On 11/10/21 12:53 am, Peter wrote:
On 10/10/21 11:28 pm, Rob Kampen wrote:
smtp inet n - n - - smtpd
-o smtpd_recipient_restrictions= -o content_filter=spamassassin
I assume based on what you've said before that this is after you added
the workaround you mentioned, but the logs below are without the
smtpd_recipient_restrictions= part here?
Correct, once I added the
-o smtpd_recipient_restrictions=
the alias substitutions worked and the log becomes much longer as all
the various processes complete and add their trace to the maillog.
Cannot see how this log listing can possibly help as it contains only
three lines
Nonetheless I do appreciate seeing them, no offense but you can never
tell if someone's interpretations of the logs are accurate and so it's
best just to see the logs themselves.
Here is the log of the incorrectly rejected email coming into the new
MX - very short as it immediately rejects the alias recipient address
- which my other two MX do not do.
Right.
This led me to the conclusion that the alias substitution is not
taking place on my new MX whereas it does on my two working MX -
hence my addition to the smtp processing line at the top of the
master.cf file.
I wouldn't jump to that conclusion just yet, though.
That said, based on your config and logs I think I may have been wrong
in my previous guess and it may very well be related to your
policyd-spf. More on that in a bit.
Can you provide the output of the following commands (but substitute
the actual recipient domain and address for the munged versions you
supplied here):
postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf
postmap -q rob@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_forwardings.cf
postmap -q rob@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_email2email.cf
postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf
postmap -q rob@xxxxxxxxxxx mysql:/etc/postfix/mysql-virtual_mailboxes.cf
The results of the above should give a much better picture of what's
going on.
OK - just to let you know the munge I used.
example.com is an alias domain for example.org which is the actual
domain with Maildir space on the server.
rob@ is alias for rkampen@ thus the only real address is rkampen@xxxxxxxxxxx
now the results
[root@mx rkampen]# postmap -q example.org
mysql:/etc/postfix/mysql-virtual_alias_domains.cf
[root@mx rkampen]# postmap -q example.org
mysql:/etc/postfix/mysql-virtual_domains.cf
example.org
[root@mx rkampen]# postmap -q example.com
mysql:/etc/postfix/mysql-virtual_alias_domains.cf
example.com
[root@mx rkampen]# postmap -q example.com
mysql:/etc/postfix/mysql-virtual_domains.cf
[root@mx rkampen]# postmap -q rob@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_forwardings.cf
[root@mx rkampen]# postmap -q rob@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_forwardings.cf
rkampen@xxxxxxxxxxx
[root@mx rkampen]# postmap -q @example.com
mysql:/etc/postfix/mysql-virtual_forwardings.cf
@example.org
[root@mx rkampen]# postmap -q rob@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_email2email.cf
[root@mx rkampen]# postmap -q rob@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_email2email.cf
[root@mx rkampen]# postmap -q rkampen@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_email2email.cf
rkampen@xxxxxxxxxxx
[root@mx rkampen]# postmap -q rkampen@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_email2email.cf
[root@mx rkampen]# postmap -q rkampen@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_mailboxes.cf
[root@mx rkampen]# postmap -q rkampen@xxxxxxxxxxx
mysql:/etc/postfix/mysql-virtual_mailboxes.cf
example.org/rkampen/
As all but mysql-virtual_alias_domains.cf are copies from the other MX,
I think these are fine. Also as email presented via port 587 via an
authenticated STARTTLS session actually work fine, I have no reason to
suspect any issues in this area.
To check if it's the policyd that's causing the problem can you modify
the smtpd_recipient_restrictions line in main.cf and remove just the
"check_policy_service inet:localhost:12350," part? So that it reads
something like:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_policy_service unix:private/policyd-spf
Then check to see if it works after that (and provide logs again so I
can check things over). Note this also means reverting your
workaround in master.cf for this test.
Well that may have done it!
Now I get a correctly sent email with the alias substitutions done.
Funny how that line seems to cause no error on my two original MX -
looks like I better check them out a little more too.
Here is the munged log (same munging as above)
Oct 11 13:53:09 mx postfix/smtpd[10711]: connect from
mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030]
Oct 11 13:53:10 mx policyd-spf[10723]: ERROR: Unknown name "TestOnly" in
file "/etc/python-policyd-spf/policyd-spf.conf"
Oct 11 13:53:10 mx policyd-spf[10723]: None; identity=helo;
client-ip=2607:f8b0:4864:20::1030; helo=mail-pj1-x1030.google.com;
envelope-from=rob@xxxxxxxxxxxxxxxxxx; receiver=rkampen@xxxxxxxxxxx
Oct 11 13:53:11 mx policyd-spf[10723]: None; identity=mailfrom;
client-ip=2607:f8b0:4864:20::1030; helo=mail-pj1-x1030.google.com;
envelope-from=rob@xxxxxxxxxxxxxxxxxx; receiver=rkampen@xxxxxxxxxxx
Oct 11 13:53:11 mx postfix/smtpd[10711]: 332699E29D:
client=mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030]
Oct 11 13:53:11 mx postfix/cleanup[10725]: 332699E29D:
message-id=<8a5de3cf-3dbb-062e-e48c-69e320ff60e7@xxxxxxxxxxxxxxxxxx>
Oct 11 13:53:11 mx opendkim[1040]: 332699E29D: mail-pj1-x1030.google.com
[2607:f8b0:4864:20::1030] not internal
Oct 11 13:53:11 mx opendkim[1040]: 332699E29D: not authenticated
Oct 11 13:53:12 mx opendkim[1040]: 332699E29D: DKIM verification successful
Oct 11 13:53:12 mx postfix/qmgr[10600]: 332699E29D:
from=<rob@xxxxxxxxxxxxxxxxxx>, size=3223, nrcpt=1 (queue active)
Oct 11 13:53:12 mx spamd[2843]: spamd: connection from localhost
[::1]:42696 to port 783, fd 6
Oct 11 13:53:12 mx spamd[2843]: spamd: setuid to spamd succeeded
Oct 11 13:53:12 mx spamd[2843]: spamd: processing message
<8a5de3cf-3dbb-062e-e48c-69e320ff60e7@xxxxxxxxxxxxxxxxxx> for spamd:5001
Oct 11 13:53:12 mx postfix/smtpd[10711]: disconnect from
mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030]
Oct 11 13:53:13 mx spamd[2843]: spamd: clean message (0.0/5.0) for
spamd:5001 in 1.2 seconds, 3432 bytes.
