NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-10

REDIRECT action from policy server

From: Ben Beuchler (insytegmail.com)
Date: Thu Oct 25 2007 - 20:24:48 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm attempting to redirect any messages that are flagged by an RBL
check to an account on another server. I have a policy server working
that checks the RBL and issues 'action=REDIRECT sfgclockwork.net'.
That address is an alias to an address on another host. For some
reason the messages always bounce after the REDIRECT.

Example #1, the original rcpt does not exist on the system:

Oct 25 19:46:05 proton postfix/smtpd[12117]: NOQUEUE: redirect: RCPT
from dxb-as80933.alshamil.net.ae[86.97.63.161]:
<dxb-as80933.alshamil.net.ae[86
.97.63.161]>: Client host triggers REDIRECT sfgclockwork.net;
from=<Brian.Harrissilexediciones.com> to=<griffinapiary.com>
proto=ESMTP helo=<egyhak>
Oct 25 19:46:05 proton postfix/smtpd[12117]: NOQUEUE: reject: RCPT
from dxb-as80933.alshamil.net.ae[86.97.63.161]: 550
<griffinapiary.com>: Recipient address rejected: User unknown in
virtual mailbox table; from=<Brian.Harrissilexediciones.com>
to=<griffinapiary.com> proto=ESMTP helo=<egyhak>
Oct 25 19:46:06 proton postfix/smtpd[12117]: disconnect from
dxb-as80933.alshamil.net.ae[86.97.63.161]

If the original address *does* exist, it looks like this:

Oct 25 19:29:55 proton postfix/smtpd[9776]: NOQUEUE: redirect: RCPT
from hst85-28-240-44.real.kamchatka.ru[85.28.240.44]:
<hst85-28-240-44.real.kamc
hatka.ru[85.28.240.44]>: Client host triggers REDIRECT
sfgclockwork.net; from=<shihtoddhaniastuff.com> to=<andrewXXX.com>
proto=ESMTP helo=<hst85-28-240-44.real.kamchatka.ru>
Oct 25 19:29:55 proton postfix/smtpd[9776]: 89A06DEBD9:
client=hst85-28-240-44.real.kamchatka.ru[85.28.240.44]
Oct 25 19:29:58 proton postfix/cleanup[9768]: 89A06DEBD9:
message-id=<000e01c8176f$02d34710$9eacfb91ucxprs>
<snip>
Oct 25 19:30:09 proton postfix/qmgr[9738]: 89A06DEBD9:
from=<shihtoddhaniastuff.com>, size=18035, nrcpt=1 (queue active)
Oct 25 19:30:09 proton postfix/virtual[9769]: 89A06DEBD9:
to=<sfgclockwork.net>, orig_to=<andrewXXX.com>, relay=virtual,
delay=14, status=bounced (unknown user: "sfgclockwork.net")
Oct 25 19:30:09 proton postfix/qmgr[9738]: 89A06DEBD9: removed

Note that the alias 'sfgclockwork.net' does exist:

proton:~ root# postmap -q sfgclockwork.net
ldap:/etc/postfix/ldap/vmail_aliases.cf
spamYYY.com

Note that YYY.com is hosted by a second server. I've also tried using
spamYYY.com as the value of the REDIRECT action, with similar
results.

It seems like I'm misunderstanding something pretty basic about how
the REDIRECT action works. Can anyone clear this up for me?

-Ben

postfinger - postfix configuration on Thu Oct 25 20:06:33 CDT 2007
version: 1.30

Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public. If this is the case it is your responsibility to modify
the output to hide this private information. [Remove this warning with
the --nowarn option.]

--System Parameters--
mail_version = 2.2.10
hostname = proton
uname = Linux proton 2.6.15-29-386 #1 PREEMPT Mon Sep 24 17:18:25 UTC
2007 i686 GNU/Linux

--Packaging information--
looks like this postfix comes from deb package: postfix-2.2.10-1ubuntu0.1

--main.cf non-default parameters--
alias_database = $alias_maps
alias_maps = hash:/etc/aliases
allow_percent_hack = no
allow_untrusted_routing = yes
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
mailbox_size_limit = 52428801
message_size_limit = 52428800
mydestination = $myhostname
myhostname = proton.pozitronic.com
relay_domains = mailman.clockwork.net, mailman.lolife.com,
mailman.reminc.com, mailman.thequestclub.com,
newbounces.clockwork.net, bounces.clockwork.net
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_client_access
cidr:/etc/postfix/access_table, reject_rbl_client
sbl-xbl.spamhaus.org, permit
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining, permit
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_sender, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/ssl/certs/po.clockwork.net.cert
smtpd_tls_key_file = /usr/local/ssl/private/po.clockwork.net.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = sdbm:/var/cache/postfix/smtpd_session_cache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transports
virtual_alias_domains = null.clockwork.net
virtual_alias_maps = ldap:/etc/postfix/ldap/vmail_aliases.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /mail/maildomains
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_limit = 0
virtual_mailbox_maps = ldap:/etc/postfix/ldap/vmail_maps.cf
virtual_uid_maps = static:5000

--master.cf--
smtp inet n - - - 150 smtpd
submission inet n - - - - smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - - - - smtpd
  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
        -o fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
mailbot unix - n n - - pipe
  user=vmail argv=/mail/bin/gonefishing.py ${recipient} ${sender}
bulkbounce unix - n n - - pipe
  user=nobody argv=/mail/bin/ams_bounce_handler.py ${recipient}

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]