localdomain[127.0.0.1]
> postfix/local[29650]: 5A32115CEAA: to=, relay=local, delay=0.01, 
> delays=0/0/0/0, dsn=4.2.2, status=SOFTBOUNCE (cannot update mailbox 
> /var/mail/abf for user abf. error writing message: File too large)
> 
> (again, postfix does not forward the mail)

Try without soft bounce (and without EX_TEMPFAIL).

Wietse

Re: Mail forwarding possible when mailbox_size_limit is reached?

[Wietse Venema]

> Try without soft bounce (and without EX_TEMPFAIL).

Postfix will NOT forward the message when delivery fails with soft
bounce or temporary exit status, because that would result in
repeated mail forwarding.

~/.forward
 xxx...@porcupine.org
 "|exit 75"

Oct 24 09:26:28 tail postfix/local[2137]: 3E7F3547B1F:
to=, relay=local, delay=0.23,
delays=0.11/0.06/0/0.06, dsn=4.3.0, status=deferred (temporary
failure)

Postfix will forward when mailbox delivery fails permanently
(and when mailbox delivery succeeds but you knew that already.

~/.forward
 xxx...@porcupine.org
 "|exit 73"

Oct 24 09:27:10 tail postfix/local[2137]: 0A8E8547B2C:
to=, relay=local, delay=0.02,
delays=0.01/0/0/0.01, dsn=5.2.0, status=bounced (can't create
user output file)
Oct 24 09:27:10 tail postfix/local[2137]: 0A8E8547B2C:
to=, relay=local, delay=0.02,
delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (forwarded as
0BD75547B09)

Status codes 75 and 73 are defined in /usr/include/sysexits.h.

Wietse

Re: Mail forwarding possible when mailbox_size_limit is reached?

[Axel Freyn]

On Sun, Oct 24, 2010 at 09:14:08AM -0400, Wietse Venema wrote:
> > Sending a mail to the test-account with a full mailbox results in
> > 
> > postfix/smtpd[29666]: 5A32115CEAA: client=localhost.localdomain[127.0.0.1]
> > postfix/cleanup[29651]: 5A32115CEAA: 
> > message-id=<20101024125249.gb29...@de>
> > postfix/qmgr[28520]: 5A32115CEAA: from=, size=983, nrcpt=1 
> > (queue active)
> > postfix/smtpd[29666]: disconnect from localhost.localdomain[127.0.0.1]
> > postfix/local[29650]: 5A32115CEAA: to=, relay=local, 
> > delay=0.01, delays=0/0/0/0, dsn=4.2.2, status=SOFTBOUNCE (cannot update 
> > mailbox /var/mail/abf for user abf. error writing message: File too large)
> > 
> > (again, postfix does not forward the mail)
> 
> Try without soft bounce (and without EX_TEMPFAIL).
Thanks -- that was the problem! Now everything works as expected :-)
Beside, I just checked: with "soft_bounce=no", the order of the entries
in .forward or /etc/aliases is NOT important -- the mails are always
forwarded, even when the local mailbox is larger than
mailbox_size_limit.

Thank you!

Axel

Re: mail forwarding is not working at all

[Magnus Bäck]

On Tue, June 2, 2009 11:08 am, J. Bakshi said:

> I have come with a strange problem with my email server which is running
> almost 2 years now.  actually I have never tried the mail forwarding
> with the system but it has the option. Today I need to add the mail
> forwarding feature and found that the forwarding is not working. This is
> a suse 10.2 server with postfix-2.5.1-28.5.

[...]

> receive_override_options = no_address_mappings

This explicitly disables address rewriting like aliasing. Unless you have
something in your master.cf that overrides and enables rewriting, this is
the culprit.

[...]

