Hello everyone,
I created a second cleanup for the submission service to have separate
header checks from incoming emails.
cleanup-out unix n - - - 0 cleanup
-o header_checks=pcre:/etc/postfix/header_checks-out
-o body_checks=pcre:/etc/postfix/body_checks-out
-o mime_checks=pcre:/etc/postfix/mime_checks-out
After this change the recipients that have a virtual alias to an
external host or other virtual domain, in the example gmail.com, stop
working for the mail submitted via the submission service ,mail received
via port 25 flows as before.
The only change was in the submission service
Virtual user t...@riovia.com has virtual alias to t...@riovia.com and
remo...@gmail.com
pcre:/etc/postfix/header_checks-out:
-----------------------------------
/^Message-ID:.*/ IGNORE
/^Disposition-Notification-To/ IGNORE
pcre:/etc/postfix/body_checks-out
pcre:/etc/postfix/mime_checks-out
are empty files
Nevertheless the same happens also if
/etc/postfix/header_checks-out
is a empty file
Postfix 2.3.8 Debian Etch.
Original submission service:
---------------------------
submission inet n - - - - smtpd
-o smtpd_etrn_restrictions=reject
-o
smtpd_sender_restrictions=permit_mynetworks,reject_sender_login_mismatch
-o
smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o content_filter=
-o receive_override_options=no_header_body_checks
-o
smtpd_milters=unix:/clamav/clamav-milter.ctl,inet:localhost:10040
-o milter_default_action=accept
-o smtpd_discard_ehlo_keywords=silent-discard,8bitmime,etrn,dsn
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
# -o cleanup_service_name=cleanup-out
Modified submission service:
---------------------------
submission inet n - - - - smtpd
-o smtpd_etrn_restrictions=reject
-o
smtpd_sender_restrictions=permit_mynetworks,reject_sender_login_mismatch
-o
smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o content_filter=
# -o receive_override_options=no_header_body_checks
-o
smtpd_milters=unix:/clamav/clamav-milter.ctl,inet:localhost:10040
-o milter_default_action=accept
-o smtpd_discard_ehlo_keywords=silent-discard,8bitmime,etrn,dsn
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o cleanup_service_name=cleanup-out
postconf -n:
-----------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks
bounce_size_limit = 1
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
delay_warning_time = 1h
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 31457280
mime_header_checks = pcre:/etc/postfix/mime_checks
minimal_backoff_time = 300
mydestination = localhost
myhostname = farallon.riovia.com
mynetworks = 127.0.0.0/8 xxx.xxx.xxx.xxx
myorigin = /etc/mailname
notify_classes = 2bounce, resource, software, delay
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $recipient_bcc_maps
$smtpd_sender_login_maps
queue_run_delay = 300
rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
receive_override_options = no_address_mappings
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql-recipient_bcc.cf
proxy:mysql:/etc/postfix/mysql-vacation_bcc.cf
recipient_delimiter = +
relayhost =
show_user_unknown_table_name = no
smtp_helo_name = farallon.riovia.com
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_cert_file = /etc/postfix/smtpd.cert
smtp_tls_key_file = /etc/postfix/smtpd.key
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache
smtp_use_tls = yes
smtpd_banner = farallon.riovia.com ESMTP Postfix
smtpd_data_restrictions = reject_unauth_pipelining permit_mynetworks
warn_if_reject check_sender_access hash:/etc/postfix/check_backscatterer
smtpd_discard_ehlo_keywords = silent-discard, etrn, dsn
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination check_client_access
pcre:/etc/postfix/dynamic_ip_clients.pcre reject_unlisted_recipient
check_client_access cidr:/etc/postfix/postfix-dnswl-permit
check_client_access cidr:/etc/postfix/postix-riovia-permit
check_client_access pcre:/etc/postfix/client_riovia_permit.pcre
check_helo_access hash:/etc/postfix/helo_checks
reject_invalid_helo_hostname reject_unlisted_sender
reject_unknown_sender_domain check_sender_mx_access
cidr:/etc/postfix/mx_access.cidr check_policy_service
inet:127.0.0.1:60000 reject_rbl_client zen.spamhaus.org=127.0.0.10
reject_rbl_client zen.spamhaus.org=127.0.0.11 reject_rbl_client
zen.spamhaus.org
