Re: relay problem

[Per olof Ljungmark]

Quoting wie...@porcupine.org:


Per olof Ljungmark:

Quoting wie...@porcupine.org:

> Per olof Ljungmark:
>> Hi all,
>>
>> Hopefully I can explain this good enough for someone to understand and
>> perhaps even suggest a solution.
>>
>> Our email system is built from a LDAP directory that contains all the
>> necessary information about our users. A box receives mail from the MX's
>> and routes it according to the information in the directory.
>>
>> If the mail is for a user present in the directory it gets delivered to
>> the mail server, if it is for an external address it is delivered to the
>> outgoing box etc., everything dandy.
>>
>> Now we face a setup where we have users present in the same tree as our
>> normal mail users, but with addresses external to us. They must have the
>> "mail" attribute that we normally use for delivery to our mail server.
>> We cannot separate them to a different tree because it is actually a mix
>> of internal and external users for a different purpose than mail routing.
>
> Use a transport map.
>
> internalu...@example.com -> internal delivery agent or internal host
> externalu...@example.com -> external host
>
> http://www.postfix.org/postconf.5.html#transport_maps
> http://www.postfix.org/transport.5.html
>
>Wietse

Yes, but the problem seems to be that the address is rewritten to
uid@mail.server before the transport maps comes into play.


If mail.server is the "wrong" server (i.e. the name of an internal
server for users that deliver elsewhere) then that is the problem.

The transport map solution is for the case that the address is not
mutilated.



Indeed. Will start tomorrow to sketch a rework of the system so that  
the rewrite is done where it should.


Thank you both for your input.

//per

Re: relay problem

[Wietse Venema]

Per olof Ljungmark:
> Quoting wie...@porcupine.org:
> 
> > Per olof Ljungmark:
> >> Hi all,
> >>
> >> Hopefully I can explain this good enough for someone to understand and
> >> perhaps even suggest a solution.
> >>
> >> Our email system is built from a LDAP directory that contains all the
> >> necessary information about our users. A box receives mail from the MX's
> >> and routes it according to the information in the directory.
> >>
> >> If the mail is for a user present in the directory it gets delivered to
> >> the mail server, if it is for an external address it is delivered to the
> >> outgoing box etc., everything dandy.
> >>
> >> Now we face a setup where we have users present in the same tree as our
> >> normal mail users, but with addresses external to us. They must have the
> >> "mail" attribute that we normally use for delivery to our mail server.
> >> We cannot separate them to a different tree because it is actually a mix
> >> of internal and external users for a different purpose than mail routing.
> >
> > Use a transport map.
> >
> > internalu...@example.com -> internal delivery agent or internal host
> > externalu...@example.com -> external host
> >
> > http://www.postfix.org/postconf.5.html#transport_maps
> > http://www.postfix.org/transport.5.html
> >
> > Wietse
> 
> Yes, but the problem seems to be that the address is rewritten to  
> uid@mail.server before the transport maps comes into play.

If mail.server is the "wrong" server (i.e. the name of an internal
server for users that deliver elsewhere) then that is the problem.

The transport map solution is for the case that the address is not 
mutilated.

Wietse

Re: relay problem

[Per olof Ljungmark]

Quoting Viktor Dukhovni :


On Sun, Jun 09, 2013 at 07:00:54PM +0200, Per olof Ljungmark wrote:


Quoting wie...@porcupine.org:

>http://www.postfix.org/postconf.5.html#transport_maps
>http://www.postfix.org/transport.5.html
>
>Wietse

Yes, but the problem seems to be that the address is rewritten to
uid@mail.server before the transport maps comes into play.


Yes, you're shooting yourself in the foot.  Don't do that.  Instead
of imposing a fixed mailbox address domain on all users retrieve
the right value from LDAP or leave the user's original address
alone.  Your existing rewrite rule is the problem.



I tend to agree with that. Please understand that it was implemented  
quite some time ago in the Postfix 1.x days and have worked ever  
since, this is the first serious issue I've seen since.


But perhaps it is time for a complete rewrite... uggg.

