> > Hello list-
> >
> > Our Postfix instance is set up as a relay for our Exchange server.
> > It utilizes anti-spam and anti-viruses measures such as postscreen,
> > clamav, and sanesecurity sigs. We want to send out an autoreply
> > for each incoming email addressed to a specific email address
> > listed in the relay_recipient table. I've located an appropriate
> > vacation.pl script at
> >
> https://github.com/valkum/postfixadmin/blob/cdcccddbe2e1d6758cd63899e7b897
> 3156f1412a/VIRTUAL_VACATION/vacation.pl
> > which could be modified for our situation (no need to reinvent the
> > wheel).
> >
> > I'm looking for a trigger that will fire off an autoreply message
> > when it has detected an incoming email that is addressed to a
> > specific email address in the relay_recipient table.
> >
> > Every autoreply posting I've seen on the Internet deals with local
> > users using virtual addresses. But I am unable to find any information
> > on how I can do this in a relay configuration. I looked at milters
> > and unfortunately I cannot seem to identify one that would work
> > in our case. PostfixAdmin seems to be overkill for a mail relay.
>
> As described in vacation.pl's INSTALL.TXT file set up a virtual_alias_maps
> (NOT: virtual_alias_domains) entry such that e.g. mail to bi...@goat.com
> will be delivered to
> bi...@goat.com AND
> billy#goat....@autoreply.goat.com
>
> I.e. a virtual alias mapping
>
> bi...@goat.com -> bi...@goat.com, billy#goat....@autoreply.goat.com
>
> and follow instructions to deliver billy#goat....@autoreply.goat.com
> to the vacation.pl script.
>
I'm having trouble getting mail delivered properly in a mail relay setup. There
are two issues here. The first issue is the way the addresses are translated
during an alias expansion when the vacation.pl is executed. The second is that
the helo checks are not waived for those within 'mynetwork'.
Here is an error message from the Exchange server receiving the original
message that is being forwarded by the vacation.pl script:
This is the mail system at host mailfilter.example1.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<webmaster.example1....@example1.com> (expanded from
<webmas...@example1.com>):
host 192.168.xx1.33[192.168.xx1.33] said: 550 5.1.1 User
unknown (in reply
to RCPT TO command)
Final-Recipient: rfc822; webmaster.example1....@example1.com
Original-Recipient: rfc822;webmas...@example1.com
Action: failed
Status: 5.1.1
Remote-MTA: dns; 192.168.xx1.33
Diagnostic-Code: smtp; 550 5.1.1 User unknown
---------- Forwarded message ----------
From: Doug Sampson <dsampso...@nospam-gmail.com>
To: webmas...@example1.com
Cc:
Date: Wed, 17 Sep 2014 17:14:04 -0700
Subject: TEST 15
~Doug
--
As you can see the address of webmas...@example1.com gets translated to
webmaster.example1....@example1.com.
Here's the error message of the helo checks being executed when an email is
received
Sep 18 09:47:51 mailfilter postfix/postscreen[68427]: CONNECT from
[209.85.212.170]:40883
Sep 18 09:47:51 mailfilter postfix/postscreen[68427]: WHITELISTED
[209.85.212.170]:40883
Sep 18 09:47:51 mailfilter postfix/smtpd[72903]: connect from
mail-wi0-f170.google.com[209.85.21
2.170]
Sep 18 09:47:52 mailfilter postfix/smtpd[72903]: 7B8FC2E5DE:
client=mail-wi0-f170.google.com[209
.85.212.170]
Sep 18 09:47:52 mailfilter postfix/cleanup[72965]: 7B8FC2E5DE:
message-id=<CANh6f_FNe57x36uaqe17
scbeut_8uzotxt1gvnepz0cazfj...@mail.gmail.com>
Sep 18 09:47:52 mailfilter postfix/qmgr[68423]: 7B8FC2E5DE:
from=<dsampso...@nospam-gmail.com>, size=15
47, nrcpt=2 (queue active)
Sep 18 09:47:53 mailfilter postfix/smtpd[72903]: disconnect from
mail-wi0-f170.google.com[209.85
.212.170]
Sep 18 09:47:55 mailfilter postfix/postscreen[68427]: DNSBL rank 6 for
[65.26.255.84]:52521
Sep 18 09:47:55 mailfilter postfix/postscreen[68427]: CONNECT from
[192.168.xx1.25]:16096
Sep 18 09:47:55 mailfilter postfix/postscreen[68427]: WHITELISTED
[192.168.xx1.25]:16096
Sep 18 09:47:55 mailfilter postfix/smtpd[72644]: connect from
unknown[192.168.xx1.25]
Sep 18 09:47:55 mailfilter postfix/smtpd[72644]: NOQUEUE: reject: RCPT from
unknown[192.168.xx1.25]: 504 5.5.2 <localhost>: Helo command rejected: need
fully-qualified hostname; from=<webmas...@example1.com>
to=<dsampso...@nospam-gmail.com> proto=ESMTP helo=<localhost>
Sep 18 09:47:55 mailfilter postfix/smtpd[72644]: disconnect from
unknown[192.168.xx1.25]
Sep 18 09:47:55 mailfilter postfix/pipe[72994]: 7B8FC2E5DE:
to=<webmaster#example1....@autoreply.example1.com>,
orig_to=<webmas...@example1.com>, relay=vacation, delay=3.8,
delays=1.3/0.01/0/2.4, dsn=2.0.0, status=sent (delivered via vacation service)
Sep 18 09:47:57 mailfilter postfix/smtp[72975]: 7B8FC2E5DE:
to=<webmaster.example1....@example1.com>, orig_to=<webmas...@example1.com>,
relay=192.168.xx1.33[192.168.xx1.33]:25, delay=6.3, delays=1.3/0/0/5,
dsn=5.1.1, status=bounced (host 192.168.xx1.33[192.168.xx1.33] said: 550 5.1.1
User unknown (in reply to RCPT TO command))
It's possible that the script isn't passing the actual hostname as there is a
message saying 'connect from unknown'. But the script is being executed on the
same mail relay! 192.168.xx1.25 is part of the 'mynetworks' variable! I also
don't receive the autoreply mail. I also wonder if the
reject_invalid_helo_hostname and reject_non_fqdn_helo_hostname are in effect
for all mail submissions even though permit_mynetworks is specified?
