Thank you.
Bill Cole <postfixlists-070...@billmail.scconsult.com> writes:
> On 2023-01-16 at 22:14:15 UTC-0500 (Tue, 17 Jan 2023 10:14:15 +0700)
> Olivier <olivier.nic...@cs.ait.ac.th>
> is rumored to have said:
>
>> Hello,
>>
>> This is a preliminary request before I gather all needed informations.
>>
>> I have a problem with rewriting: I received an email from an outside
>> person and that person happens to have the same name as one of my
>> user. The sender's address has been rewritten to that of my user.
>>
>> ie: j...@gmail.com sent me an email, I have a user joe on my system,
>> the
>> mail delivered in my mailbox was bearing the address from:
>> j...@cs.ait.ac.th
>>
>> TYhis must be a mistake in my configuration of Postfix, but reading
>> through the documentation I cannot find what I am doing wrong. What
>> should I provide to get help?
>
> The output of "postconf -nf" and "postconf -Mf", the log lines relevant
> to the message (i.e. mentioning the queue ID) and the headers of the
> message, if possible. If you have canonical or generic rewriting
> configured, the relevant content of those maps would be essential as
> well.
>
> Note that it is not necessarily the case that Postfix did any rewriting.
> The From header of a message and the envelope sender address frequently
> have different addresses, particularly for mailing lists and spam.
postconf -nf
alias_maps = hash:/etc/aliases, ldap:$config_directory/ldap_user_alias,
ldap:$config_directory/ldap_deleted_alias,
ldap:$config_directory/ldap_user_alias_fullname,
ldap:$config_directory/ldap_deleted_alias_fullname,
ldap:$config_directory/ldap_alias
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
command_directory = /usr/local/sbin
content_filter = smtp-amavis:[localhost]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 5
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = $myhostname, localhost
inet_protocols = ipv4
lmtp_send_xforward_command = yes
local_destination_concurrency_limit = 1
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
local_recipient_maps = unix:passwd.byname, $alias_maps,
ldap:$config_directory/ldap_local_recipient
mail_owner = postfix
mailbox_command = /usr/local/bin/procmail -a $HOME
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
masquerade_domains = cs.ait.ac.th
masquerade_exceptions = root
message_size_limit = 41943940
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, ufo.$mydomain, banyan.$mydomain, ldap.$mydomain,
door.$mydomain, firewall.$mydomain, dns.$mydomain, amanda.$mydomain,
database.$mydomain, sysl.$mydomain, mailback.$mydomain, csim.ait.asia
mydomain = cs.ait.ac.th
mynetworks = 192.41.170.0/24, 203.159.32.0/32
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_canonical_maps = ldap:$config_directory/ldap_user_uncanonical,
ldap:$config_directory/ldap_deleted_uncanonical
recipient_delimiter = +
relay_domains = cs.ait.ac.th, vgl-vforge.cs.ait.ac.th, ait.ac.th, dec.ait.ac.th,
interlab.ait.ac.th, mail.cs.ait.ac.th
sample_directory = /usr/local/etc
sender_canonical_maps = ldap:$config_directory/ldap_canonical
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/run/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_auth_rate_limit = 3
smtpd_client_restrictions = check_client_access
cidr:$config_directory/amavis_bypass
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /usr/local/ssl/ca/mail.cs.ait.ac.th.ca
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/ssl/crt/mail.cs.ait.ac.th.crt
smtpd_tls_key_file = /usr/local/ssl/key/mail.cs.ait.ac.th.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/run/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtputf8_enable = yes
tls_daemon_random_bytes = 32
tls_random_bytes = 32
tls_random_exchange_name = /var/run/postfix/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/transport
unknown_local_recipient_reject_code = 550
postconf -Mf
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - 10 local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
postlog unix-dgram n - n - 1 postlogd
I have several rewrittings, all using LDAP, for example:
more ldap_canonical
# Rewrite user into firstname.lastname
server_host= ldaps://ldap.cs.ait.ac.th/
search_base= ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
query_filter = (&(mail=%s)(csimAccountPermission=mail))
result_attribute= csimFullName
scope= one
version= 3
The problem occurs for individual emails, not list or spam.
Jan 17 10:18:05 mail postfix/smtpd[32375]: Anonymous TLS connection
established from mail-ot1-f47.google.com[209.85.210.47]: TLSv1.3 with
cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519
server-signature RSA-PSS (2048 bits) server-digest SHA256
Jan 17 10:18:06 mail postfix/smtpd[32375]: 873DF89283:
client=mail-ot1-f47.google.com[209.85.210.47]
Jan 17 10:18:06 mail postfix/cleanup[32377]: warning: 873DF89283:
multi-valued sender_canonical_maps entry for olivier2...@gmail.com
Jan 17 10:18:06 mail postfix/cleanup[32377]: 873DF89283:
message-id=<CA+g+BvjEvRsvs4vYHNf4EdAC7Bi=xdvsq746g7kdbo8w9vm...@mail.gmail.com>
Jan 17 10:18:06 mail postfix/qmgr[1261]: 873DF89283:
from=<olivier.nic...@cs.ait.ac.th>, size=2639, nrcpt=1 (queue active)
At this stage, the rewritting has already occured.
The rewritting is occuring because in the LDAP entry for user
olivier.nic...@cs.ait.ac.th, there is the value olivier2553@gmail
defined as an forwarding alias in the attribute mail (attribute used in
the canonical rule above).
I have to dig in deeper and understand how to limit the rewritting of
the sender to outgoing messages.
Berst regards,
Olivier
--
