transport_maps not taking on

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

transport_maps not taking on

Kai Schaetzl
Postfix 3.1.0, set up with virtual domains and users in a database via
virtual_ directives in main.cf
rspamd set up as a milter
-> everything works just fine.

I have one server where the client wants to get mail delivered to his
Exchange server remotely instead. He wants to have the mail floating
through my postfix and use the spam marking by rspamd and then get it
delivered to his Exchange.

So I:
- commented out all virtual_ lines
- added the domain to $mydestination
- added this to the transport map:
  example.com   smtp:[IP]
  (and compiled with postmap, of course, and)
  (transport_maps = hash:/etc/mail/transport)

Unfortunately, this doesn't work. It seems that the transport map is
either not getting consulted or that line not getting used.
The mail gets accepted but I get this error:
Recipient address rejected: User unknown in local recipient table
(or: if the user exists it gets delivered locally)

I know I have done this in the past when I didn't use a virtual_ setup.
What am I missing?
Should I remove the domain from $mydestination ?
What do I have to set additionally so that transport is getting consulted?

Thanks a lot!

Kai


Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

maztec
Kai:

I think this issue might be the same as the one that I'm encountering in my post yesterday titled, "Postfix not using LMTP Transport in map".

Can you look at your logs and see if you're getting a similar message to what I have below?

Host postfix/lmtp[22981]: C0EEEA8: to=<mailman3:[127.0.0.1]:[hidden email]>, orig_to=<[hidden email]>, relay=Host.TLD[private/dovecot-lmtp], delay=566, delays=566/0.04/0.01/0.01, dsn=5.1.1, status=bounced (host Host.com[private/dovecot-lmtp] said: 550 5.1.1 <"mailman3:[127.0.0.1]:8024"@Host.TLD> User doesn't exist: mailman3:[127.0.0.1]:[hidden email] (in reply to RCPT TO command))

Basically Postfix is reading the map, but applying it to the "To", but not using the relay for it at all.  Instead it refers to the private/dovecot-lmtp in my case as the relay. 

Does this match the behavior you are seeing? 





On Wed, Aug 7, 2019 at 10:11 AM Kai Schaetzl <[hidden email]> wrote:
Postfix 3.1.0, set up with virtual domains and users in a database via
virtual_ directives in main.cf
rspamd set up as a milter
-> everything works just fine.

I have one server where the client wants to get mail delivered to his
Exchange server remotely instead. He wants to have the mail floating
through my postfix and use the spam marking by rspamd and then get it
delivered to his Exchange.

So I:
- commented out all virtual_ lines
- added the domain to $mydestination
- added this to the transport map:
  example.com   smtp:[IP]
  (and compiled with postmap, of course, and)
  (transport_maps = hash:/etc/mail/transport)

Unfortunately, this doesn't work. It seems that the transport map is
either not getting consulted or that line not getting used.
The mail gets accepted but I get this error:
Recipient address rejected: User unknown in local recipient table
(or: if the user exists it gets delivered locally)

I know I have done this in the past when I didn't use a virtual_ setup.
What am I missing?
Should I remove the domain from $mydestination ?
What do I have to set additionally so that transport is getting consulted?

Thanks a lot!

Kai


Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Kai Schaetzl
Thanks for the reply, but no.
I had to, indeed, remove the domain from $mydestination to not deliver
locally, but it's still not working correctly.

Your map configuration lines may be wrong.
I think the only thing you need is this as a destination:

/^List@List\.TLD$/    mailman3:
(no [127.0.0.1]:8024 after it)
And your service runs as a socket, not on port 8024.

Kai


Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Kai Schaetzl
In reply to this post by Kai Schaetzl
Kai Schaetzl wrote on Wed, 07 Aug 2019 19:11:19 +0200:

> Should I remove the domain from $mydestination ?

I did that now and postfix still accepts the mail.
However, it doesn't deliver it to the remote server.
It hangs in the queue.

It's possible that the remote side is not accepting that (testing) domain
yet, but I can't verify this at the moment.
Shouldn't postfix at least show some logging that it can't deliver the
mail at the moment? I've set to -vv logging but still don't get anything
other than that mail was accepted. Flushing the queue doesn't give any
hint in the log either.



Kai


Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Noel Jones-2
On 8/7/2019 1:11 PM, Kai Schaetzl wrote:

> Kai Schaetzl wrote on Wed, 07 Aug 2019 19:11:19 +0200:
>
>> Should I remove the domain from $mydestination ?
>
> I did that now and postfix still accepts the mail.
> However, it doesn't deliver it to the remote server.
> It hangs in the queue.
>
> It's possible that the remote side is not accepting that (testing) domain
> yet, but I can't verify this at the moment.
> Shouldn't postfix at least show some logging that it can't deliver the
> mail at the moment? I've set to -vv logging but still don't get anything
> other than that mail was accepted. Flushing the queue doesn't give any
> hint in the log either.
>

Postfix logs all delivery attempts.

Turn off the -vv debug logging; everything you need is in the normal
logging.

If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail



   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Kai Schaetzl
Noel Jones wrote on Wed, 7 Aug 2019 13:37:08 -0500:

> Postfix logs all delivery attempts.

