Understanding canonical rewrites

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Understanding canonical rewrites

Robert Fitzpatrick
I am trying to use Canonical address mapping and getting some results I
don't quite understand. With lookup enabled for canonical maps sent to
LDAP, I am getting these messages to one of our servers, all other
servers working fine. This destination server hosts mail for
webtent.net and all other domains on that server seem to be
getting rewritten to the postmaster address. In this example, LDAP is
setup to rewrite www.south-co.com to just south-co.com, but no other
host is entered in LDAP to be translated for that domain. I'm not sure
if I need to add just the domain, what happens if there is no match. I
was assuming that it would just not rewrite and pass along as original
address?

Jun 12 18:52:43 esmtp postfix/smtp[76958]: BB5AB802C8: to=<[hidden email]>, relay=208.38.145.45[208.38.145.45]:25, delay=0.48, delays=0.01/0/0.31/0.15, dsn=5.3.0, status=undeliverable (host 208.38.145.45[208.38.145.45] said: 553 5.3.0 <[hidden email]>... No such user here (in reply to MAIL FROM command))
esmtp# postmap -q [hidden email] ldap:/usr/local/etc/postfix/ldap/canonical.cf
esmtp# postmap -q [hidden email] ldap:/usr/local/etc/postfix/ldap/canonical.cf
@south-co.com

Yes, I see that I need to fix my acceptance of [hidden email],
will do, but why is it happening with canonical rewrites enabled? We
also use address verification, not sure if that is what is coming in to
play here as the Postfix server sends messages from postmaster for that
reason, but I don't have any sender address verification. If I
disable canonical_maps, all starts working properly again including
address verification. Here is my complete postconf -n...

esmtp# postconf -n
address_verify_map = btree:/home/mta/verify
address_verify_poll_count = 1
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
canonical_maps = ldap:/usr/local/etc/postfix/ldap/canonical.cf
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
html_directory = no
mail_name = WebTent ESMTP Postfix Internet Mail Gateway
mail_owner = postfix
mailbox_size_limit = 102400000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maximal_backoff_time = 1000s
maximal_queue_lifetime = 3d
message_size_limit = 51200000
mynetworks = 127.0.0.0/8, 10.0.0.0/8
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = ldap:/usr/local/etc/postfix/ldap/transport.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_send_xforward_command = yes
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_restrictions = permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access cidr:/usr/local/etc/postfix/relay_clients, check_client_access ldap:/usr/local/etc/postfix/ldap/relay_clients.cf, check_client_access hash:/usr/local/etc/postfix/client_checks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_policy_service unix:private/policy, check_helo_access hash:/usr/local/etc/postfix/helo_checks, check_recipient_access pcre:/usr/local/etc/postfix/recipient_checks.pcre, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_unverified_recipient, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access hash:/usr/local/etc/postfix/sender_access permit_mynetworks reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/postfix_public_cert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/postfix_private_key.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/home/mta/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = ldap:/usr/local/etc/postfix/ldap/transport.cf
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550

--
Robert