-- 
Magnus Bäck
mag...@dsek.lth.se

Re: mail forwarding is not working at all

[J. Bakshi]

Magnus Bäck wrote:
> On Tue, June 2, 2009 11:08 am, J. Bakshi said:
>
>   
>> I have come with a strange problem with my email server which is running
>> almost 2 years now.  actually I have never tried the mail forwarding
>> with the system but it has the option. Today I need to add the mail
>> forwarding feature and found that the forwarding is not working. This is
>> a suse 10.2 server with postfix-2.5.1-28.5.
>> 
>
> [...]
>
>   
>> receive_override_options = no_address_mappings
>> 
>
> This explicitly disables address rewriting like aliasing. Unless you have
> something in your master.cf that overrides and enables rewriting, this is
> the culprit.
>   

Hello Magnus,

You are a Hero !!!
I have reset the setting like

`

receive_override_options =


and the forwarding start working.

Millions of thanks.




> [...]
>
>   

Re: "mail forwarding loop" from certain spam only

[Noel Jones]

On 11/28/2012 1:17 PM, Will Yardley wrote:
> [Apologies in advance for the less than complete information below;
> hoping someone may have an idea of what's happening anyway]
> 
> I'm having a problem where messages are accepted but then seem to
> generate a mail forwarding loop. It seems to happen a lot with mail from
> a particular spammer.

There was a discussion earlier this month about some spammer
including a Delivered-To: header in their spam.  Postfix local(8)
uses this header to detect loops and will bounce messages with a
Delivered-To: header equal to the current recipient.

Seems likely this is your problem too.

There were some suggestions for dealing with it in that discussion,
but there is no particularly good solution -- see archives.  The
best solution is to detect the message as spam and reject it before
the Delivered-To: header is a factor.



> 
> The To: header in the raw email as viewed in postcat looks like this:
> To: f...@example.edu 

Postfix doesn't use To: headers for delivery, only envelope information.

> 
> (where f...@example.edu is a valid address which works in other cases;
> the unbracketed address isn't quoted, though in my tests, Postfix seems
> to fix this by quoting the bare address, so I'm not sure why that's not
> the case in the queue file).
> 
> Postfix accepts the mail initially, but then the mail gets rejected
> (and, since the sender domain resolves to a host which has no mail
> server listening, the DSN sits in our queues for days).
> 
> Nov 27 05:05:47 hostname postfix/smtpd[32160]: 0C18B32807B: 
> client=ajaxkottely.info[93.115.135.15]

This client is listed in the zen and barracudacentral RBLs today,
maybe they weren't listed yet yesterday. You are using some RBLs?


> Nov 27 05:05:47 hostname postfix/cleanup[32525]: 0C18B32807B: 
> message-id=<673371cd-8f1f-0dc8-cd7d-a4571d4c1...@ajaxkottely.info>
> Nov 27 05:05:47 hostname postfix/qmgr[7633]: 0C18B32807B: 
> from=, size=8323, nrcpt=1 (queue active)
> Nov 27 05:05:47 hostname postfix/lmtp[31222]: DD086328056: 
> to=, relay=127.0.0.1[127.0.0.1]:33325, conn_use=2, 
> delay=9.4, delays=1.8/0/0/7.6, dsn=2.0.0, status=sent (250 2.0.0 from 
> MTA([127.0.0.1]:33326): 250 2.0.0 Ok: queued as 0C18B32807B)
> Nov 27 05:05:47 hostname postfix/local[32177]: 0C18B32807B: 
> to=, relay=local, delay=0.04, delays=0.02/0.02/0/0.01, 
> dsn=5.4.6, status=bounced (mail forwarding loop for f...@example.edu)
> 
> Unfortunately, I can't post full postconf -n output here (see snippets
> below), but suffice it to say that I'm confident that mail to
> f...@example.edu works under most conditions. Is there anything I can do
> to figure out the cause of this?
> 
> Users are defined in LDAP, and in this case, example.edu is *not* a
> virtual domain. localhost:33326 is the return from amavis.
> 
> mail_version = 2.3.3
> alias_maps = proxy:ldap:acct_alias_ldap,
>  proxy:ldap:other_alias_ldap,
>  hash:/etc/postfix/config/aliases
> virtual_alias_maps = hash:/etc/postfix/config/virtusertable
> 
> I will try adding the sending host in question to $debug_peer_list to
> see if I get any more information. I am happy to provide other debugging
> information within reason if it's possible.

