On 11/28/2012 1:17 PM, Will Yardley wrote: > [Apologies in advance for the less than complete information below; > hoping someone may have an idea of what's happening anyway] > > I'm having a problem where messages are accepted but then seem to > generate a mail forwarding loop. It seems to happen a lot with mail from > a particular spammer.
There was a discussion earlier this month about some spammer including a Delivered-To: header in their spam. Postfix local(8) uses this header to detect loops and will bounce messages with a Delivered-To: header equal to the current recipient. Seems likely this is your problem too. There were some suggestions for dealing with it in that discussion, but there is no particularly good solution -- see archives. The best solution is to detect the message as spam and reject it before the Delivered-To: header is a factor. > > The To: header in the raw email as viewed in postcat looks like this: > To: f...@example.edu <f...@example.edu> Postfix doesn't use To: headers for delivery, only envelope information. > > (where f...@example.edu is a valid address which works in other cases; > the unbracketed address isn't quoted, though in my tests, Postfix seems > to fix this by quoting the bare address, so I'm not sure why that's not > the case in the queue file). > > Postfix accepts the mail initially, but then the mail gets rejected > (and, since the sender domain resolves to a host which has no mail > server listening, the DSN sits in our queues for days). > > Nov 27 05:05:47 hostname postfix/smtpd[32160]: 0C18B32807B: > client=ajaxkottely.info[93.115.135.15] This client is listed in the zen and barracudacentral RBLs today, maybe they weren't listed yet yesterday. You are using some RBLs? > Nov 27 05:05:47 hostname postfix/cleanup[32525]: 0C18B32807B: > message-id=<673371cd-8f1f-0dc8-cd7d-a4571d4c1...@ajaxkottely.info> > Nov 27 05:05:47 hostname postfix/qmgr[7633]: 0C18B32807B: > from=<medicare.enrollm...@ajaxkottely.info>, size=8323, nrcpt=1 (queue active) > Nov 27 05:05:47 hostname postfix/lmtp[31222]: DD086328056: > to=<f...@example.edu>, relay=127.0.0.1[127.0.0.1]:33325, conn_use=2, > delay=9.4, delays=1.8/0/0/7.6, dsn=2.0.0, status=sent (250 2.0.0 from > MTA([127.0.0.1]:33326): 250 2.0.0 Ok: queued as 0C18B32807B) > Nov 27 05:05:47 hostname postfix/local[32177]: 0C18B32807B: > to=<f...@example.edu>, relay=local, delay=0.04, delays=0.02/0.02/0/0.01, > dsn=5.4.6, status=bounced (mail forwarding loop for f...@example.edu) > > Unfortunately, I can't post full postconf -n output here (see snippets > below), but suffice it to say that I'm confident that mail to > f...@example.edu works under most conditions. Is there anything I can do > to figure out the cause of this? > > Users are defined in LDAP, and in this case, example.edu is *not* a > virtual domain. localhost:33326 is the return from amavis. > > mail_version = 2.3.3 > alias_maps = proxy:ldap:acct_alias_ldap, > proxy:ldap:other_alias_ldap, > hash:/etc/postfix/config/aliases > virtual_alias_maps = hash:/etc/postfix/config/virtusertable > > I will try adding the sending host in question to $debug_peer_list to > see if I get any more information. I am happy to provide other debugging > information within reason if it's possible. If this is a single offending host, seems as if adding them to a local blacklist is the easiest solution. > > w > -- Noel Jones
