remote_header_rewrite_domain ignored.
Hi, I added the following line to main.cf but the server name was still appended to an incomplete sender address. remote_header_rewrite_domain = When I changed the line to remote_header_rewrite_domain = domain.invalid it started working. According to the documentation the entry with no actual domain name should work. Or has something changed that I'm not aware of? Below is my postfix version and postconf -n in case there's some other setting that's effecting it. Thanks Guy Postfix mail_version = 2.5.1 r...@aardwolf:/etc/postfix# postconf -n 2bounce_notice_recipient = postmas...@domain.net anvil_rate_time_unit = 60s bounce_notice_recipient = postmas...@domain.net bounce_template_file = /etc/postfix/bounce.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 cyrus_sasl_config_path = /etc/postfix/sasl/ daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 30 delay_notice_recipient = postmas...@domain.net error_notice_recipient = postmas...@domain.net home_mailbox = .maildir/ html_directory = /usr/share/doc/postfix/html mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = sbl-xbl.spamhaus.org message_size_limit = 3124 mynetworks = 127.0.0.0/8, x.x.x.x, x.x.x.x, x.x.x.x newaliases_path = /usr/bin/newaliases proxy_read_maps = $local_recipient_maps $mydestination $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_alias_maps queue_directory = /var/spool/postfix rbl_reply_maps = hash:/etc/postfix/rbl_reply readme_directory = /usr/share/doc/postfix-2.2.10/readme remote_header_rewrite_domain = domain.invalid sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_connection_count_limit = 100 smtpd_client_connection_rate_limit = 100 smtpd_client_message_rate_limit = 100 smtpd_client_recipient_rate_limit = 50 smtpd_error_sleep_time = 1s smtpd_hard_error_limit = 20 smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access cidr:/etc/postfix/postfix-dnswl-permit, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rhsbl_client zen.spamhaus.org, reject_rhsbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10031, permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_soft_error_limit = 10 smtpd_tls_CAfile = /etc/ssl/certs/ca-bundle.crt smtpd_tls_cert_file = /etc/ssl/certs/imapd.pem smtpd_tls_key_file = /etc/ssl/private/imapd.pem smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/virtual_transport_maps unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql_virtual_catchall_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_transport = smtp:host.domain.org -- Don't just do something...sit there!
remote_header_rewrite_domain ignored
Hi, I'm using postfix 2.5.7 and having some trouble with the server domain being appended to incomplete sender addresses. I have set # postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header append_at_myorigin = yes append_dot_mydomain = no local_header_rewrite_clients = mydomain = nippynetworks.com myorigin = $mydomain remote_header_rewrite_domain = rewrite_service_name = rewrite I have amavisd-new installed, but having bumped up the logging I believe this is happening on initial submission and not on the re-injection. Log files show the client connecting, checking the FROM address and then: Dec 4 15:33:54 mail1 postfix/smtpd[22858]: < office.mydomain.com[X.X.X.X]: RCPT TO: Dec 4 15:33:54 mail1 postfix/smtpd[22858]: extract_addr: input: Dec 4 15:33:54 mail1 postfix/smtpd[22858]: smtpd_check_addr: addr=asdf Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr request = rewrite Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr rule = local Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr address = asdf Dec 4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket: wanted attribute: flags Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: flags Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value: 0 Dec 4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket: wanted attribute: address Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: address Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value: a...@mydomain.com Dec 4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket: wanted attribute: (list terminator) Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: (end) Dec 4 15:33:54 mail1 postfix/smtpd[22858]: rewrite_clnt: local: asdf -> a...@mydomain.com Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr request = resolve Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr sender = Dec 4 15:33:54 mail1 postfix/smtpd[22858]: send attr address = a...