Virtual Alias and To header rewrite

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Virtual Alias and To header rewrite

Gary Smith-20
Hi Everyone,

It's been a long time since something in postfix has stumped me.  I am using virtual alias rewrites to handle 50k incoming email addresses that expand to 1+n recipients.  The recipients are the line managers and lower level people that handle those accounts.  The virtual alias has been working in a general sense, lately I have been receiving bounces from Comcast and google with invalid recipients.  Normally this would be expected if a manager entered the wrong email for a line member (these are outside consultants using gmail, Comcast, etc).  The bounce however shows the original email address and not the alias email address, so it's really hard to track down the email issue this way.

So I would like to either rewrite the "to" field or add a header with the exploded virtual alias mapping.  From reading a few external articles the email should already have the to field set in the header, but that contradicts what I have read in the postfix virtual readme.  I have also tried using a header_check to and a new header (which I can do for the original address, but not the virtual alias mapped address).

When it's bounces via gmail I get the bounce below, which shows the original TO and not the expected virtual alias mapped.  I have several gmail accounts that are successful however.

What I would really like to do is add the envelope TO field to the TO header of the outgoing emails.  Is this possible?  This would let us at least track the bounces.  Is there a better approach?

Bounce message:

mx.google.com rejected your message to the following email addresses:
original_email_address ([hidden email])
The email address you entered couldn't be found. Please check the recipient's email address and try to resend the message. If the problem continues, please contact your email admin.
mx.google.com gave this error:
The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser p25si12399124pgd.395 - gsmtp


Diagnostic information for administrators:
Generating server: FFExchange3.jellybelly.net
[hidden email]
mx.google.com
Remote Server returned '550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser p25si12399124pgd.395 - gsmtp'
Original message headers:
Received: from FFExchange3.jellybelly.net (172.16.24.220) by
 FFExchange3.jellybelly.net (172.16.24.220) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1261.35; Tue, 24 Apr 2018 13:13:18 -0700
Received: from AZMTA1.accounts.jellybelly.com (10.207.41.21) by
 FFExchange3.jellybelly.net (172.16.24.220) with Microsoft SMTP Server id
 15.1.1261.35 via Frontend Transport; Tue, 24 Apr 2018 13:13:18 -0700
Received: from v1lpgssmtp02.prod.kibocommerce.com (smtp2.mozu.com [34.199.13.167])
        by AZMTA1.accounts.jellybelly.com (Postfix) with ESMTP id A00FA3001857
        for <[hidden email]>; Tue, 24 Apr 2018 13:13:18 -0700 (PDT)
Received: from v1dwpt1ws0702 (unknown [10.10.1.236])
        by v1lpgssmtp02.prod.kibocommerce.com (Postfix) with ESMTP id 5F2C2C3FAC7
        for <[hidden email]>; Tue, 24 Apr 2018 20:13:18 +0000 (UTC)
MIME-Version: 1.0
From: "Jelly Belly " <[hidden email]>
To: original_email_address <[hidden email]>
Reply-To: "[hidden email]" <[hidden email]>
Date: Tue, 24 Apr 2018 20:13:18 +0000
Subject: Order Confirmation
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
Return-Path: [hidden email]
Message-ID: <[hidden email]>
X-OrganizationHeadersPreserved: FFExchange3.jellybelly.net
X-CrossPremisesHeadersFilteredByDsnGenerator: FFExchange3.jellybelly.net


[root@AZMTA1 custom]# cat add_original_rcpt.pcre
# I know, this only sets the original email address, but that will be important as well.
/^To:(\s)?(.*)$/ PREPEND X-Original-To: $2

[root@AZMTA1 custom]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 4d
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_transport = smtp:[172.16.24.220]
header_checks = pcre:/etc/postfix/custom/add_original_rcpt.pcre
html_directory = no
inet_interfaces = all
inet_protocols = all
lmtp_pix_workarounds =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 5d
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = accounts.jellybelly.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_pix_workarounds =
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/custom/recipient_access, reject_unauth_destinations
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/custom/sender_access, reject
unknown_local_recipient_reject_code = 550
virtual_alias_domains = accounts.jellybelly.com
virtual_alias_maps = hash:/etc/postfix/custom/virtual_alias
Reply | Threaded
Open this post in threaded view
|

Re: Virtual Alias and To header rewrite

Dominic Raferd
On 25 April 2018 at 19:25, Gary Smith <[hidden email]> wrote:

> Hi Everyone,
>
> It's been a long time since something in postfix has stumped me.  I am using virtual alias rewrites to handle 50k incoming email addresses that expand to 1+n recipients.  The recipients are the line managers and lower level people that handle those accounts.  The virtual alias has been working in a general sense, lately I have been receiving bounces from Comcast and google with invalid recipients.  Normally this would be expected if a manager entered the wrong email for a line member (these are outside consultants using gmail, Comcast, etc).  The bounce however shows the original email address and not the alias email address, so it's really hard to track down the email issue this way.
>
> So I would like to either rewrite the "to" field or add a header with the exploded virtual alias mapping.  From reading a few external articles the email should already have the to field set in the header, but that contradicts what I have read in the postfix virtual readme.  I have also tried using a header_check to and a new header (which I can do for the original address, but not the virtual alias mapped address).
>
> When it's bounces via gmail I get the bounce below, which shows the original TO and not the expected virtual alias mapped.  I have several gmail accounts that are successful however.
>
> What I would really like to do is add the envelope TO field to the TO header of the outgoing emails.  Is this possible?  This would let us at least track the bounces.  Is there a better approach?
>
> Bounce message:
>
> mx.google.com rejected your message to the following email addresses:
> original_email_address ([hidden email])
> The email address you entered couldn't be found. Please check the recipient's email address and try to resend the message. If the problem continues, please contact your email admin.
> mx.google.com gave this error:
> The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser p25si12399124pgd.395 - gsmtp
>
>
> Diagnostic information for administrators:
> Generating server: FFExchange3.jellybelly.net
> [hidden email]...

The log entry placed by postfix/smtp (in e.g. /var/log/mail.log), and
which contains the rejection response from the remote server, should
contain both the original and remapped mail addresses. Something like:

2018-03-29 16:21:07 yourserver postfix/smtp[2041]: 3127960764:
to=<[hidden email]>, orig_to=<[hidden email]>,
relay=gmail-smtp-in.l.google.com[66.102.1.27]:25, delay=0.73,
delays=0.02/0.02/0.47/0.21, dsn=5.7.0, status=bounced (host
gmail-smtp-in.l.google.com[66.102.1.27] said: 552-5.7.0 This
message...  - gsmtp (in reply to end of DATA command))
Reply | Threaded
Open this post in threaded view
|

Re: Virtual Alias and To header rewrite

Wietse Venema
Dominic Raferd:

> >
> > Diagnostic information for administrators:
> > Generating server: FFExchange3.jellybelly.net
> > [hidden email]...
>
> The log entry placed by postfix/smtp (in e.g. /var/log/mail.log), and
> which contains the rejection response from the remote server, should
> contain both the original and remapped mail addresses. Something like:
>
> 2018-03-29 16:21:07 yourserver postfix/smtp[2041]: 3127960764:
> to=<[hidden email]>, orig_to=<[hidden email]>,
> relay=gmail-smtp-in.l.google.com[66.102.1.27]:25, delay=0.73,
> delays=0.02/0.02/0.47/0.21, dsn=5.7.0, status=bounced (host
> gmail-smtp-in.l.google.com[66.102.1.27] said: 552-5.7.0 This
> message...  - gsmtp (in reply to end of DATA command))

Unfortunately the bounce report quoted above (with "Diagnostic
information for administrators") is not produced by Postfix.

The Postfix bounce report would say "Original-Recipient:
[hidden email]".

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Virtual Alias and To header rewrite

Wietse Venema
Wietse Venema:

> Dominic Raferd:
> > >
> > > Diagnostic information for administrators:
> > > Generating server: FFExchange3.jellybelly.net
> > > [hidden email]...
> >
> > The log entry placed by postfix/smtp (in e.g. /var/log/mail.log), and
> > which contains the rejection response from the remote server, should
> > contain both the original and remapped mail addresses. Something like:
> >
> > 2018-03-29 16:21:07 yourserver postfix/smtp[2041]: 3127960764:
> > to=<[hidden email]>, orig_to=<[hidden email]>,
> > relay=gmail-smtp-in.l.google.com[66.102.1.27]:25, delay=0.73,
> > delays=0.02/0.02/0.47/0.21, dsn=5.7.0, status=bounced (host
> > gmail-smtp-in.l.google.com[66.102.1.27] said: 552-5.7.0 This
> > message...  - gsmtp (in reply to end of DATA command))
>
> Unfortunately the bounce report quoted above (with "Diagnostic
> information for administrators") is not produced by Postfix.
>
> The Postfix bounce report would say "Original-Recipient:
[hidden email]
>
> Wietse
>