If this is a single offending host, seems as if adding them to a
local blacklist is the easiest solution.


> 
> w
> 




  -- Noel Jones

Re: "mail forwarding loop" from certain spam only

[Ralf Hildebrandt]

* Noel Jones :
> On 11/28/2012 1:17 PM, Will Yardley wrote:
> > [Apologies in advance for the less than complete information below;
> > hoping someone may have an idea of what's happening anyway]
> > 
> > I'm having a problem where messages are accepted but then seem to
> > generate a mail forwarding loop. It seems to happen a lot with mail from
> > a particular spammer.
> 
> There was a discussion earlier this month about some spammer
> including a Delivered-To: header in their spam.  Postfix local(8)
> uses this header to detect loops and will bounce messages with a
> Delivered-To: header equal to the current recipient.
> 
> Seems likely this is your problem too.
> 
> There were some suggestions for dealing with it in that discussion,
> but there is no particularly good solution -- see archives.  The
> best solution is to detect the message as spam and reject it before
> the Delivered-To: header is a factor.

To verify this, use a header_checks entry like:

/^Delivered-To:/ WARN

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

Re: "mail forwarding loop" from certain spam only

[Will Yardley]

On Wed, Nov 28, 2012 at 04:02:57PM -0600, Noel Jones wrote:
> On 11/28/2012 1:17 PM, Will Yardley wrote:

> > I'm having a problem where messages are accepted but then seem to
> > generate a mail forwarding loop. It seems to happen a lot with mail
> > from a particular spammer.
> 
> There was a discussion earlier this month about some spammer including
> a Delivered-To: header in their spam.  Postfix local(8) uses this
> header to detect loops and will bounce messages with a Delivered-To:
> header equal to the current recipient.

Thanks. I was tearing my hair out about this one, and couldn't see
anything really obviously weird in the raw message, but this explanation
makes sense.
 
I will poke through the archives and see if any of the nasty solutions
might help, now that I have an idea of what to look for. Our
architecture is fairly simple, so may be able to just unset
$nested_header_checks and define a header check to block these.

You are right that the messages have 'Delivered-To' headers set to the
user's address, and I can reproduce this behavior with later Postfix
versions as well.

> > The To: header in the raw email as viewed in postcat looks like this:
> > To: f...@example.edu 
> 
> Postfix doesn't use To: headers for delivery, only envelope information.

Right, I understand that, and could see that the env recipient looked
correct in the logs -- it just stood out, esp. since Postfix does seems
to rewrite it before delivering it if I send a test message with similar
headers.
 
> > Nov 27 05:05:47 hostname postfix/smtpd[32160]: 0C18B32807B: 
> > client=ajaxkottely.info[93.115.135.15]
> 
> This client is listed in the zen and barracudacentral RBLs today,
> maybe they weren't listed yet yesterday. You are using some RBLs?

Just an example, but yes, we do use some RBLs, including Zen. We have
classes which allow users to choose a more or less restrictive policy
(or no blocking), but this user does have our recommended class. At this
time, I'm seeing this particular source in zen [from one of our SMTP
servers this morning]:
$ dig 15.135.115.93.zen.spamhaus.org +sh
127.0.0.3

However, my guess is that they've already started sending from other IPs
that aren't blocked in major blocklists - don't see any new mail from
that source today. Also have some messages from back on 31.14.46.16
(also listed) from back on Tues.

w

"mail forwarding loop" when Resending Email to Oneself.

[Ralph Corderoy]

Hi,

I send myself a little email.

Return-Path: 
X-Original-To: ralph
Delivered-To: ra...@inputplus.co.uk
Received: by orac.inputplus.co.uk (Postfix, from userid 1000)
id 9687C279FC; Wed, 16 Nov 2016 12:29:46 + (GMT)
Date: Wed, 16 Nov 2016 12:29:46 +
To: ra...@inputplus.co.uk
Message-Id: <20161116122946.9687c27...@orac.inputplus.co.uk>
From: ra...@inputplus.co.uk (Ralph Corderoy)

foo

I use nmh's dist(1) command to distribute it, using Resent-From,
Resent-To, etc., headers.  (IIRC this is similar to mutt's "bounce"
command.)