I thought so, but ...
In that case it just hangs in the queue and nothing happens after the
milter was consulted. I can see it getting logged in rspamd and then it
just sits in the hold queue. Rescheduling it makes no difference. It
doesn't even log it.

Kai


Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Wietse Venema
Kai Schaetzl:
> Noel Jones wrote on Wed, 7 Aug 2019 13:37:08 -0500:
>
> > Postfix logs all delivery attempts.
>
> I thought so, but ...
> In that case it just hangs in the queue and nothing happens after the
> milter was consulted. I can see it getting logged in rspamd and then it
> just sits in the hold queue. Rescheduling it makes no difference. It
> doesn't even log it.

Once a message enters in the hold queue IT WILL SIT THERE FOREVER
unless something releases it from that queue.

You need to figure out why messages are placed on the hold queue.
One example is when a Milter returns a "quarantine" action. Another
one is Mailscanner.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Kai Schaetzl
Wietse Venema wrote on Wed, 7 Aug 2019 19:33:05 -0400 (EDT):

> Once a message enters in the hold queue IT WILL SIT THERE FOREVER
> unless something releases it from that queue.

Understood. Thanks! I should have known from the past (see below).

>
> You need to figure out why messages are placed on the hold queue.
> One example is when a Milter returns a "quarantine" action. Another
> one is Mailscanner.

I used to use MailScanner until one or two years ago. Yeah, you actually
configure Postfix to put all incoming messages in the hold queue,
MailScanner scans it and puts it actively in the delivery queue.

rspamd doesn't put them to quarantine. If I requeue the message with -r it
is put on hold again very soon. According to man postsuper the requeue
does not subject it to the milter again. But I will take it out of the
equation for now to be sure. It looks to me like I must have disabled any
attempt to deliver to a transport at all.

Kai


Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Kai Schaetzl
I went back to my original config with virtual users and domains, with and
without the milter. I left transport and mynetworks as they were. I have
no idea why, but it's working now and I get a bounce from the remote
server (= it's not yet accepting the mail). No more attempts to deliver
locally or put on hold. I hope it remains that way.
Thanks for the help!

Kai


Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Kai Schaetzl
I have still one question, though.

I fear that forwarding the mail via transport may not consult the milter.
At the moment the remote Exchange is still not configured to accept the
domain. I'm still waiting for that to take place.
In the meantime, though, I would have expected that the course of action
is the following:
- postfix accepts the mail to this domain
- applies the restrictions
- once the mail has successfully passed the restrictions
- it delivers to the transport-specified destination

But in this case I should see a connection to and validation by the milter
before postfix tells me that the remote Exchange won't accept it.
And it doesn't do that.
Or does it first check if it would be able to deliver to the destination
before it applies the other restrictions?

The rspamd milter is set to get consulted at the end of

smtpd_recipient_restrictions =
..
..
check_policy_service inet:127.0.0.1:10024,
permit

and: smtpd_delay_reject = yes

Will this check the milter before the message is sent over to the
transport-specified nexthop?

Thanks for a clarification!

Kai


Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Noel Jones-2
On 8/8/2019 10:41 AM, Kai Schaetzl wrote:

> I have still one question, though.
>
> I fear that forwarding the mail via transport may not consult the milter.
> At the moment the remote Exchange is still not configured to accept the
> domain. I'm still waiting for that to take place.
> In the meantime, though, I would have expected that the course of action
> is the following:
> - postfix accepts the mail to this domain
> - applies the restrictions
> - once the mail has successfully passed the restrictions
> - it delivers to the transport-specified destination
>
> But in this case I should see a connection to and validation by the milter
> before postfix tells me that the remote Exchange won't accept it.
> And it doesn't do that.
> Or does it first check if it would be able to deliver to the destination
> before it applies the other restrictions?
>
> The rspamd milter is set to get consulted at the end of
>
> smtpd_recipient_restrictions =
> ..
> ..
> check_policy_service inet:127.0.0.1:10024,
> permit
>
> and: smtpd_delay_reject = yes
>
> Will this check the milter before the message is sent over to the
> transport-specified nexthop?
>
> Thanks for a clarification!
>
> Kai
>
>


That looks like a policy service and not a milter.

Regardless, postfix accepts mail, running it through all configured
milters, restrictions, and policy services, then puts it in the
queue.  THEN it consults the transport table to see where to deliver
it.  (this is somewhat over-simplification, but should answer your
question)


   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: transport_maps not taking on

Kai Schaetzl
Noel Jones wrote on Thu, 8 Aug 2019 10:49:54 -0500:

> That looks like a policy service and not a milter.

Yeah, right. It's a dovecot authenticator I think.

>
> Regardless, postfix accepts mail, running it through all configured
> milters, restrictions, and policy services, then puts it in the
> queue.  THEN it consults the transport table to see where to deliver
> it.  (this is somewhat over-simplification, but should answer your
> question)

Yeah, thanks! The milter is getting consulted every time.
I think it works now.

And I've found out about the mysterious holds. It was an old header_check
file on that machine. It wasn't used until I copied over the uncommented
header_check directive.

Thanks!

Kai