Thanks,

Re: relay problem

[Viktor Dukhovni]

On Sun, Jun 09, 2013 at 07:00:54PM +0200, Per olof Ljungmark wrote:

> Quoting wie...@porcupine.org:
> 
> >http://www.postfix.org/postconf.5.html#transport_maps
> >http://www.postfix.org/transport.5.html
> >
> > Wietse
> 
> Yes, but the problem seems to be that the address is rewritten to
> uid@mail.server before the transport maps comes into play.

Yes, you're shooting yourself in the foot.  Don't do that.  Instead
of imposing a fixed mailbox address domain on all users retrieve
the right value from LDAP or leave the user's original address
alone.  Your existing rewrite rule is the problem.

-- 
Viktor.

Re: relay problem

[Per olof Ljungmark]

Quoting wie...@porcupine.org:


Per olof Ljungmark:

Hi all,

Hopefully I can explain this good enough for someone to understand and
perhaps even suggest a solution.

Our email system is built from a LDAP directory that contains all the
necessary information about our users. A box receives mail from the MX's
and routes it according to the information in the directory.

If the mail is for a user present in the directory it gets delivered to
the mail server, if it is for an external address it is delivered to the
outgoing box etc., everything dandy.

Now we face a setup where we have users present in the same tree as our
normal mail users, but with addresses external to us. They must have the
"mail" attribute that we normally use for delivery to our mail server.
We cannot separate them to a different tree because it is actually a mix
of internal and external users for a different purpose than mail routing.


Use a transport map.

internalu...@example.com -> internal delivery agent or internal host
externalu...@example.com -> external host

http://www.postfix.org/postconf.5.html#transport_maps
http://www.postfix.org/transport.5.html

Wietse


Yes, but the problem seems to be that the address is rewritten to  
uid@mail.server before the transport maps comes into play.


When em...@example.com is rewritten to userID@mail.server we would  
have to have one transport switch for each user that need the special  
treatment. However, there are several solutions I've been thinking of  
that I did not try yet, one would be to move the rewriting to the mail  
server, another is clever LDAP filters.


//per

Re: relay problem

[Wietse Venema]

Per olof Ljungmark:
> Hi all,
> 
> Hopefully I can explain this good enough for someone to understand and
> perhaps even suggest a solution.
> 
> Our email system is built from a LDAP directory that contains all the
> necessary information about our users. A box receives mail from the MX's
> and routes it according to the information in the directory.
> 
> If the mail is for a user present in the directory it gets delivered to
> the mail server, if it is for an external address it is delivered to the
> outgoing box etc., everything dandy.
> 
> Now we face a setup where we have users present in the same tree as our
> normal mail users, but with addresses external to us. They must have the
> "mail" attribute that we normally use for delivery to our mail server.
> We cannot separate them to a different tree because it is actually a mix
> of internal and external users for a different purpose than mail routing.

Use a transport map.

internalu...@example.com -> internal delivery agent or internal host
externalu...@example.com -> external host

http://www.postfix.org/postconf.5.html#transport_maps
http://www.postfix.org/transport.5.html

Wietse

Re: relay problem

[Per olof Ljungmark]