@mydomain.com Dec 4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket: wanted attribute: flags Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: flags Dec 4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value: 0 I guess it must be a reasonably common situation to have a blackbox mailserver with no local accounts and only virtual users? What do others use in this config to ensure emails pass through unchanged (and then bounced since of course the address is invalid). Note for various reasons this mailserver needs to accept such incorrect emails and bounce them later - (actually we have two configurations, most emails are refused unless they have fully qualified addresses, the other configuration is used for a subset of clients where we need to accept all emails and bounce errors later) Can anyone show me what I need to change please? postconf -n: address_verify_map = btree:/var/mta/verify alias_database = hash:/etc/mail/aliases alias_maps = hash:/etc/mail/aliases append_dot_mydomain = no body_checks = regexp:/etc/postfix/body_checks bounce_queue_lifetime = 2d broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = lmtp-amavis:[127.0.2.1]:10024 daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 2 default_recipient_limit = 500 disable_vrfy_command = yes empty_address_recipient = MAILER-DAEMON home_mailbox = mbox html_directory = /usr/share/doc/postfix-2.5.7/html local_destination_concurrency_limit = 2 local_header_rewrite_clients = local_recipient_maps = mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maximal_queue_lifetime = 2d message_size_limit = 3024 mydestination = mydomain = mydomain.com myhostname = mail1.mydomain.com mynetworks = 127.0.2.1/32, X.X.X.X/32 myorigin = $mydomain newaliases_path = /usr/bin/newaliases owner_request_special = no parent_domain_matches_subdomains = queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.7/readme recipient_delimiter = + sample_directory = /etc/postfix sender_bcc_maps = hash:/etc/postfix/sender_bcc sendmail_path = /usr/sbin/sendmail setgid_group = postdrop show_user_unknown_table_name = no smtp_helo_timeout = 90 smtpd_client_connection_count_limit = 20 smtpd_data_restrictions = check_policy_service unix:private/my_policy smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_recipient_restrictions = check_recipient_access regexp:/etc/postfix/test.regexp, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_sender_access hash:/etc/postfix/relay_from_bodge, reject_unlisted_recipient, reject_unlisted_sender, check_policy_service unix:private/my_policy, permit_mynetworks, permit_sasl_authenticated, re
Re: remote_header_rewrite_domain ignored.
Guy: > Hi, > > I added the following line to main.cf but the server name was still > appended to an incomplete sender address. > content_filter = smtp-amavis:[127.0.0.1]:10024 You're appending it on return from the filter. Don't list the local machine as a local rewrite client. Wietse
Re: remote_header_rewrite_domain ignored
Ed W: > Hi, I'm using postfix 2.5.7 and having some trouble with the server > domain being appended to incomplete sender addresses. I have set > > # postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header > append_at_myorigin = yes > append_dot_mydomain = no > local_header_rewrite_clients = Note: local_***HEADER***_rewrite_clients, a feature that controls how HEADER address are rewritten. > mydomain = nippynetworks.com > myorigin = $mydomain > remote_header_rewrite_domain = > rewrite_service_name = rewrite > > > I have amavisd-new installed, but having bumped up the logging I believe > this is happening on initial submission and not on the re-injection. > Log files show the client connecting, checking the FROM address and then: > > Dec 4 15:33:54 mail1 postfix/smtpd[22858]: < > office.mydomain.com[X.X.X.X]: RCPT TO: That is not a HEADER address. Wietse
Re: remote_header_rewrite_domain ignored
Wietse Venema wrote: Ed W: Hi, I'm using postfix 2.5.7 and having some trouble with the server domain being appended to incomplete sender addresses. I have set # postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header append_at_myorigin = yes append_dot_mydomain = no local_header_rewrite_clients = Note: local_***HEADER***_rewrite_clients, a feature that controls how HEADER address are rewritten. Fair enough - can you please help correct my config given the original goal of avoiding incomplete email addresses having a domain automatically appended? Thanks Ed W
Re: remote_header_rewrite_domain ignored
