On Tue, Sep 01, 2020 at 08:59:19PM +0100, Nick wrote:
> > See above, this does not work.
>
> (I've since removed '-o bounce_service_name=...', it doesn't seem to
> matter here.) Again, it works well enough for me - a mail with a forged
> header-from goes into the hold queue and nowhere else.
It does not work, because the queue manager is unable to contact the
bounce service, and so I would expect that the bounce logs are not
deleted, and perhaps even the queue file persists to retry the
bounce... I don't recall the details, but replacing the bounce
service with a delivery agent breaks trace probes, breaks sender
and recipient verification (probes) and probably prevents proper
message cleanup.
> > This is really broken. The bounce(8) service is an internal component
> > that is NOT a delivery agent. It does not speak the same protocol as
> > discard(8) which is a delivery agent.
> >
> > > Sep 1 10:35:36 rolly bounce-discard/discard[11387]: warning: unexpected
> > > attribute nrequest from bounce-discard socket (expecting: flags)
> > > Sep 1 10:35:36 rolly bounce-discard/discard[11387]: warning:
> > > deliver_request_get: error receiving common attributes
> >
> > These are symptoms of the breakage.
>
> Breakage is kind of what I want, in that it prevents bounces to forged
> sender addresses (and assuming it isn't storing up trouble I'm not yet
> aware of).
No, I am not talking about mail not being delivered, I am talking
about Postfix no longer working properly.
--
Viktor.