On 2013-06-08 05:24, Nikolas Kallis wrote:
> On 08/06/13 03:48, Per olof Ljungmark wrote:
>> Hi all,
>>
>> Hopefully I can explain this good enough for someone to understand and
>> perhaps even suggest a solution.
>>
>> Our email system is built from a LDAP directory that contains all the
>> necessary information about our users. A box receives mail from the MX's
>> and routes it according to the information in the directory.
>>
>> If the mail is for a user present in the directory it gets delivered to
>> the mail server, if it is for an external address it is delivered to the
>> outgoing box etc., everything dandy.
>>
>> Now we face a setup where we have users present in the same tree as our
>> normal mail users, but with addresses external to us. They must have the
>> "mail" attribute that we normally use for delivery to our mail server.
>> We cannot separate them to a different tree because it is actually a mix
>> of internal and external users for a different purpose than mail routing.
>>
>> So far we have not been able to (at least not a Friday afternoon) figure
>> out how to make the mail router understand that mail for a specific
>> address/domain should *not* be delivered as usual but relayed directly
>> to outgoing even if this email address is present in the directory.
>>
>> The LDAP query is very simple:
>>
>> query_filter =
>> (&(accountStatus=Active)(|(mail=%s)(mailalternateaddress=%s)))
>> result_filter = %u@mail.server
>> result_attribute = uid
>> scope = sub
>>
>> This together with a transport map that directs * to outgoing is all
>> there is.
>>
>> I was hoping for a relatively simple way to fix this, so far I only
>> dreamed up rather complicated scenarios...
>>
>> Thanks for reading,
>>
>> //per
>>
>> PS. I had some trouble posting:
>>
>> "BOUNCE postfix-users@postfix.org:  Admin request: /^subject:\s*help\b/i"
>>
>> The word 'help' is not allowed?
>> DS.
>>
>>
> I am not an expert with complex MTA routing and quite noob with what
> your doing, but from the sounds of it and my visualisation, you will
> need to use a separate MTA system to handle the 'external' e-mail (what
> ever that is), as there is no way to differentiate between internal and
> external as they both qualify for delivery.

Yes, I realsize that it might be impossible.

"external" means addresses that are in the directory but does not have a
mailbox.

Actually, both should qualify but must be routed differently, internal
to mailbox and external to outgoing.

Re: Relay problem: NOQUEUE: reject: RCPT from unknown[::1]:

[mouss]

Wade Williams a écrit :
> I'm having a problem where an installation of Mantis bug tracking
> software cannot send mail to external addresses.  It sends mail to me
> (w...@dogwatchsw.com ) fine.  However, it
> will not send to external email addresses.  I've done a lot of google
> searching, but not come up with a fix.
> 
> All other mail operations including email to/from my mail client via
> courier-imap work fine.
> 
> 
> 
>> Apr 23 10:27:43 anagram postfix/smtpd[21916]: connect from unknown[::1]
>> Apr 23 10:27:43 anagram postfix/smtpd[21916]: NOQUEUE: reject: RCPT
>> from unknown[::1]: 554 5.7.1 > >: Relay access denied;
>> from=mailto:w...@dogwatchsw.com>>
>> to=mailto:wwill...@cisco.com>> proto=ESMTP
>> helo=http://www.dogwatchsw.com>>
>>

the message is sent using IPv6. either configure mantis/apache/whatever
to use IPv4 or add ::1 to mynetworks.
> 
> Relevant portions of main.cf:
> 
> myhostname = anagram.dogwatchsw.com
> #mydomain = domain.tld
> myorigin = $mydomain
> proxy_interfaces = 10.1.1.2
> mydestination = /etc/postfix/local-host-names
> #local_recipient_maps
> #mynetworks_style
> mynetworks = 10.0.0.0/24, 10.1.1.0/24,127.0.0.0/8
> relay_domains = $mydestination
> relayhost = [smtp.comcast.net]
> #relay_recipient_maps = hash:/etc/postfix/relay_recipients
> 
> 
> 
> Contents of /etc/postfix/local-host-names:
> 
> localhost
> localhost.dogwatchsw.com
> anagram
> anagram.dogwatchsw.com
> dogwatchsw.com
> www.dogwatchsw.com 
> 
> 
> One google search suggested that the problem might be IPv6 host names in
> /etc/hosts, so I removed those and rebooted with no effect.
> 
> Contents of /etc/hosts:
> 127.0.0.1 localhost.dogwatchsw.com localhost
> 10.1.1.2 anagram.dogwatchsw.com anagram
> 
> 
> Any thoughts?
> 
> Wade

Re: Relay problem: NOQUEUE: reject: RCPT from unknown[::1]:

[Wade Williams]

On Apr 23, 2009, at 11:08 AM, Brian Evans - Postfix List wrote:




Relevant portions of main.cf:

missing a lot here that IS relevant.

mynetworks = 10.0.0.0/24, 10.1.1.0/24,127.0.0.0/8


Any thoughts?