Postfix complains of a "mail forwarding loop" by return.

Return-Path: <>
X-Original-To: ra...@inputplus.co.uk
Delivered-To: ra...@inputplus.co.uk
Received: by orac.inputplus.co.uk (Postfix)
id 2DF9D27E4C; Wed, 16 Nov 2016 12:29:55 + (GMT)
Date: Wed, 16 Nov 2016 12:29:55 + (GMT)
From: mailer-dae...@inputplus.co.uk (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: ra...@inputplus.co.uk
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="0F24A1F958.1479299395/orac.inputplus.co.uk"
Content-Transfer-Encoding: 8bit
Message-Id: <20161116122955.2df9d27...@orac.inputplus.co.uk>

This is a MIME-encapsulated message.

--0F24A1F958.1479299395/orac.inputplus.co.uk
Content-Description: Notification
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

This is the mail system at host orac.inputplus.co.uk.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

   The mail system

 (expanded from ): mail forwarding loop for
ra...@inputplus.co.uk

--0F24A1F958.1479299395/orac.inputplus.co.uk
Content-Description: Delivery report
Content-Type: message/delivery-status
Content-Transfer-Encoding: 8bit

Reporting-MTA: dns; orac.inputplus.co.uk
X-Postfix-Queue-ID: 0F24A1F958
X-Postfix-Sender: rfc822; ra...@inputplus.co.uk
Arrival-Date: Wed, 16 Nov 2016 12:29:55 + (GMT)

Final-Recipient: rfc822; ra...@inputplus.co.uk
Original-Recipient: rfc822;ralph
    Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail forwarding loop for ra...@inputplus.co.uk

--0F24A1F958.1479299395/orac.inputplus.co.uk
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit

Return-Path: 
Received: from orac.inputplus.co.uk (orac.inputplus.co.uk [IPv6:::1])
by orac.inputplus.co.uk (Postfix) with ESMTP id 0F24A1F958
for ; Wed, 16 Nov 2016 12:29:55 + (GMT)
X-Original-To: ralph
Delivered-To: ra...@inputplus.co.uk
Received: by orac.inputplus.co.uk (Postfix, from userid 1000)
id 9687C279FC; Wed, 16 Nov 2016 12:29:46 + (GMT)
Date: Wed, 16 Nov 2016 12:29:46 +
To: ra...@inputplus.co.uk
User-Agent: mail v14.8.14
Message-Id: <20161116122946.9687c27...@orac.inputplus.co.uk>
From: ra...@inputplus.co.uk (Ralph Corderoy)
Resent-From: Ralph Corderoy 
Resent-To: ra...@inputplus.co.uk
Resent-Date: Wed, 16 Nov 2016 12:29:55 +
Resent-Message-Id: <20161116122955.0f24a1f...@orac.inputplus.co.uk>

foo

--0F24A1F958.1479299395/orac.inputplus.co.uk--

AIUI this is because the original email's Delivered-To header is in the
resent email with the same email address as the new email's destination.

Does an RFC cover Delivered-To?  If not, what's the closest to a
specification?

Resending the email to myself at the same email address is legitimate
and used to work in years past.  What does Postfix think an MUA should
do in this circumstance?  Remove the Delivered-To header whenever
resending?

Any other advice Postfix can offer this MUA?

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

What is causing this mail forwarding loop bounce?

[sendu]

I'm using Google's Postini replacement as a spam filter before mail gets to
my smtp server. I currently have a problem where most emails that get spam
trapped by Google disappear when I attempt to have them delivered. Google
gives me the ability to reattempt delivery and I have a repeatable case
where one example spam always gets bounced by my Postfix, and one always
comes through fine.

