I have a problem that seems to have started when I upgraded from Ubuntu
14.04/Postfix 2.11.0 to Ubuntu 16.04/Postfix 3.1.0. It involves the From:
and Return Path: addresses seen by recipients of mail sent from a virtual
domain on that machine.
Clients of Google, Yahoo, Rackspace, . see the From: and Return Path:
address as <user>@<virtual-domain>, which is correct.
Clients of one (rather large) email service provider see the From: and
Return Path: address as <user>@<gateway-hostname>, which is wrong.
The one email provider might have something wrong on their end. BUT: The
problem doesn't happen with mail received at that provider from a similarly
configured gateway/virtual domain, which is still running Ubuntu
14.04/Postfix 2.11.0. And the problem didn't start happening on the machine
in question until the machine was upgraded to Ubuntu 16.04/Postfix 3.1.0.
So my money is on a mistake on my end. I just can't find it.
I've done file comparisons between the postfix 2.11.0 and 3.1.0 machines,
and between the old and new configs of the 3.1.0 machine, and I just can't
find any significant differences (i.e. other than hostname changes, etc.).
Below is postconf info for the current main.cf and master.cf.
Thanks in advance for any help.
Michael
$ postconf -pnf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = yes
biff = no
body_checks = pcre:${config_directory}/body_checks.pcre
bounce_queue_lifetime = 12h
bounce_template_file = ${config_directory}/bounce.cf
broken_sasl_auth_clients = yes
canonical_maps = pcre:${config_directory}/canonical.pcre
compatibility_level = 2
content_filter = amavisfeed:[127.0.0.1]:10024
delay_warning_time = 2h
fast_flush_domains = $relay_domains
header_checks = pcre:${config_directory}/header_checks.pcre
html_directory = /usr/share/doc/postfix/html
inet_interfaces = $xsc_inet_interfaces
mailbox_size_limit = 51200000
maximal_queue_lifetime = 12h
message_size_limit = 10240000
milter_default_action = accept
milter_protocol = 6
mime_header_checks = pcre:${config_directory}/mime_header_checks.pcre
mua_client_connection_count_limit = 5
mua_client_connection_rate_limit = 10
mua_client_message_rate_limit = 10
mua_client_recipient_rate_limit = 50
mua_client_restrictions = check_sasl_access
hash:${config_directory}/sasl_access
permit_sasl_authenticated reject
mua_discard_ehlo_keyword_address_maps =
cidr:${config_directory}/ehlo_keyword.cidr
mua_helo_restrictions =
mua_recipient_limit = 25
mua_recipient_overshoot_limit = 25
mua_recipient_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain check_sasl_access
hash:${config_directory}/sasl_access check_recipient_access
hash:${config_directory}/roleaccount_exceptions check_recipient_access
pcre:${config_directory}/recipient_access.pcre check_recipient_access
pcre:${config_directory}/relay_recipient_access.pcre
check_recipient_access
pcre:${config_directory}/virtual_recipient_access.pcre permit
mua_relay_restrictions = permit_sasl_authenticated reject
mua_sender_restrictions = $mua_tls_client_restrictions
reject_non_fqdn_sender
reject_sender_login_mismatch permit_sasl_authenticated
reject_unknown_sender_domain reject_unlisted_sender permit
mua_tls_client_restrictions = check_client_access
cidr:${config_directory}/tls_clients.cidr
mydestination = $xsc_mydestination
mydomain = $xsc_mydomain
myhostname = $xsc_myhostname
mynetworks = $xsc_mynetworks
myorigin = $xsc_myorigin
non_smtpd_milters = inet:localhost:8891
postscreen_access_list = permit_mynetworks
cidr:${config_directory}/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
pcre:${config_directory}/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.spameatingmonkey.net*2
psbl.surriel.com*2 bl.spamcop.net
hostkarma.junkemailfilter.com=127.0.0.2
dnsbl.sorbs.net bl.mailspike.net swl.spamhaus.org*-4
list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2
list.dnswl.org=127.0.[0..255].2*-3 list.dnswl.org=127.0.[0..255].3*-4
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
proxy_interfaces = $xsc_proxy_interfaces
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = $xsc_relay_domains
relay_recipient_maps = pcre:${config_directory}/relay_recipients.pcre
relay_restrictions = check_sender_access
pcre:${config_directory}/relay_sender_access.pcre
remote_header_rewrite_domain = invalid.domain
smtp_host_lookup = native
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 20
smtpd_client_message_rate_limit = 20