You seem to (no `postconf -n`) have enabled IPV6 in main.cf, but not
added it to mynetworks.
See http://www.postfix.org/IPV6_README.html for details and examples.



Ah, sorry for the newbie mistake on not including postconf -n.   
Postfix has worked so well for me in the past I've never had to reach  
out for help, so I'm a newbie at this.  Noted - and will do so next  
time.


You were correct about not having it added to mynetworks.  Since I  
didn't really need the ipv6 support (OpenBSD apparently enables it by  
default), I changed:


inet_protocols = ipv4
and all is well now.
Thanks very much for the help.
Wade

Re: Relay problem: NOQUEUE: reject: RCPT from unknown[::1]:

[Brian Evans - Postfix List]

Wade Williams wrote:
> I'm having a problem where an installation of Mantis bug tracking
> software cannot send mail to external addresses.  It sends mail to me
> (w...@dogwatchsw.com ) fine.  However, it
> will not send to external email addresses.  I've done a lot of google
> searching, but not come up with a fix.
>> Apr 23 10:27:43 anagram postfix/smtpd[21916]: connect from unknown[::1]
>> Apr 23 10:27:43 anagram postfix/smtpd[21916]: NOQUEUE: reject: RCPT
>> from unknown[::1]: 554 5.7.1 > >: Relay access denied;
>> from=mailto:w...@dogwatchsw.com>>
>> to=mailto:wwill...@cisco.com>> proto=ESMTP
>> helo=http://www.dogwatchsw.com>>
>>
>
> Relevant portions of main.cf:
missing a lot here that IS relevant.
> mynetworks = 10.0.0.0/24, 10.1.1.0/24,127.0.0.0/8
>
>
> Any thoughts?
You seem to (no `postconf -n`) have enabled IPV6 in main.cf, but not
added it to mynetworks.
See http://www.postfix.org/IPV6_README.html for details and examples.

Brian

Re: Relay problem: NOQUEUE: reject: RCPT from unknown[::1]:

[Roderick A. Anderson]

Wade Williams wrote:
I'm having a problem where an installation of Mantis bug tracking 
software cannot send mail to external addresses.  It sends mail to me 
(w...@dogwatchsw.com ) fine.  However, it 
will not send to external email addresses.  I've done a lot of google 
searching, but not come up with a fix.


All other mail operations including email to/from my mail client via 
courier-imap work fine.





Apr 23 10:27:43 anagram postfix/smtpd[21916]: connect from unknown[::1]
Apr 23 10:27:43 anagram postfix/smtpd[21916]: NOQUEUE: reject: RCPT 
from unknown[::1]: 554 5.7.1 >: Relay access denied; 
from=mailto:w...@dogwatchsw.com>> 
to=mailto:wwill...@cisco.com>> proto=ESMTP 
helo=http://www.dogwatchsw.com>>




Maybe I can get to you before the "others" do.



Relevant portions of main.cf:


Think "Ghostbusters":

"There are no 'Relevant portions of main.cf' there is only
'postconf -n'."


\\||/
Rod
--


myhostname = anagram.dogwatchsw.com
#mydomain = domain.tld
myorigin = $mydomain
proxy_interfaces = 10.1.1.2
mydestination = /etc/postfix/local-host-names
#local_recipient_maps
#mynetworks_style
mynetworks = 10.0.0.0/24, 10.1.1.0/24,127.0.0.0/8
relay_domains = $mydestination
relayhost = [smtp.comcast.net]
#relay_recipient_maps = hash:/etc/postfix/relay_recipients



Contents of /etc/postfix/local-host-names:

localhost
localhost.dogwatchsw.com
anagram
anagram.dogwatchsw.com
dogwatchsw.com
www.dogwatchsw.com 


One google search suggested that the problem might be IPv6 host names in 
/etc/hosts, so I removed those and rebooted with no effect.


Contents of /etc/hosts:
127.0.0.1 localhost.dogwatchsw.com localhost
10.1.1.2 anagram.dogwatchsw.com anagram


Any thoughts?

Wade