I added SPF and header_checks to my Postfix setup.
I'm following the message path, and have a couple questions about what error
gets reported back to the sender.
After postscreen PASS, I check for SPF, then hand off to Amavis preque for DKIM
psint pass - - n - - smtpd
-o receive_override_options=no_address_mappings
-o syslog_name=postfix/psint
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_proxy_filter=127.0.0.1:13001
-o
smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination,check_policy_service,unix:private/policyd-spf
Amavis returns, submits to DMARC, then passes to Amavis postqueue for A/V
[127.0.0.1]:13002 inet n - n - - smtpd
-o content_filter=amavis:[127.0.0.1]:13003
-o syslog_name=postfix/prequeue
-o mynetworks=127.0.0.0/8
-o non_smtpd_milters=inet:127.0.0.1:8893
-o receive_override_options=no_unknown_recipient_checks
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=
-o smtpd_etrn_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_milters=inet:127.0.0.1:8893
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_relay_restrictions=permit_mynetworks,reject
-o smtpd_sender_restrictions=
I turned on header checks
main.cf
header_checks = pcre:${config_directory}/header_checks.pcre
header_checks.pcre
/^(To|From|Cc|Reply-To):.*carmen_garcia*/i REJECT
So, I expect that mail with any sender/recipient that includes "carmen_garcia"
will get REJECTed
My logs show it does
Apr 5 04:29:11 mail01 postfix/psint/smtpd[9355]: NOQUEUE:
client=vps.capacit.cl[45.79.11.29]
Apr 5 04:29:11 mail01 postfix/prequeue/smtpd[9362]: connect from
localhost[127.0.0.1]
Apr 5 04:29:11 mail01 postfix/prequeue/smtpd[9362]: 3qgDTM6nLdz31QN:
client=localhost[127.0.0.1], orig_client=vps.capacit.cl[45.79.11.29]
Apr 5 04:29:11 mail01 postfix/cleanup[9364]: 3qgDTM6nLdz31QN: reject:
header To: ja...@hotmail.com, christophe.eb...@freesbee.fr,
goldent...@imageshack.us,? linda...@hotmail.com, gabrumun...@gmail.com,
carmen_garcia1...@yahoo.com,? andre...@gmail.com, smwilliams...@breathe.co from
vps.capacit.cl[45.79.11.29]; from=<ceci...@capacit.cl>
to=<exampl...@example.com> proto=ESMTP helo=<vps.capacit.cl>: 5.7.1
Apr 5 04:29:11 mail01 postfix/prequeue/smtpd[9362]: disconnect from
localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=0/1 quit=1
commands=5/6
Apr 5 04:29:11 mail01 postfix/psint/smtpd[9355]: proxy-reject:
END-OF-MESSAGE: 550 5.7.1 id=02796-15 - Rejected by next-hop MTA on relaying,
from MTA(smtp:[127.0.0.1]:13002): 550 5.7.1; from=<ceci...@capacit.cl>
to=<exampl...@example.com> proto=ESMTP helo=<vps.capacit.cl>
Apr 5 04:29:12 mail01 postfix/psint/smtpd[9355]: disconnect from
vps.capacit.cl[45.79.11.29] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1
commands=6/7
What's the sending server getting back here? Is the 550 REJECT message being
delivered to the sending server? Or only to my internal server doing the
handoff?
If it's seeing the 550, how can I stop exposing/reporting back "from
MTA(smtp:[127.0.0.1]:13002):" ? If it's just internal to my setup, then I
don't care.
Jason
