Chris Dos wrote:
Noel Jones wrote:
Chris Dos wrote:
Noel Jones wrote:
It looks like I want to check for RCPT TO:<VERP_Address>
So I ran this check against the regexp table using postmap:
postmap -q "RCPT TO:<chris+no-one-home=chrisdos....@chrisdos.com>"
regexp:header_checks.regexp
and it came back with a result of DISCARD.
So I guess I don't understand how you said it will never match as
postmap said it does match.
I'm not trying to be difficult or anything, just trying to figure out
why this isn't working for me.
Don't use header_checks, use a check_recipient_access map.
It seems you trying to capture this on the sending system. You can't do
that, the sender isn't verp'ed when header_checks and smtpd_*_checks
sees the address.
-- Noel Jones
Well, I'm going to really want to forward a message that matches the
regexp. I'm just doing the discard right
now for testing. The header_checks allows me to do more than just
accept or reject.
Chris
I don't see a forward action in header_checks. Maybe you intend to use
REDIRECT? Postfix access tables allow more than accept/reject,
including REDIRECT.
http://www.postfix.org/access.5.html
But my point is that header_checks are the wrong tool for the job.
There is no guarantee that the envelope sender will be listed in the
headers you receive.
And it looks as if you're testing your header_checks on the same machine
that generates the VERP'ed mail. That won't work.
-- Noel Jones
I was was reading the header_checks won't work on bounced mail. I setup a
regexp check_recipient_access map.
This is the regexp file verp_redirect.regexp :
/^RCPT TO:.+\+.+\=...@.+\..+$/ REDIRECT verpbounce
It's still not working. Here is the postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
default_process_limit = 200
default_recipient_limit = 20000
default_verp_delimiters = +=
disable_verp_bounces = no
disable_vrfy_command = yes
hash_queue_depth = 2
hash_queue_names = deferred, defer, active, incoming
header_checks = regexp:/etc/postfix/header_checks.regexp
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
maximal_queue_lifetime = 4d
message_size_limit = 15360000
minimal_backoff_time = 7200
mydestination = mail-dr.sharperagent.com, mail-dr.prod.sharperagent.com
myhostname = mail-dr.sharperagent.com
mynetworks = 127.0.0.0/8, 10.20.30.0/24, 10.20.40.0/22,
172.28.201.0/24, 172.28.200.0/30,
71.33.252.73,
myorigin = mail-dr.sharperagent.com
nested_header_checks = regexp:/etc/postfix/header_checks.regexp
propagate_unmatched_extensions = canonical, virtual
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 100000
queue_run_delay = 2000
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = $mydestination, $mynetworks, sharperagent.com,
agentcatalyst.com,
builderintouch.com, lenderintouch.com, mr-roboto.sharperagent.com,
minime.sharperagent.com,
relayhost =
smtp_connect_timeout = 10
smtp_helo_timeout = 10
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_authorized_verp_clients = $mynetworks
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_delay_reject = no
smtpd_error_sleep_time = 0
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname,
regexp:/etc/postfix/helo.regexp,
permit
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_pipelining, check_recipient_access
regexp:/etc/postfix/verp_redirect.regexp,
check_sender_access hash:/etc/postfix/sender_access,
check_client_access
regexp:/etc/postfix/habeas_header1.regexp, check_client_access
regexp:/etc/postfix/habeas_header2.regexp, check_client_access
regexp:/etc/postfix/habeas_header3.regexp, check_client_access
hash:/etc/postfix/client_access,
check_recipient_access hash:/etc/postfix/recipient_access,
permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_non_fqdn_hostname,
reject_rbl_client relays.ordb.org,
check_policy_service inet:127.0.0.1:60000
permit_mx_backup, reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_hostname, reject_non_fqdn_recipient,
reject_unauth_pipelining,
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access,
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
verp_delimiter_filter = -+=
virtual_alias_maps = hash:/etc/postfix/virtual
My log of attempting to send an e-mail looks like this:
Mar 20 09:06:34 mail-dr postfix/smtpd[9069]: connect from localhost[127.0.0.1]
Mar 20 09:06:34 mail-dr postfix/smtpd[9069]: 7A03D28E132:
client=localhost[127.0.0.1]
Mar 20 09:06:34 mail-dr postfix/cleanup[9072]: 7A03D28E132:
message-id=<20090320150634.7a03d28e...@mail-dr.sharperagent.com>
Mar 20 09:06:34 mail-dr postfix/qmgr[9062]: 7A03D28E132:
from=<ch...@chrisdos.com>, size=527, nrcpt=1 (queue
active)
Mar 20 09:06:34 mail-dr postfix/smtpd[9069]: lost connection after QUIT from
localhost[127.0.0.1]
Mar 20 09:06:34 mail-dr postfix/smtpd[9069]: disconnect from
localhost[127.0.0.1]
Mar 20 09:06:35 mail-dr postfix/smtp[9073]: 7A03D28E132:
to=<no-one-h...@chrisdos.com>,
relay=mail.chrisdos.com[71.33.251.73]:25, delay=0.96, delays=0.05/0.01/0.7/0.2,
dsn=5.1.1, status=bounced
(host mail.chrisdos.com[71.33.251.73] said: 550 5.1.1
<no-one-h...@chrisdos.com>: Recipient address rejected:
User unknown in local recipient table (in reply to RCPT TO command))
You send to mail.chrisdos.com, which doesn't have a user named
no-one-h...@chrisdos.com. Postfix creates a bounce.
Mar 20 09:06:35 mail-dr postfix/cleanup[9072]: 75D8529027D:
message-id=<20090320150635.75d85290...@mail-dr.sharperagent.com>
Mar 20 09:06:35 mail-dr postfix/qmgr[9062]: 75D8529027D: from=<>, size=2670,
nrcpt=1 (queue active)
Mar 20 09:06:35 mail-dr postfix/bounce[9074]: 7A03D28E132: sender non-delivery
notification: 75D8529027D
Mar 20 09:06:35 mail-dr postfix/qmgr[9062]: 7A03D28E132: removed
Mar 20 09:06:35 mail-dr postfix/smtp[9073]: 75D8529027D:
to=<chris+no-one-home=chrisdos....@chrisdos.com>,
relay=mail.chrisdos.com[71.33.251.73]:25, delay=0.19, delays=0.02/0/0.11/0.06,
dsn=5.1.1, status=bounced (host
mail.chrisdos.com[71.33.251.73] said: 550 5.1.1
<chris+no-one-home=chrisdos....@chrisdos.com>: Recipient
address rejected: User unknown in local recipient table (in reply to RCPT TO
command))
Postfix tries to deliver the bounce to
chris+no-one-home=chrisdos....@chrisdos.com, which doesn't exit.
Mar 20 09:06:35 mail-dr postfix/qmgr[9062]: 75D8529027D: removed
I'm trying to intercept the bounce:
to=<chris+no-one-home=chrisdos....@chrisdos.com>
Any ideas why this is not working. I'm so frustrated at this point, it's nuts.
Chris
Couple of problems here...
You're never sending any mail out. All the logs you show are
postfix internal mail. Internal mail is not subject to any
checks.
You can't catch a bounce on the way out. All postfix access
controls, header_checks, check_sender_access, etc, operate on
input.
You're pointing the gun the wrong way.
-- Noel Jones
