On 11/10/21 12:53 am, Peter wrote:
On 10/10/21 11:28 pm, Rob Kampen wrote:
smtp inet n - n - - smtpd -o smtpd_recipient_restrictions= -o content_filter=spamassassin
I assume based on what you've said before that this is after you added the workaround you mentioned, but the logs below are without the smtpd_recipient_restrictions= part here?
Correct, once I added the
-o smtpd_recipient_restrictions=
the alias substitutions worked and the log becomes much longer as all the various processes complete and add their trace to the maillog.
Cannot see how this log listing can possibly help as it contains only three lines
Nonetheless I do appreciate seeing them, no offense but you can never tell if someone's interpretations of the logs are accurate and so it's best just to see the logs themselves.
Here is the log of the incorrectly rejected email coming into the new MX - very short as it immediately rejects the alias recipient address
- which my other two MX do not do.
Right.
This led me to the conclusion that the alias substitution is not taking place on my new MX whereas it does on my two working MX - hence my addition to the smtp processing line at the top of the master.cf file.
I wouldn't jump to that conclusion just yet, though.
That said, based on your config and logs I think I may have been wrong in my previous guess and it may very well be related to your policyd-spf. More on that in a bit.
Can you provide the output of the following commands (but substitute the actual recipient domain and address for the munged versions you supplied here):
postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf
postmap -q rob@example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf
postmap -q rob@example.com mysql:/etc/postfix/mysql-virtual_email2email.cf
postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf
postmap -q rob@example.com mysql:/etc/postfix/mysql-virtual_mailboxes.cf
The results of the above should give a much better picture of what's going on.
OK - just to let you know the munge I used.
example.com is an alias domain for example.org which is the actual domain with Maildir space on the server.
rob@ is alias for rkampen@ thus the only real address is rkampen@example.org
now the results
[root@mx rkampen]# postmap -q example.org mysql:/etc/postfix/mysql-virtual_alias_domains.cf [root@mx rkampen]# postmap -q example.org mysql:/etc/postfix/mysql-virtual_domains.cf example.org [root@mx rkampen]# postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf example.com [root@mx rkampen]# postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf [root@mx rkampen]# postmap -q rob@example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf [root@mx rkampen]# postmap -q rob@example.org mysql:/etc/postfix/mysql-virtual_forwardings.cf rkampen@example.org [root@mx rkampen]# postmap -q @example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf @example.org [root@mx rkampen]# postmap -q rob@example.com mysql:/etc/postfix/mysql-virtual_email2email.cf [root@mx rkampen]# postmap -q rob@example.org mysql:/etc/postfix/mysql-virtual_email2email.cf [root@mx rkampen]# postmap -q rkampen@example.org mysql:/etc/postfix/mysql-virtual_email2email.cf rkampen@example.org [root@mx rkampen]# postmap -q rkampen@example.com mysql:/etc/postfix/mysql-virtual_email2email.cf [root@mx rkampen]# postmap -q rkampen@example.com mysql:/etc/postfix/mysql-virtual_mailboxes.cf [root@mx rkampen]# postmap -q rkampen@example.org mysql:/etc/postfix/mysql-virtual_mailboxes.cf example.org/rkampen/
As all but mysql-virtual_alias_domains.cf are copies from the other MX, I think these are fine. Also as email presented via port 587 via an authenticated STARTTLS session actually work fine, I have no reason to suspect any issues in this area.
To check if it's the policyd that's causing the problem can you modify the smtpd_recipient_restrictions line in main.cf and remove just the "check_policy_service inet:localhost:12350," part? So that it reads something like:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policyd-spf
Then check to see if it works after that (and provide logs again so I can check things over). Note this also means reverting your workaround in master.cf for this test.
Well that may have done it!
Now I get a correctly sent email with the alias substitutions done. Funny how that line seems to cause no error on my two original MX - looks like I better check them out a little more too.