Ed W wrote: Wietse Venema wrote: Ed W: Hi, I'm using postfix 2.5.7 and having some trouble with the server domain being appended to incomplete sender addresses. I have set # postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header append_at_myorigin = yes append_dot_mydomain = no local_header_rewrite_clients = Note: local_***HEADER***_rewrite_clients, a feature that controls how HEADER address are rewritten. Fair enough - can you please help correct my config given the original goal of avoiding incomplete email addresses having a domain automatically appended? To clarify the question - the goal is if someone connects via the network (not local sendmail command) and the transcript says "RCPT TO: " that this is subsequently bounced as being an invalid recipient. What is happening at present is that it's being translated to "a...@mydomain.com" and being delivered to that recipient (I accept that I can reject this during the smtp conversation, and this is done on our main configuration, but I have a subset of customers for which I must accept this email and *bounce* it later) I suspect that it's necessary to set "append_at_myorigin=no" ? However, the documentation warns of this being an unsupported configuration? Can you please explain the correct way to achieve this configuration (surely it's a fairly normal configuration for mailservers these days?) However, note the docs for append_at_myorigin says that addresses have $remote_header_rewrite_domain appended and this is blank in my config? So I am still unsure why something is getting appended at all? I'm reasonably sure this configuration worked as desired with an earlier version of Postfix? Thanks Ed W
Re: remote_header_rewrite_domain ignored
Ed W: > Wietse Venema wrote: > > Ed W: > > > >> Hi, I'm using postfix 2.5.7 and having some trouble with the server > >> domain being appended to incomplete sender addresses. I have set > >> > >> # postconf|grep -e rewrite -e append -e myorigin -e mydomain -e > >> local_header > >> append_at_myorigin = yes > >> append_dot_mydomain = no > >> local_header_rewrite_clients = > >> > > > > Note: local_***HEADER***_rewrite_clients, a feature that > > controls how HEADER address are rewritten. > > > > > > Fair enough - can you please help correct my config given the original > goal of avoiding incomplete email addresses having a domain > automatically appended? If an address has no domain, then by definition it delivers to the same destination as when the default domain were appended. Therefore, both address forms are equivalent. Therefore, Postfix uses the same address form for both, instead of doubling the number of configuration options (and code) for address forms that are by definition equivalent. Wietse
Re: remote_header_rewrite_domain ignored
Ed W: > To clarify the question - the goal is if someone connects via the > network (not local sendmail command) and the transcript says "RCPT TO: > " that this is subsequently bounced as being an invalid To summarize my other response, by definition an address without domain delivers to the same mailbox as an address with the default domain. Wietse
Re: remote_header_rewrite_domain ignored
Wietse Venema wrote: Ed W: To clarify the question - the goal is if someone connects via the network (not local sendmail command) and the transcript says "RCPT TO: " that this is subsequently bounced as being an invalid To summarize my other response, by definition an address without domain delivers to the same mailbox as an address with the default domain. Understood - but, how can I change this please..? (and if there are hidden implications, please summarise so that I can test for breakage?) If this is not possible then can I please make a feature request for this? At least in the case of my users it's almost exclusively a typo (autocomplete gremlin due to Microsoft email programs..) and not intended for delivery to the local mail server (in my case it results in lack of feedback and hence backpressure to correct the typos and also a slight privacy issue in that emails are getting delivered to the wrong user rather than being bounced as undeliverable) Thanks for any help? Ed W
Re: remote_header_rewrite_domain ignored
Ed W a écrit : > Wietse Venema wrote: >> Ed W: >> >>> To clarify the question - the goal is if someone connects via the >>> network (not local sendmail command) and the transcript says "RCPT TO: >>> " that this is subsequently bounced as being an invalid >>> >> >> To summarize my other response, by definition an address without >> domain delivers to the same mailbox as an address with the default >> domain. >> >> > > Understood - but, how can I change this please..? (and if there are > hidden implications, please summarise so that I can test for breakage?) > > If this is not possible then can I please make a feature request for > this? At least in the case of my users it's almost exclusively a typo > (autocomplete gremlin due to Microsoft email programs..) and not > intended for delivery to the local mail server (in my case it results in > lack of feedback and hence backpressure to correct the typos and also a > slight privacy issue in that emails are getting delivered to the wrong > user rather than being bounced as undeliverable) > > Thanks for any help? > > Ed W look for reject_non_fqdn_sender reject_non_fqdn_recipient
Re: remote_header_rewrite_domain ignored
On Sat, 05 Dec 2009 15:36:06 + Ed W replied: >If this is not possible then can I please make a feature request for >this? At least in the case of my users it's almost exclusively a typo >(autocomplete gremlin due to Microsoft email programs..) and not >intended for delivery to the local mail server (in my case it results >in lack of feedback and hence backpressure to correct the typos and >also a slight privacy issue in that emails are getting delivered to >the wrong user rather than being bounced as undeliverable) I believe it to be self evident that the source of the affliction that you are experiencing can be best described by the acronym: PEBKAC. Microsoft has nothing to do with it. -- Jerry postfix.u...@yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html The avoidance of taxes is the only intellectual pursuit that carries any reward. John Maynard Keynes
Re: remote_header_rewrite_domain ignored
Ed W: > Wietse Venema wrote: > > Ed W: > > > >> To clarify the question - the goal is if someone connects via the > >> network (not local sendmail command) and the transcript says "RCPT TO: > >> " that this is subsequently bounced as being an invalid > >> > > > > To summarize my other response, by definition an address without > > domain delivers to the same mailbox as an address with the default > > domain. > > > > > > Understood - but, how can I change this please..? (and if there are > hidden implications, please summarise so that I can test for breakage?) If you don't want to receive mail for domain-less addresses then say so, instead of coming up with the wrong solution for the wrong problem. Use the reject_non_fqdn_mumble to stop bare addresses. Wietse
Re: remote_header_rewrite_domain ignored
Wietse Venema wrote: If you don't want to receive mail for domain-less addresses then say so, instead of coming up with the wrong solution for the wrong problem. OK, "I want to accept most emails over smtp and then later bounce emails with domain-less addresses" Use the reject_non_fqdn_mumble to stop bare addresses. OK, but as I showed in my config file and described in my problem description - I do this for my main configuration, however, for a subset of customers I need to support a configuration where we accept domainless addresses during the smtp conversation, but I would like them bounced subsequently (I understand the issues with bouncing - this configuration will only accept auth'ed connections. I would rather not revisit all the reasons we need to bounce rather than reject, but the background is that these users are on a satellite internet connection with 2,400 baud speeds costing $1.50/min. We have a fairly precise setup which maximises speed and minimises cost. So, is there some way to please configure postfix to *bounce* domainless addresses? Thanks Ed W
Re: remote_header_rewrite_domain ignored
Jerry wrote: I believe it to be self evident that the source of the affliction that you are experiencing can be best described by the acronym: PEBKAC. Microsoft has nothing to do with it. I know you are just trying to be funny, but some email programs do limited address verification before letting you hit send and warn you of probable problems (curiously Outlook Express is one of these...). However, at least the MS email programs have a curious kind of autocomplete which can lead to the user entering the recipient name rather than the email address (imagine using an email program which autocompletes email addresses, you get used to writing "postfix" every day and then hitting tab and it turns into "postfix-users@postfix.org", but today you hit some other key combo and you are left with just "postfix" on the TO line and you hit send without noticing - easily done I think?) In general it's useful for machines to "do the right thing" and at least in my situation this means bouncing the email rather than delivering (I concede that others may prefer something else) Thanks Ed W
Re: remote_header_rewrite_domain ignored
Ed W: > Wietse Venema wrote: > > If you don't want to receive mail for domain-less addresses then > > say so, instead of coming up with the wrong solution for the wrong > > problem. > > > > OK, "I want to accept most emails over smtp and then later bounce emails > with domain-less addresses" That will not be supported. Adding a separate code path for domain-less envelope adresses would open a giant hole in the defenses. Instead, you can try to 1) configure Postfix smtpd to use an "invalid" myorigin value, 2) configure Postfix smtpd with a non-default rewrite_service_name setting that invokes a trivial-rewrite server that also uses that "invalid" myorigin value and no transport map, 3) configure the normal trivial-rewrite server with a transport map that routes mail for the invalid domain to "error: pebcak". Wietse