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-sender_login.cf
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf
proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_uid_maps = static:5000
master.cf (Original)
--------------------
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
-o smtpd_etrn_restrictions=reject
-o
smtpd_sender_restrictions=permit_mynetworks,reject_sender_login_mismatch
-o
smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o content_filter=
-o receive_override_options=no_header_body_checks
-o
smtpd_milters=unix:/clamav/clamav-milter.ctl,inet:localhost:10040
-o milter_default_action=accept
-o smtpd_discard_ehlo_keywords=silent-discard,8bitmime,etrn,dsn
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
# -o cleanup_service_name=cleanup-out
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - - - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
cleanup-out unix n - - - 0 cleanup
-o header_checks=pcre:/etc/postfix/header_checks-out
-o body_checks=pcre:/etc/postfix/body_checks-out
-o mime_checks=pcre:/etc/postfix/mime_checks-out
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
brokensmtp unix - - - - - smtp
-o smtp_never_send_ehlo=yes
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - - n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
### Amavisd-new ###
amavis unix - - - - 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
### Amavisd-new ###
### Vacation ###
vacation unix - n n - - pipe
flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl
### Vacation ###
Logs:
----
External client port 25(Original):
---------------------------------
Feb 12 17:23:27 farallon postfix/smtpd[27545]: connect from
smtp-s01.adinet.com.uy[200.40.30.61]
Feb 12 17:23:27 farallon postfix/smtpd[27545]: 856B725803F:
client=smtp-s01.adinet.com.uy[200.40.30.61]
Feb 12 17:23:27 farallon postfix/cleanup[27548]: 856B725803F:
message-id=<4994772e.4070...@adinet.com.uy>
Feb 12 17:23:27 farallon postfix/qmgr[7529]: 856B725803F:
from=<remo...@adinet.com.uy>, size=739, nrcpt=1 (queue active)
Feb 12 17:23:38 farallon postfix/smtpd[28586]: connect from
localhost[127.0.0.1]
Feb 12 17:23:38 farallon postfix/smtpd[28586]: C0A20258183:
client=localhost[127.0.0.1]
Feb 12 17:23:38 farallon postfix/cleanup[27548]: C0A20258183:
message-id=<4994772e.4070...@adinet.com.uy>
Feb 12 17:23:38 farallon postfix/qmgr[7529]: C0A20258183:
from=<remo...@adinet.com.uy>, size=1188, nrcpt=2 (queue active)
Feb 12 17:23:38 farallon postfix/smtpd[28586]: disconnect from
localhost[127.0.0.1]
Feb 12 17:23:38 farallon amavis[8391]: (08391-06) Passed CLEAN,
[200.40.30.61] [200.40.30.61] <remo...@adinet.com.uy> -> <test
@riovia.com>, Message-ID: <4994772e.4070...@adinet.com.uy>, mail_id:
e9S16V1as4IK, Hits: -1.786, queued_as: C0A20258183, 11276
ms
Feb 12 17:23:38 farallon postfix/smtp[28330]: 856B725803F:
to=<t...@riovia.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=11, d
elays=0.05/0/0/11, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=08391-06,
from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C0A
20258183)
Feb 12 17:23:38 farallon postfix/qmgr[7529]: 856B725803F: removed
Feb 12 17:23:43 farallon postfix/smtp[28844]: C0A20258183:
to=<rsai...@gmail.com>, orig_to=<t...@riovia.com>, relay=gmail-smtp
-in.l.google.com[209.85.218.49]:25, delay=5, delays=0.08/0.01/2.5/2.4,
dsn=2.0.0, status=sent (250 2.0.0 OK 1234466623 1si3489
76bwz.80)
Feb 12 17:23:43 farallon postfix/qmgr[7529]: C0A20258183: removed
Feb 12 17:23:53 farallon postfix/smtpd[27545]: disconnect from
smtp-s01.adinet.com.uy[200.40.30.61]
Auth client via submission (Original):
-------------------------------------
Feb 12 17:28:36 farallon postfix/smtpd[31517]: connect from
diamante.riovia.com[200.40.150.114]
Feb 12 17:28:36 farallon postfix/smtpd[31517]: setting up TLS connection
from diamante.riovia.com[200.40.150.114]
Feb 12 17:28:36 farallon postfix/smtpd[31517]: TLS connection
established from diamante.riovia.com[200.40.150.114]: TLSv1 with
cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 12 17:28:36 farallon postfix/smtpd[31517]: B346425803F:
client=diamante.riovia.com[200.40.150.114], sasl_method=CRAM-MD5,
sasl_username=remo...@bolso.ptraced.net
Feb 12 17:28:36 farallon postfix/cleanup[30233]: B346425803F:
message-id=<49947864.9030...@bolso.ptraced.net>
Feb 12 17:28:36 farallon postfix/qmgr[7529]: B346425803F:
from=<remo...@bolso.ptraced.net>, size=561, nrcpt=2 (queue active)
Feb 12 17:28:36 farallon postfix/smtpd[31517]: disconnect from
diamante.riovia.com[200.40.150.114]
Feb 12 17:28:36 farallon postfix/virtual[30243]: B346425803F:
to=<t...@riovia.com>, relay=virtual, delay=0.21, delays=0.17/0/0
/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Feb 12 17:28:54 farallon postfix/smtp[31520]: B346425803F:
to=<remo...@gmail.com>, orig_to=<t...@riovia.com>, relay=gmail-smtp
-in.l.google.com[209.85.221.177]:25, delay=18, delays=0.17/0.01/4/14,
dsn=2.0.0, status=sent (250 2.0.0 OK 1234466933 2si82131
8qyk.36)
Feb 12 17:28:54 farallon postfix/qmgr[7529]: B346425803F: removed
External client port 25(Modified):
---------------------------------
Feb 12 17:36:54 farallon postfix/smtpd[4309]: connect from
smtp-s04.adinet.com.uy[200.40.30.64]
Feb 12 17:36:54 farallon postfix/smtpd[4309]: 4176A258180:
client=smtp-s04.adinet.com.uy[200.40.30.64]
Feb 12 17:36:54 farallon postfix/cleanup[4314]: 4176A258180:
message-id=<49947a54.4020...@adinet.com.uy>
Feb 12 17:36:54 farallon postfix/qmgr[4052]: 4176A258180:
from=<remo...@adinet.com.uy>, size=741, nrcpt=1 (queue active)
Feb 12 17:37:01 farallon postfix/smtpd[4325]: connect from
localhost[127.0.0.1]
Feb 12 17:37:01 farallon postfix/smtpd[4325]: 53A6F258182:
client=localhost[127.0.0.1]
Feb 12 17:37:01 farallon postfix/cleanup[4314]: 53A6F258182:
message-id=<49947a54.4020...@adinet.com.uy>
Feb 12 17:37:01 farallon postfix/qmgr[4052]: 53A6F258182:
from=<remo...@adinet.com.uy>, size=1190, nrcpt=2 (queue active)
Feb 12 17:37:01 farallon amavis[8391]: (08391-10) Passed CLEAN,
[200.40.30.64] [200.40.30.64] <remo...@adinet.com.uy> -> <test
@riovia.com>, Message-ID: <49947a54.4020...@adinet.com.uy>, mail_id:
gK6YUCxGlR-Z, Hits: -1.624, queued_as: 53A6F258182, 7109
ms
Feb 12 17:37:01 farallon postfix/smtp[4315]: 4176A258180:
to=<t...@riovia.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.2, d
elays=0.08/0.01/0/7.1, dsn=2.6.0, status=sent (250 2.6.0 Ok,
id=08391-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
53A6F258182)
Feb 12 17:37:01 farallon postfix/smtpd[4325]: disconnect from
localhost[127.0.0.1]
Feb 12 17:37:01 farallon postfix/qmgr[4052]: 4176A258180: removed
Feb 12 17:37:01 farallon postfix/virtual[4326]: 53A6F258182:
to=<t...@riovia.com>, relay=virtual, delay=0.16, delays=0.08/0.03
/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Feb 12 17:37:11 farallon postfix/smtp[4327]: 53A6F258182:
to=<remo...@gmail.com>, orig_to=<t...@riovia.com>, relay=gmail-smtp-
in.l.google.com[209.85.218.23]:25, delay=9.8, delays=0.08/0.02/6.2/3.5,
dsn=2.0.0, status=sent (250 2.0.0 OK 1234467430 27si91
260bwz.43)
Feb 12 17:37:11 farallon postfix/qmgr[4052]: 53A6F258182: removed
Feb 12 17:37:22 farallon postfix/smtpd[4309]: disconnect from
smtp-s04.adinet.com.uy[200.40.30.64]
Auth client via submission (Modified):
-------------------------------------
Feb 12 17:38:18 farallon postfix/smtpd[5004]: connect from
diamante.riovia.com[200.40.150.114]
Feb 12 17:38:18 farallon postfix/smtpd[5004]: setting up TLS connection
from diamante.riovia.com[200.40.150.114]
Feb 12 17:38:18 farallon postfix/smtpd[5004]: TLS connection established
from diamante.riovia.com[200.40.150.114]: TLSv1 with
cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 12 17:38:19 farallon postfix/smtpd[5004]: 06C20258180:
client=diamante.riovia.com[200.40.150.114], sasl_method=CRAM-MD5, s
asl_username=remo...@bolso.ptraced.net
Feb 12 17:38:19 farallon postfix/cleanup[5116]: 06C20258180:
message-id=<20090212193819.06c20258...@farallon.riovia.com>
Feb 12 17:38:19 farallon postfix/qmgr[4052]: 06C20258180:
from=<raf...@bolso.ptraced.net>, size=575, nrcpt=1 (queue active)
Feb 12 17:38:19 farallon postfix/smtpd[5004]: disconnect from
diamante.riovia.com[200.40.150.114]
Feb 12 17:38:19 farallon postfix/virtual[4855]: 06C20258180:
to=<t...@riovia.com>, relay=virtual, delay=0.21, delays=0.17/0/0/
0.04, dsn=2.0.0, status=sent (delivered to maildir)
Feb 12 17:38:19 farallon postfix/qmgr[4052]: 06C20258180: removed
If I create another virtual alias to but this time to a virtual domain
in the same machine, the same happens.
TIA,
rafael.
