>>>>> "Noel" == Noel Jones <njo...@megan.vbhcs.org> writes:
Noel> On 3/31/2017 3:50 PM, John Stoffel wrote: >> So I created the following entry in my header_checks file: >> >> /^Delivered-To:/ WARN Found email with Delivered-To: header already in it! >> >> And while it did correctly warn on a bogus email that matched with >> looping, it also matched on a bunch of other emails, which didn't get >> rejected for looping. Noel> Postfix bounces mail when the Delivered-To address is the same as Noel> the current recipient. Yup, that's what I'm seeing here. I upgraded to postfix 2.11.6 on RHEL6 by hand, which went ok with just the minor bobble of needed to add in the line: smtp_host_lookup = dns, native because 'make upgrade' didn't do that. >> So I'm wondering if the problem is that I'm not accepting email for my >> legacy "foo.com" domain properly, while I am accepting email for my >> "foo.bar.com" domain that we're now supposed to be using for all >> email. >> Noel> The easiest explanation is that you are accepting mail for the Noel> old domain, then forwarding it through outlook back to the new Noel> domain. Or something similar. I'm not. Once I did my upgrade, I was able to add the line you suggested to header_checks and I confirmed that the email released from the EOP (Microsoft Spam filtering setup we use) only has received headers from the sender of the spam, the mail.protection.outlook.com servers, and then my server where it gets rejected with the mail forwarding loop. >> I'm glad I just did a warning match at first, instead of holding all >> these emails, because it would have been a disaster for a bit until I >> figured it out. Is there anyway, besides the hold queue to just log >> all the headers of these messages so I can try to understand the issue >> in more detail? Noel> To log all headers, use a header_check like: Noel> /./ info Needed to upgrade from 2.6.6 (RHEL6) to 2.11.6 to make this work. Noel> NOTE: postfix only allows one header_check rule per header, so this Noel> will disable any header_checks below it. Usually people put a Noel> log-all rule like this at the end of header_checks file. >> I suspect that part of the problem is that we use >> this server for outgoing emails, but all incoming from the internet >> arrives through *.outbound.protection.outlook.com, so maybe they do >> something to the headers? Noel> Test; don't speculate. As a bystander, my job it to speculate: I Noel> don't think outlook is adding the offending headers. Someone is adding this header and it's not me from what I can see. The incoming email DOES have a bunch of local NIS aliases: jojo -> happy -> happy@exchange-internal But I would think that a Delivered-To: header doesn't get added until the email passes all the way through the system onto the next destination? Sorry to be such a pain here, I'm pulling my hair out trying to chase this down. It all used to work before I put postfix in place to replace an ancient crappy sendmail install. John