Oct 11 13:53:13 mx spamd[2843]: spamd: result: . 0 -
DKIM_SIGNED,DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE
scantime=1.2,size=3432,user=spamd,uid=5001,required_score=5.0,rhost=localhost,raddr=::1,rport=42696,mid=<8a5de3cf-3dbb-062e-e48c-69e320ff60e7@xxxxxxxxxxxxxxxxxx>,autolearn=ham
autolearn_force=no
Oct 11 13:53:13 mx postfix/pipe[10727]: 332699E29D:
to=<rkampen@xxxxxxxxxxx>, orig_to=<rkampen@xxxxxxxxxxx>,
relay=spamassassin, delay=3.4, delays=2.1/0.02/0/1.3, dsn=2.0.0,
status=sent (delivered via spamassassin service)
Oct 11 13:53:13 mx postfix/qmgr[10600]: 332699E29D: removed
Oct 11 13:53:13 mx postfix/pickup[10599]: CBDB2B82E6: uid=5001
from=<rob@xxxxxxxxxxxxxxxxxx>
Oct 11 13:53:13 mx postfix/cleanup[10725]: CBDB2B82E6:
message-id=<8a5de3cf-3dbb-062e-e48c-69e320ff60e7@xxxxxxxxxxxxxxxxxx>
Oct 11 13:53:13 mx opendkim[1040]: CBDB2B82E6: no signing table match
for 'rob@xxxxxxxxxxxxxxxxxx'
Oct 11 13:53:13 mx spamd[1392]: prefork: child states: II
Oct 11 13:53:14 mx opendkim[1040]: CBDB2B82E6: DKIM verification successful
Oct 11 13:53:14 mx postfix/qmgr[10600]: CBDB2B82E6:
from=<rob@xxxxxxxxxxxxxxxxxx>, size=3859, nrcpt=1 (queue active)
Oct 11 13:53:16 mx postfix/smtpd[10734]: connect from localhost[127.0.0.1]
Oct 11 13:53:16 mx postfix/smtpd[10734]: EE7C99E29D:
client=localhost[127.0.0.1]
Oct 11 13:53:16 mx postfix/cleanup[10725]: EE7C99E29D:
message-id=<8a5de3cf-3dbb-062e-e48c-69e320ff60e7@xxxxxxxxxxxxxxxxxx>
Oct 11 13:53:17 mx opendkim[1040]: EE7C99E29D: no signing table match
for 'rob@xxxxxxxxxxxxxxxxxx'
Oct 11 13:53:17 mx opendkim[1040]: EE7C99E29D: DKIM verification successful
Oct 11 13:53:17 mx postfix/smtpd[10734]: disconnect from
localhost[127.0.0.1]
Oct 11 13:53:17 mx postfix/qmgr[10600]: EE7C99E29D:
from=<rob@xxxxxxxxxxxxxxxxxx>, size=4126, nrcpt=1 (queue active)
Oct 11 13:53:17 mx amavis[2831]: (02831-04) Passed CLEAN
{RelayedOpenRelay}, [127.0.0.1] [192.168.128.235]
<rob@xxxxxxxxxxxxxxxxxx> -> <rkampen@xxxxxxxxxxx>, Message-ID:
<8a5de3cf-3dbb-062e-e48c-69e320ff60e7@xxxxxxxxxxxxxxxxxx>, mail_id:
7PNe4rZbbMof, Hits: 0.003, size: 3884, queued_as: EE7C99E29D,
dkim_sd=20210112:prolinkcentral-co-nz.20210112.gappssmtp.com, 2598 ms
Oct 11 13:53:17 mx postfix/smtp[10732]: CBDB2B82E6:
to=<rkampen@xxxxxxxxxxx>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3,
delays=0.66/0.02/0.01/2.6, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as EE7C99E29D)
Oct 11 13:53:17 mx postfix/qmgr[10600]: CBDB2B82E6: removed
Oct 11 13:53:17 mx postfix/pipe[10736]: EE7C99E29D:
to=<rkampen@xxxxxxxxxxx>, relay=dovecot, delay=0.24,
delays=0.13/0.02/0/0.09, dsn=2.0.0, status=sent (delivered via dovecot
service)
Oct 11 13:53:17 mx postfix/qmgr[10600]: EE7C99E29D: removed
I see an ERROR on line two - no idea why - my reading on this file
suggested that TestOnly is the latest correct line, hence I edited to
this.....
Thanks Peter, your help has been invaluable and MUCH appreciated!
Peter
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
