Re: simple temporary redirection(s) of all mail?

Mon, 23 Nov 2020 06:27:57 -0800 

On 11/22/20 11:58 AM, Wietse Venema wrote:


This would be good fit for virtual_alias_maps (and maybe adding



domains to virtual_alias_domains, see note below). virtual_alias_maps



replaces the envelope recipient without replacing header addresses,



and it works for single-recipient mail equally well as multi-recipient



mail.




I'm trying this 'temporary redirect' approach for several configs.



For one working setup/config, mail to "us...@example.com" is normally accepted by 
my postfix frontend, & flows through to my backend(s).



Adding the intercepting virtual_alias_* redirect "early" in the frontend config



        master.cf



                [mx1.example.net]:25  inet  n  -  n  -  1  postscreen

                -o postscreen_tls_security_level=may

                -o 
smtpd_authorized_xforward_hosts=127.0.0.0/8,$var_MX1/32,$var_MX2/32

                -o smtpd_service_name=postscreen-internal



                postscreen-internal pass  -  -  n  -  -  smtpd

                -o syslog_name=postfix/postscreen-internal

        +       -o 
virtual_alias_domains=lmdb:/etc/postfix/TEMP_virtual_alias_domains

        +       -o virtual_alias_maps=lmdb:/etc/postfix/TEMP_virtual_alias_maps

                -o smtpd_tls_ask_ccert=no

                -o smtpd_tls_security_level=may

                -o smtpd_tls_loglevel=1

                -o smtpd_tls_received_header=yes

                -o 
address_verify_transport_maps=lmdb:/etc/postfix/adress_verify_transport_map

                -o 
smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination,permit

                -o 
smtpd_authorized_xforward_hosts=127.0.0.0/8,$var_MX1/32,$var_MX2/32

                -o smtpd_client_connection_count_limit=25

                -o smtpd_client_connection_rate_limit=0

                -o anvil_rate_time_unit=60s

                -o smtpd_proxy_timeout=300s

                -o smtpd_proxy_options=speed_adjust

                -o smtpd_proxy_filter=[127.0.0.1]:21030



                ...



where



        cat /etc/postfix/TEMP_virtual_alias_domains

                example.com    REDIRECT



        cat /etc/postfix/TEMP_virtual_alias_maps

                us...@example.com    us...@someother.com





With that^, I intended for mail to



        us...@example.com



to be immediately intercepted+redirected to us...@someother.com.



It does not.

Instead, it flows through as usual to my backend.



I _think_ my virtual_alias_* syntax/usage is correct.

Is the fail-to-redirect an order of execution problem?



My notes on usual exec order are:



        postscreen, smtpd_mumble_restrictions, milter SMTP command inspection,

        smtpd_proxy_filter, header/body_checks, milter header/body inspection, 
content_filter



Is the virtual_alias_* considered a "header/body_checks", lower in priority than the 
existing/used "smtpd_proxy_filter",

and hence is ignored?



Or is my fail to redirect due to another cause?

























					Reply via email to