Here are my smtpd logs from a case where I tried to deliver the 2 spam
emails seconds apart; the first one failed and the second one worked:

http://pastebin.com/XUYR4ZDe

Here's another attempt to deliver the same problematic email, this time with
-v verbosity added to just about everything in /etc/postfix/master.cf:

http://pastebin.com/ENkgTXz6

AFAICT, everything seems to go normally but then I get:
send attr reason = mail forwarding loop for se...@sendu.me.uk
and it eventually bounces.

My postconf -n:
postconf -n
address_verify_relayhost =
alias_database = hash:/etc/mail/aliases
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = //usr/lib64/postfix
data_directory = /var/lib/postfix
debug_peer_level = 1
default_destination_concurrency_limit = 2
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix-2.5.5/html
inet_interfaces = all
local_destination_concurrency_limit = 2
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
local_transport = local
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = sendu.me.uk
myhostname = 64x2.sendu.me.uk
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.5/readme
relayhost = outbound.mailhop.org
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/ssl/private/sub.class1.server.ca.pem
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_cert_file = /etc/ssl/private/sendu.me.uk.crt
smtp_tls_key_file = /etc/ssl/private/sendu.me.uk.decrypted.key
smtp_tls_loglevel = 0
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, check_client_access
cidr:/etc/postfix/allowed_clients.cidr, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/private/sub.class1.server.ca.pem
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/sendu.me.uk.crt
smtpd_tls_key_file = /etc/ssl/private/sendu.me.uk.decrypted.key
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
virtual_gid_maps = static:$vmail-gid
virtual_mailbox_base = /
virtual_mailbox_domains = mail.sendu.me.uk senduphotography.com bala.me.uk
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_minimum_uid = 1000
virtual_transport = virtual
virtual_uid_maps = static:$vmail-uid

I'm running Postfix 2.8.4

Any help greatly appreciated. 



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-tp62199.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Outbound Relays, Delivered-To, and "mail forwarding loop detected"

[Bob Proulx]

After many years it is now necessary for me to change my mail server
to one on a different network.  My old server network is going off the
Internet at some point but it will remain with a local dynamic
address.  It will need to relay mail.  I have set up a vpn between the
old server and the new server and am using it for mail transport
between.  At this moment I am still using my previous server for
incoming mail but forwarding outbound mail through the new server to
start the migration.  Mostly all good.  But I do have a problem that I
don't understand and am looking for help from the wisdom of the list.

If I re-mail a message by any of several methods I run into a
rejection on the new outbound server "mail forwarding loop detected"
due to Delivered-To header detection.  Of course the new server havoc
has never seen this message before.  I am running into Delivered-To
loop detection issues.  Let's jump into the details.  Old joseki and
new havoc are the two servers involved.  On havoc:

  Nov 18 12:08:16 havoc postfix/cleanup[27515]: 910CE4A0: reject: header 
X-X-Delivered-To: b...@proulx.com from localhost[127.0.0.1]; 
from= to= proto=ESMTP 
helo=: 5.7.1 mail forwarding loop detected

I have slightly redacted the mail addresses in order to avoid exposing
addresses but I think not in any significant way.  Hopefully.  What I
don't understand is why havoc's configuration is rejecting this
message.  The docs say:

  http://www.postfix.org/pipe.8.html

The D flag also enforces loop detection (Postfix 2.5  and
later):  if  a  message  already contains a Delivered-To:
header with the same recipient address, then the  message
is  returned  as undeliverable. The address comparison is
case insensitive.

But b...@proulx.com is not the recipient address.  So why is it matching?
What configures havoc to think b...@proulx.com is a forwarding loop?
That seems to be the snag I am tripping over.  Of course if I delete
all Delivered-To headers then mail is not rejected.

