On 2025-01-15 15:44:35 +1100, Viktor Dukhovni via Postfix-users wrote: > On Wed, Jan 15, 2025 at 03:47:19AM +0100, Vincent Lefevre via Postfix-users > wrote: > > > As documented in https://www.postfix.org/VIRTUAL_README.html > > section "Mail forwarding domains", to forward mail to another user, > > I have in the /etc/postfix/main.cf file (something set up in 2009): > > > > virtual_alias_domains = vinc17.org > > virtual_alias_maps = hash:/etc/postfix/virtual > > > > and in the /etc/postfix/virtual file, something like: > > > > na...@vinc17.org name2@somewhere > > > > (where "somewhere" is orange.fr). > > This works well for aliasing names in domains you control to one or more > underlying recipient names, *also* in domains *you control*. > > It has long ago ceased to be a viable approach for redirecting mail to > domains you don't control.
OK, thanks for the information. How about updating the documentation? > > 2024-12-18T18:15:25.205389+01:00 joooj postfix/smtp[444194]: C8A103D3: > > to=<name2@somewhere>, orig_to=<na...@vinc17.org>, > > relay=smtp-in2.orange.fr[80.12.24.83]:25, delay=4.5, > > delays=0.25/0.09/3.1/1.1, dsn=5.2.0, status=bounced (host > > smtp-in2.orange.fr[80.12.24.83] said: 501 5.2.0 NxdotzYeoM5hi Mail rejete. > > Mail rejected. SPF check failed. OFR004_519 [519] (in reply to end of DATA > > command)) > > As expected. This fails SPF, ... and may aslo fail anti-spoofing if > the message originated from the ultimate destination domain. > > Forwarding to remote domains is better not done at all, but if it must > be done, it should use aliases(5) with an owner-alias, to effect a > change in the envelope sender address. > > owner-local-name: responsible-contact@local.example > local-name: remote-name@remote.example What's the purpose of responsible-contact@local.example? (I suppose that it is sufficient that the sender is notified thanks to the usual SMTP error code. This is not a mailing-list here.) > A virtual(5) rewrite, can be added if the original domain is not a > "local" domain (see ADDRESS_CLASS_README). > > virtual: > virtual-name@virtual.example local-name@local.example > > main.cf: > mydestination = local.example I already have this kind of things for local forwarding of some of my addresses (from the vinc17.org virtual domain to the vinc17.net real domain). But my question was also about the non-delivery notification. Here are the full logs: 2024-12-18T18:15:20.424819+01:00 joooj postfix/smtpd[444180]: connect from smtp-outgoing-2003.laposte.net[160.92.124.110] 2024-12-18T18:15:20.530917+01:00 joooj postfix/smtpd[444180]: Anonymous TLS connection established from smtp-outgoing-2003.laposte.net[160.92.124.110]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256 2024-12-18T18:15:20.824788+01:00 joooj postfix/smtpd[444180]: C8A103D3: client=smtp-outgoing-2003.laposte.net[160.92.124.110] 2024-12-18T18:15:20.838206+01:00 joooj postfix/cleanup[444188]: C8A103D3: message-id=<23044213.3717056.1734542112...@wlpnf0212.sys.meshcore.net> 2024-12-18T18:15:20.867907+01:00 joooj postfix/qmgr[442884]: C8A103D3: from=<some_address>, size=32714, nrcpt=1 (queue active) 2024-12-18T18:15:24.095365+01:00 joooj postfix/smtp[444194]: Trusted TLS connection established to smtp-in2.orange.fr[80.12.24.83]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) 2024-12-18T18:15:25.205389+01:00 joooj postfix/smtp[444194]: C8A103D3: [the rejected forwarding, with SMTP error 501] 2024-12-18T18:15:25.213201+01:00 joooj postfix/cleanup[444188]: 333874D0: message-id=<20241218171525.33387...@joooj.vinc17.net> 2024-12-18T18:15:25.233506+01:00 joooj postfix/bounce[444197]: C8A103D3: sender non-delivery notification: 333874D0 2024-12-18T18:15:25.239584+01:00 joooj postfix/qmgr[442884]: 333874D0: from=<>, size=34908, nrcpt=1 (queue active) 2024-12-18T18:15:25.248173+01:00 joooj postfix/qmgr[442884]: C8A103D3: removed 2024-12-18T18:15:31.129852+01:00 joooj postfix/smtp[444194]: Trusted TLS connection established to smtpz4.laposte.net[160.92.124.66]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 2024-12-18T18:15:31.312100+01:00 joooj postfix/smtp[444194]: 333874D0: to=<some_address>, relay=smtpz4.laposte.net[160.92.124.66]:25, delay=6.1, delays=0.03/0/5.9/0.13, dsn=4.7.0, status=deferred (host smtpz4.laposte.net[160.92.124.66] said: 450 4.7.0 Service refuse. Veuillez essayer plus tard. service refused, please try later. LPN007_510 (in reply to end of DATA command)) 2024-12-18T18:16:21.014425+01:00 joooj postfix/smtpd[444180]: disconnect from smtp-outgoing-2003.laposte.net[160.92.124.110] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 noop=1 quit=1 commands=8 Why this to=<some_address> message to smtpz4.laposte.net? Isn't it possible to avoid such messages entirely, e.g. would the use of an alias solve that? Bounces should be sent by the originating server (here, smtp-outgoing-2003.laposte.net) based on the SMTP error code, not by my server to the remote domain. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