smtpd_client_recipient_rate_limit = 200
smtpd_client_restrictions = permit_mynetworks check_client_access
pcre:${config_directory}/client_access.pcre
reject_unknown_reverse_client_hostname check_client_access
hash:${config_directory}/client_whitelist
check_reverse_client_hostname_access
pcre:${config_directory}/fqrdns.pcre
reject_rbl_client zen.spamhaus.org reject_rhsbl_reverse_client
dbl.spamhaus.org permit
smtpd_data_restrictions = reject_unauth_pipelining
reject_multi_recipient_bounce
permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 2s
smtpd_etrn_restrictions = permit_mynetworks permit_sasl_authenticated reject
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname reject_rhsbl_helo dbl.spamhaus.org
check_helo_access pcre:${config_directory}/helo_access.pcre permit
smtpd_junk_command_limit = 2
smtpd_milters = inet:localhost:8891
smtpd_recipient_limit = 100
smtpd_recipient_overshoot_limit = 100
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain check_recipient_access
hash:${config_directory}/roleaccount_exceptions check_recipient_access
pcre:${config_directory}/recipient_access.pcre check_recipient_access
pcre:${config_directory}/relay_recipient_access.pcre
check_recipient_access
pcre:${config_directory}/virtual_recipient_access.pcre permit
smtpd_reject_footer = \c. Diagnostic info: time ($localtime), client
($client_address:$client_port), server ($server_name).
smtpd_reject_unlisted_recipient = yes
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
permit
smtpd_restriction_classes = relay_restrictions virtual_quota_restrictions
smtpd_sasl_auth_enable = no
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:${config_directory}/sasl_senders
pcre:${config_directory}/sasl_senders_default.pcre
smtpd_sender_restrictions = reject_non_fqdn_sender permit_mynetworks
reject_unknown_sender_domain reject_unlisted_sender reject_rhsbl_sender
dbl.spamhaus.org check_sender_access
pcre:${config_directory}/sender_access.pcre check_sender_mx_access
cidr:${config_directory}/sender_mx_access.cidr permit
smtpd_soft_error_limit = 5
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_auth_only = no
smtpd_tls_cert_file = $xsc_smtpd_tls_cert_file
smtpd_tls_key_file = $xsc_smtpd_tls_key_file
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
transport_maps = hash:${config_directory}/transport
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = hash:${config_directory}/virtual_aliases
virtual_mailbox_domains = $xsc_virtual_mailbox_domains
virtual_mailbox_maps = hash:${config_directory}/virtual_mailboxes
virtual_quota_restrictions = check_policy_service inet:[127.0.0.1]:12340
virtual_transport = lmtp:unix:private/dovecot-lmtp
$ postconf -Mnf
postconf: fatal: with option -M, do not specify -n
sccsysop@w6xsc-gw:~$ postconf -Mf
smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
-o cleanup_service_name=pre-cleanup
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o
smtpd_discard_ehlo_keyword_address_maps=$mua_discard_ehlo_keyword_address_ma
ps
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_relay_restrictions=$mua_relay_restrictions
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
-o
smtpd_client_connection_count_limit=$mua_client_connection_count_limit
-o smtpd_client_connection_rate_limit=$mua_client_connection_rate_limit
-o smtpd_client_message_rate_limit=$mua_client_message_rate_limit
-o smtpd_client_recipient_rate_limit=$mua_client_recipient_rate_limit
-o smtpd_recipient_limit=$mua_recipient_limit
-o smtpd_recipient_overshoot_limit=$mua_recipient_overshoot_limit
-o milter_macro_daemon_name=ORIGINATING
-o cleanup_service_name=pre-cleanup
pickup unix n - y 60 1 pickup
-o cleanup_service_name=pre-cleanup
cleanup unix n - y - 0 cleanup
-o mime_header_checks=
-o nested_header_checks=
-o body_checks=
-o header_checks=
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F
user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe flags=FR
user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
${user}
pre-cleanup unix n - n - 0 cleanup
-o virtual_alias_maps=
amavisfeed unix - - n - 2 lmtp
-o syslog_name=postfix/amavisfeed
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o lmtp_tls_note_starttls_offer=no
127.0.0.1:10025 inet n - n - - smtpd
-o syslog_name=postfix/amavisreturn
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,n
o_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