Thanks!
Bob

The havoc system is the new outbout relay.  On havoc I think the
significant config is:

  cat /etc/mailname
  havoc.proulx.com

  myhostname = havoc.proulx.com
  myorigin = /etc/mailname
  mydestination = $myhostname, localhost.$mydomain, localhost
  mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128

And on havoc somewhat more complicated by these that I think are not
related:

  transport_maps = hash:/etc/postfix/transport
  relay_domains = $mydestination
  relay_recipient_maps = hash:/etc/postfix/relay_recipients
  virtual_alias_domains = example.net, example.org # redacted domain names
  virtual_alias_maps = hash:/etc/postfix/virtual

Re: "mail forwarding loop" when Resending Email to Oneself.

[Bill Cole]

On 16 Nov 2016, at 7:43, Ralph Corderoy wrote:


Does an RFC cover Delivered-To?


No.


If not, what's the closest to a
specification?


The documentation in the software that adds it. In this case 
specifically the man page for postconf(5)

Re: "mail forwarding loop" when Resending Email to Oneself.

[Ralph Corderoy]

Hi Bill,

> > If not, what's the closest to a specification?
>
> The documentation in the software that adds it. In this case
> specifically the man page for postconf(5)

I'd already read that, e.g. prepend_delivered_header, and it doesn't
describe Postfix's logic for producing "mail forwarding loop", e.g. does
it only check on final delivery so if it's a relay then it doesn't care?

I did find mutt has

3.22. bounce_delivered

Type: boolean
Default: yes

When this variable is set, mutt will include Delivered-To headers
when bouncing messages.  Postfix users may wish to unset this
variable.  — http://www.mutt.org/doc/manual/

But that's again imprecise, e.g. is Postfix involvement anywhere along
the route a problem?

If the MTA imposes new rules that affect the MUA's behaviour then I'd
expect it to offer guidance as to the MUA's policy.  (I realise "new"
could mean several years old here, but it's still a change.)  Every MTA
and MUA cooking up their own policy seems wrong.  Deviations and
broken implementations are bad enough when an RFC does exist.

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

Re: "mail forwarding loop" when Resending Email to Oneself.

[Wietse Venema]

Ralph Corderoy:
> Hi Bill,
> 
> > > If not, what's the closest to a specification?
> >
> > The documentation in the software that adds it. In this case
> > specifically the man page for postconf(5)
> 
> I'd already read that, e.g. prepend_delivered_header, and it doesn't
> describe Postfix's logic for producing "mail forwarding loop", e.g. does
> it only check on final delivery so if it's a relay then it doesn't care?

The Postfix code that ADDS the delivered-to header will 
report a loop if that header already exists.

Doing it otherwise (checking without adding, or adding without
checking) makes no sense.

Wietse

Re: What is causing this mail forwarding loop bounce?

[Ansgar Wiechers]

On 2013-10-14 sendu wrote:
> I'm using Google's Postini replacement as a spam filter before mail
> gets to my smtp server. I currently have a problem where most emails
> that get spam trapped by Google disappear when I attempt to have them
> delivered. Google gives me the ability to reattempt delivery and I
> have a repeatable case where one example spam always gets bounced by
> my Postfix, and one always comes through fine.
> 
> Here are my smtpd logs from a case where I tried to deliver the 2 spam
> emails seconds apart; the first one failed and the second one worked:
> 
> http://pastebin.com/XUYR4ZDe

Please do not enable verbose logging unless specifically asked to.
Normal Postfix logging usually suffices for troubleshooting delivery
problems.

Regards
Ansgar Wiechers
-- 
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

Re: What is causing this mail forwarding loop bounce?

[sendu]

Here's another delivery attempt, this time with all verbose logging turned
off:

http://pastebin.com/TtyDXKBX

It bounces; I don't know why. Is there any way to find out?



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-tp62199p62229.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: What is causing this mail forwarding loop bounce?

[Charles Marcus]

On 2013-10-15 10:01 AM, sendu  wrote:

Here's another delivery attempt, this time with all verbose logging turned
off:

http://pastebin.com/TtyDXKBX


Please post such things inline in the email body, many people will not 
click on links to unknown destinations...



It bounces; I don't know why. Is there any way to find out?


Maybe follow the instructions you received in the welcome message? Ie, 
provide postconf -n output for starters?


--

Best regards,

*/Charles/*