Re: remote_header_rewrite_domain ignored
Wietse Venema wrote: Ed W: Wietse Venema wrote: If you don't want to receive mail for domain-less addresses then say so, instead of coming up with the wrong solution for the wrong problem. OK, "I want to accept most emails over smtp and then later bounce emails with domain-less addresses" That will not be supported. Adding a separate code path for domain-less envelope adresses would open a giant hole in the defenses. Instead, you can try to 1) configure Postfix smtpd to use an "invalid" myorigin value, 2) configure Postfix smtpd with a non-default rewrite_service_name setting that invokes a trivial-rewrite server that also uses that "invalid" myorigin value and no transport map, 3) configure the normal trivial-rewrite server with a transport map that routes mail for the invalid domain to "error: pebcak". I'm going to give that a whirl - couple of questions: - What are the implications of setting myorigin to something invalid? Will this leak out in any other mail headers from locally generated email (I believe it's all submitted over smtp - possibly except cron..)? Will other bounces/errors suddenly get the invalid domain as the sender address? - Why do I need 2), ie the custom rewrite_service? For other common domain typos I have just used a normal transport map mapped to some useful "error: learn to smell correctly" message? What am I missing? - What bad things happen if I set append_at_myorigin=no ?? The docs hint at dire consequences, but not specifically what will break? - For my own edification can you please point out what part of postfix is actually rewriting these domain-less emails (presumed trivial-rewrite called from cleanup?) - I have read through ADDRESS_REWRITING_README and it implies that $myorigin is appended to "local" messages and $remote_header_rewrite_domain is appended to incomplete remote addresses. Since I have the later set to blank then this implies that either this "remote" email is being treated as local (why?) or that postfix further falls back to using myorigin to complete domainless address on remote emails also? I think the core of this is that I'm confused as to what counts as a "local" generated message - I have tried quite hard to make sure that almost everything becomes a "remote" submitted message - I accept that postfix really wants email addresses with a domain, but from the docs it's not clear what path it's following here to complete the domain? Dec 8 11:28:28 mail1 postfix/smtpd[22673]: < office.nippynetworks.com[94.194.201.187]: RCPT TO: Dec 8 11:28:28 mail1 postfix/smtpd[22673]: extract_addr: input: Dec 8 11:28:28 mail1 postfix/smtpd[22673]: smtpd_check_addr: addr=asdf Dec 8 11:28:28 mail1 postfix/smtpd[22673]: send attr request = rewrite Dec 8 11:28:28 mail1 postfix/smtpd[22673]: send attr rule = local Dec 8 11:28:28 mail1 postfix/smtpd[22673]: send attr address = asdf ^^ Why does it think it's a "local" lookup? This seems to prevent me using $remote_header_rewrite_domain to add "domain.invalid"? Thanks Ed W
Re: remote_header_rewrite_domain ignored
Wietse Venema wrote: Ed W: Wietse Venema wrote: If you don't want to receive mail for domain-less addresses then say so, instead of coming up with the wrong solution for the wrong problem. OK, "I want to accept most emails over smtp and then later bounce emails with domain-less addresses" That will not be supported. Adding a separate code path for domain-less envelope adresses would open a giant hole in the defenses. OK, I'm not averse to appending some invalid domain - I mainly need the bounce message to explain to the (non-technical) user what they did wrong so that they can fix it and resend. A transport map to an error: would work Instead, you can try to 1) configure Postfix smtpd to use an "invalid" myorigin value, I tried just this much, but without: 2) configure Postfix smtpd with a non-default rewrite_service_name setting that invokes a trivial-rewrite server that also uses that "invalid" myorigin value and no transport map, 3) configure the normal trivial-rewrite server with a transport map that routes mail for the invalid domain to "error: pebcak". ..because I'm not quite clear what they achieve and hence how to actually do this bit? However, the end result is that bounces are now coming back from mailer-dae...@domain.invalid (which is I think quite expected) Unless 2) and 3) somehow change this (dont understand?) then I think this is not a workable solution? I have started to focus on trying to use $remote_header_rewrite_domain, however, the lookup is happening as a "local" rewrite - how can I debug why this is not a "remote" rewrite? Thanks Ed W
