On Tue, Jun 16, 2015 at 12:36:58PM +0200, Maarten Vanraes wrote:
> 1. an email is sent to the company (postfix + content_filter + zarafa(lmtp))
> 2. zarafa sends a forward to gmail (zarafa -> postfix -> gmail)
This is the broken step, the zarafa "forward" is severely misconfigured,
in that it replaces the original envelope sender address with the
user's address. This is especially bad when the original envelope
sender is '<>' (the null or error sender).
> 3. gmail rejects
> 4. postfix bounces to original user (thus goes to zarafa(lmtp))
No Postfix, bounces to the forwarder of the mail, not to the original
sender, thus the loop.
> 5. zarafa sends a forward to gmail (zarafa -> postfix -> gmail)
> 6. gmail rejects
> 7. postfix bounces to original user (thus goes to zarafa(lmtp))
> ...
>
> ad nauseam...
>
> thus, quickly the zarafa mailserver has thousands of bounces in a few
> minutes...
>
>
> Is there a way to solve this issue? postfix obviously can't use the double-
> bounce check here, right? or not?
The fix is to NOT allow the user to forward his mail to Gmail via
the broken Zarafa forwarding mechanism. Either arrange for forwarding
to happen at the Postfix layer (which won't damage the envelope
sender address), or do not do it all.
Mind you, with forwarding at the Postfix layer, you run into SPF
issues with domains whose administrators (sheep!) publish SPF
records.
So by far the simplest thing is to NOT auto-forward to Gmail.
--
Viktor.