Running Postfix 2.8 as of now on a FreeBSD 9.2 system.
Here is the output of postconf -n:
mailfilter-root@/usr/local/etc/postfix# postconf -n
anvil_rate_time_unit = 50s
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 30
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4
lmtp_host_lookup = native
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
milter_default_action = accept
milter_header_checks = pcre:/usr/local/etc/postfix/milter_header_checks.pcre
mydestination =
mydomain = example1.com
myhostname = mailfilter.example1.com
mynetworks = 127.0.0.0/8 192.168.xx1.0/24 192.168.xx2.0/24 example1.com
70.4x.xx2.0/24 216.7x.2xx.xx/28 localhost
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr,
cidr:/usr/local/etc/postfix/postscreen-mywhite.cidr,
cidr:/usr/local/etc/postfix/postscreen-spf.cidr
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = enforce
postscreen_cache_map = /var/db/postfix/postscreen_temp_whitelist
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3,
b.barracudacentral.org*2,
bl.spameatingmonkey.net*2,
bl.spamcop.net,
dnsbl.sorbs.net,
psbl.surriel.com,
bl.mailspike.net,
list.dnswl.org=127.0.[2..14].[2..3]*-4
postscreen_dnsbl_threshold = 3
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = example1.com, example2.com
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
show_user_unknown_table_name = no
smtp_bind_address = 0.0.0.0
smtp_host_lookup = native
smtpd_banner = example1.com ESMTP
smtpd_data_restrictions = reject_unauth_pipelining,
permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10
smtpd_hard_error_limit = ${stress?1}${stress:10}
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
check_helo_access hash:/usr/local/etc/postfix/helo_checks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_junk_command_limit = 3
smtpd_milters = unix:/var/run/clamav/clmilter.sock
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access
pcre:/usr/local/etc/postfix/recipient_checks.pcre,
check_helo_access hash:/usr/local/etc/postfix/helo_checks,
check_sender_access hash:/usr/local/etc/postfix/sender_checks,
check_client_access
cidr:/usr/local/etc/postfix/client_checks.cidr,
check_client_access hash:/usr/local/etc/postfix/client_checks,
check_client_access
pcre:/usr/local/etc/postfix/client_checks.pcre,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
permit
smtpd_soft_error_limit = 2
smtpd_timeout = 120s
strict_rfc821_envelopes = yes
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
mailfilter-root@/usr/local/etc/postfix#
content of /usr/local/etc/postfix/transport:
example1.com smtp:192.168.xx1.33
.example1.com smtp:192.168.xx1.33
example2.com smtp:192.168.xx1.33
.example2.com smtp:192.168.xx1.33
autoreply.example1.com vacation:
content of /usr/local/etc/postfix/virtual:
postmaster postmas...@example1.com
abuse ab...@example1.com
root ad...@example1.com
#webmaster webmas...@example1.com
webmas...@example1.com webmaster.example1.com,
webmaster#example1....@autoreply.example1.com
content of master.cf:
mailfilter-root@/usr/local/etc/postfix# cat ./master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
#local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
# set up autoreply to mail received by ord...@example1.com
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/auto-reply.pl -f ${sender} --
${recipient}
A couple of thoughts.
I've run this mail relay for several years- no issues. This mail server was set
up using mail relay configuration documentation available pre-2009. I see that
there appears to be some changes in the use of the VIRTUAL file.
http://www.postfix.org/VIRTUAL_README.html
Should I set up virtual_alias_domains within the main.cf pointing to my two
domain names? If so, how do I forward mail to the proper mail server? I don't
see any IP address(es) specified for the destination mail server.
Also, down the VIRTUAL webpage is a section dealing with autoreplies. Relevant
section:
/etc/postfix/main.cf:
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual:
u...@domain.tld u...@domain.tld,
u...@domain.tld@autoreply.mydomain.tld
^
The above info differs from the info in the INSTALL.TXT in that
u...@domain.tld@autoreply.mydomain.tld is specified instead of
user#domain....@autoreply.mydomain.tld that is specified in the INSTALL.TXT
file.
Secondly, should I remove the second instance of check_helo_access from
smtpd_client_restrictions given that it is part of the smtpd_helo_restrictions?
Thank you in advance for any help you can provide!
~Doug