Here is the munged log (same munging as above)
Oct 11 13:53:09 mx postfix/smtpd[10711]: connect from mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030] Oct 11 13:53:10 mx policyd-spf[10723]: ERROR: Unknown name "TestOnly" in file "/etc/python-policyd-spf/policyd-spf.conf" Oct 11 13:53:10 mx policyd-spf[10723]: None; identity=helo; client-ip=2607:f8b0:4864:20::1030; helo=mail-pj1-x1030.google.com; envelope-from=rob@prolinkcentral.com; receiver=rkampen@example.com Oct 11 13:53:11 mx policyd-spf[10723]: None; identity=mailfrom; client-ip=2607:f8b0:4864:20::1030; helo=mail-pj1-x1030.google.com; envelope-from=rob@prolinkcentral.com; receiver=rkampen@example.com Oct 11 13:53:11 mx postfix/smtpd[10711]: 332699E29D: client=mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030] Oct 11 13:53:11 mx postfix/cleanup[10725]: 332699E29D: message-id=8a5de3cf-3dbb-062e-e48c-69e320ff60e7@prolinkcentral.com Oct 11 13:53:11 mx opendkim[1040]: 332699E29D: mail-pj1-x1030.google.com [2607:f8b0:4864:20::1030] not internal Oct 11 13:53:11 mx opendkim[1040]: 332699E29D: not authenticated Oct 11 13:53:12 mx opendkim[1040]: 332699E29D: DKIM verification successful Oct 11 13:53:12 mx postfix/qmgr[10600]: 332699E29D: from=rob@prolinkcentral.com, size=3223, nrcpt=1 (queue active) Oct 11 13:53:12 mx spamd[2843]: spamd: connection from localhost [::1]:42696 to port 783, fd 6 Oct 11 13:53:12 mx spamd[2843]: spamd: setuid to spamd succeeded Oct 11 13:53:12 mx spamd[2843]: spamd: processing message 8a5de3cf-3dbb-062e-e48c-69e320ff60e7@prolinkcentral.com for spamd:5001 Oct 11 13:53:12 mx postfix/smtpd[10711]: disconnect from mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030] Oct 11 13:53:13 mx spamd[2843]: spamd: clean message (0.0/5.0) for spamd:5001 in 1.2 seconds, 3432 bytes. Oct 11 13:53:13 mx spamd[2843]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE scantime=1.2,size=3432,user=spamd,uid=5001,required_score=5.0,rhost=localhost,raddr=::1,rport=42696,mid=8a5de3cf-3dbb-062e-e48c-69e320ff60e7@prolinkcentral.com,autolearn=ham autolearn_force=no Oct 11 13:53:13 mx postfix/pipe[10727]: 332699E29D: to=rkampen@example.org, orig_to=rkampen@example.com, relay=spamassassin, delay=3.4, delays=2.1/0.02/0/1.3, dsn=2.0.0, status=sent (delivered via spamassassin service) Oct 11 13:53:13 mx postfix/qmgr[10600]: 332699E29D: removed Oct 11 13:53:13 mx postfix/pickup[10599]: CBDB2B82E6: uid=5001 from=rob@prolinkcentral.com Oct 11 13:53:13 mx postfix/cleanup[10725]: CBDB2B82E6: message-id=8a5de3cf-3dbb-062e-e48c-69e320ff60e7@prolinkcentral.com Oct 11 13:53:13 mx opendkim[1040]: CBDB2B82E6: no signing table match for 'rob@prolinkcentral.com' Oct 11 13:53:13 mx spamd[1392]: prefork: child states: II Oct 11 13:53:14 mx opendkim[1040]: CBDB2B82E6: DKIM verification successful Oct 11 13:53:14 mx postfix/qmgr[10600]: CBDB2B82E6: from=rob@prolinkcentral.com, size=3859, nrcpt=1 (queue active) Oct 11 13:53:16 mx postfix/smtpd[10734]: connect from localhost[127.0.0.1] Oct 11 13:53:16 mx postfix/smtpd[10734]: EE7C99E29D: client=localhost[127.0.0.1] Oct 11 13:53:16 mx postfix/cleanup[10725]: EE7C99E29D: message-id=8a5de3cf-3dbb-062e-e48c-69e320ff60e7@prolinkcentral.com Oct 11 13:53:17 mx opendkim[1040]: EE7C99E29D: no signing table match for 'rob@prolinkcentral.com' Oct 11 13:53:17 mx opendkim[1040]: EE7C99E29D: DKIM verification successful Oct 11 13:53:17 mx postfix/smtpd[10734]: disconnect from localhost[127.0.0.1] Oct 11 13:53:17 mx postfix/qmgr[10600]: EE7C99E29D: from=rob@prolinkcentral.com, size=4126, nrcpt=1 (queue active) Oct 11 13:53:17 mx amavis[2831]: (02831-04) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] [192.168.128.235] rob@prolinkcentral.com -> rkampen@example.org, Message-ID: 8a5de3cf-3dbb-062e-e48c-69e320ff60e7@prolinkcentral.com, mail_id: 7PNe4rZbbMof, Hits: 0.003, size: 3884, queued_as: EE7C99E29D, dkim_sd=20210112:prolinkcentral-co-nz.20210112.gappssmtp.com, 2598 ms Oct 11 13:53:17 mx postfix/smtp[10732]: CBDB2B82E6: to=rkampen@example.org, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3, delays=0.66/0.02/0.01/2.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as EE7C99E29D) Oct 11 13:53:17 mx postfix/qmgr[10600]: CBDB2B82E6: removed Oct 11 13:53:17 mx postfix/pipe[10736]: EE7C99E29D: to=rkampen@example.org, relay=dovecot, delay=0.24, delays=0.13/0.02/0/0.09, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 11 13:53:17 mx postfix/qmgr[10600]: EE7C99E29D: removed
I see an ERROR on line two - no idea why - my reading on this file suggested that TestOnly is the latest correct line, hence I edited to this.....
Thanks Peter, your help has been invaluable and MUCH appreciated!
Peter _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos