wrong From: and Return Path: address

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

wrong From: and Return Path: address

Michael Fox
I have a problem that seems to have started when I upgraded from Ubuntu
14.04/Postfix 2.11.0 to Ubuntu 16.04/Postfix 3.1.0.  It involves the From:
and Return Path: addresses seen by recipients of mail sent from a virtual
domain on that machine.

Clients of Google, Yahoo, Rackspace, . see the From: and Return Path:
address as <user>@<virtual-domain>, which is correct.
Clients of one (rather large) email service provider see the From: and
Return Path:  address as <user>@<gateway-hostname>, which is wrong.

The one email provider might have something wrong on their end.  BUT:  The
problem doesn't happen with mail received at that provider from a similarly
configured gateway/virtual domain, which is still running Ubuntu
14.04/Postfix 2.11.0.  And the problem didn't start happening on the machine
in question until the machine was upgraded to Ubuntu 16.04/Postfix 3.1.0.
So my money is on a mistake on my end.  I just can't find it.

I've done file comparisons between the postfix 2.11.0 and 3.1.0 machines,
and between the old and new configs of the 3.1.0 machine, and I just can't
find any significant differences (i.e. other than hostname changes, etc.).

Below is postconf info for the current main.cf and master.cf.  

Thanks in advance for any help.
Michael

$ postconf -pnf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = yes
biff = no
body_checks = pcre:${config_directory}/body_checks.pcre
bounce_queue_lifetime = 12h
bounce_template_file = ${config_directory}/bounce.cf
broken_sasl_auth_clients = yes
canonical_maps = pcre:${config_directory}/canonical.pcre
compatibility_level = 2
content_filter = amavisfeed:[127.0.0.1]:10024
delay_warning_time = 2h
fast_flush_domains = $relay_domains
header_checks = pcre:${config_directory}/header_checks.pcre
html_directory = /usr/share/doc/postfix/html
inet_interfaces = $xsc_inet_interfaces
mailbox_size_limit = 51200000
maximal_queue_lifetime = 12h
message_size_limit = 10240000
milter_default_action = accept
milter_protocol = 6
mime_header_checks = pcre:${config_directory}/mime_header_checks.pcre
mua_client_connection_count_limit = 5
mua_client_connection_rate_limit = 10
mua_client_message_rate_limit = 10
mua_client_recipient_rate_limit = 50
mua_client_restrictions = check_sasl_access
hash:${config_directory}/sasl_access
    permit_sasl_authenticated reject
mua_discard_ehlo_keyword_address_maps =
    cidr:${config_directory}/ehlo_keyword.cidr
mua_helo_restrictions =
mua_recipient_limit = 25
mua_recipient_overshoot_limit = 25
mua_recipient_restrictions = reject_non_fqdn_recipient
    reject_unknown_recipient_domain check_sasl_access
    hash:${config_directory}/sasl_access check_recipient_access
    hash:${config_directory}/roleaccount_exceptions check_recipient_access
    pcre:${config_directory}/recipient_access.pcre check_recipient_access
    pcre:${config_directory}/relay_recipient_access.pcre
check_recipient_access
    pcre:${config_directory}/virtual_recipient_access.pcre permit
mua_relay_restrictions = permit_sasl_authenticated reject
mua_sender_restrictions = $mua_tls_client_restrictions
reject_non_fqdn_sender
    reject_sender_login_mismatch permit_sasl_authenticated
    reject_unknown_sender_domain reject_unlisted_sender permit
mua_tls_client_restrictions = check_client_access
    cidr:${config_directory}/tls_clients.cidr
mydestination = $xsc_mydestination
mydomain = $xsc_mydomain
myhostname = $xsc_myhostname
mynetworks = $xsc_mynetworks
myorigin = $xsc_myorigin
non_smtpd_milters = inet:localhost:8891
postscreen_access_list = permit_mynetworks
    cidr:${config_directory}/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
    pcre:${config_directory}/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.spameatingmonkey.net*2
    psbl.surriel.com*2 bl.spamcop.net
hostkarma.junkemailfilter.com=127.0.0.2
    dnsbl.sorbs.net bl.mailspike.net swl.spamhaus.org*-4
    list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2
    list.dnswl.org=127.0.[0..255].2*-3 list.dnswl.org=127.0.[0..255].3*-4
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
proxy_interfaces = $xsc_proxy_interfaces
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = $xsc_relay_domains
relay_recipient_maps = pcre:${config_directory}/relay_recipients.pcre
relay_restrictions = check_sender_access
    pcre:${config_directory}/relay_sender_access.pcre
remote_header_rewrite_domain = invalid.domain
smtp_host_lookup = native
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 20
smtpd_client_message_rate_limit = 20
smtpd_client_recipient_rate_limit = 200
smtpd_client_restrictions = permit_mynetworks check_client_access
    pcre:${config_directory}/client_access.pcre
    reject_unknown_reverse_client_hostname check_client_access
    hash:${config_directory}/client_whitelist
    check_reverse_client_hostname_access
pcre:${config_directory}/fqrdns.pcre
    reject_rbl_client zen.spamhaus.org reject_rhsbl_reverse_client
    dbl.spamhaus.org permit
smtpd_data_restrictions = reject_unauth_pipelining
reject_multi_recipient_bounce
    permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 2s
smtpd_etrn_restrictions = permit_mynetworks permit_sasl_authenticated reject
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname
    reject_non_fqdn_helo_hostname reject_rhsbl_helo dbl.spamhaus.org
    check_helo_access pcre:${config_directory}/helo_access.pcre permit
smtpd_junk_command_limit = 2
smtpd_milters = inet:localhost:8891
smtpd_recipient_limit = 100
smtpd_recipient_overshoot_limit = 100
smtpd_recipient_restrictions = reject_non_fqdn_recipient
    reject_unknown_recipient_domain check_recipient_access
    hash:${config_directory}/roleaccount_exceptions check_recipient_access
    pcre:${config_directory}/recipient_access.pcre check_recipient_access
    pcre:${config_directory}/relay_recipient_access.pcre
check_recipient_access
    pcre:${config_directory}/virtual_recipient_access.pcre permit
smtpd_reject_footer = \c. Diagnostic info: time ($localtime), client
    ($client_address:$client_port), server ($server_name).
smtpd_reject_unlisted_recipient = yes
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
permit
smtpd_restriction_classes = relay_restrictions virtual_quota_restrictions
smtpd_sasl_auth_enable = no
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:${config_directory}/sasl_senders
    pcre:${config_directory}/sasl_senders_default.pcre
smtpd_sender_restrictions = reject_non_fqdn_sender permit_mynetworks
    reject_unknown_sender_domain reject_unlisted_sender reject_rhsbl_sender
    dbl.spamhaus.org check_sender_access
    pcre:${config_directory}/sender_access.pcre check_sender_mx_access
    cidr:${config_directory}/sender_mx_access.cidr permit
smtpd_soft_error_limit = 5
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_auth_only = no
smtpd_tls_cert_file = $xsc_smtpd_tls_cert_file
smtpd_tls_key_file = $xsc_smtpd_tls_key_file
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
transport_maps = hash:${config_directory}/transport
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = hash:${config_directory}/virtual_aliases
virtual_mailbox_domains = $xsc_virtual_mailbox_domains
virtual_mailbox_maps = hash:${config_directory}/virtual_mailboxes
virtual_quota_restrictions = check_policy_service inet:[127.0.0.1]:12340
virtual_transport = lmtp:unix:private/dovecot-lmtp

$ postconf -Mnf
postconf: fatal: with option -M, do not specify -n
sccsysop@w6xsc-gw:~$ postconf -Mf
smtp       inet  n       -       y       -       1       postscreen
smtpd      pass  -       -       y       -       -       smtpd
    -o cleanup_service_name=pre-cleanup
dnsblog    unix  -       -       y       -       0       dnsblog
tlsproxy   unix  -       -       y       -       0       tlsproxy
submission inet  n       -       -       -       -       smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable=yes
    -o
smtpd_discard_ehlo_keyword_address_maps=$mua_discard_ehlo_keyword_address_ma
ps
    -o smtpd_client_restrictions=$mua_client_restrictions
    -o smtpd_helo_restrictions=$mua_helo_restrictions
    -o smtpd_sender_restrictions=$mua_sender_restrictions
    -o smtpd_relay_restrictions=$mua_relay_restrictions
    -o smtpd_recipient_restrictions=$mua_recipient_restrictions
    -o
smtpd_client_connection_count_limit=$mua_client_connection_count_limit
    -o smtpd_client_connection_rate_limit=$mua_client_connection_rate_limit
    -o smtpd_client_message_rate_limit=$mua_client_message_rate_limit
    -o smtpd_client_recipient_rate_limit=$mua_client_recipient_rate_limit
    -o smtpd_recipient_limit=$mua_recipient_limit
    -o smtpd_recipient_overshoot_limit=$mua_recipient_overshoot_limit
    -o milter_macro_daemon_name=ORIGINATING
    -o cleanup_service_name=pre-cleanup
pickup     unix  n       -       y       60      1       pickup
    -o cleanup_service_name=pre-cleanup
cleanup    unix  n       -       y       -       0       cleanup
    -o mime_header_checks=
    -o nested_header_checks=
    -o body_checks=
    -o header_checks=
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       y       -       -       smtp
relay      unix  -       -       y       -       -       smtp
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
maildrop   unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu
    user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F
user=ftn
    argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq.
    user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R
    user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
    ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FR
    user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
    ${user}
pre-cleanup unix n       -       n       -       0       cleanup
    -o virtual_alias_maps=
amavisfeed unix  -       -       n       -       2       lmtp
    -o syslog_name=postfix/amavisfeed
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
    -o lmtp_tls_note_starttls_offer=no
127.0.0.1:10025 inet n   -       n       -       -       smtpd
    -o syslog_name=postfix/amavisreturn
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,n
o_milters
    -o local_header_rewrite_clients=
    -o smtpd_milters=
    -o local_recipient_maps=
    -o relay_recipient_maps=

Reply | Threaded
Open this post in threaded view
|

Re: wrong From: and Return Path: address

Benny Pedersen-2
Michael Fox skrev den 2017-09-21 19:52:
> I have a problem that seems to have started when I upgraded from Ubuntu
> 14.04/Postfix 2.11.0 to Ubuntu 16.04/Postfix 3.1.0.  It involves the
> From:
> and Return Path: addresses seen by recipients of mail sent from a
> virtual
> domain on that machine.

you should not care of return-path at all, and if you try to make them
equal with from you have a hard time with that job, no logs no problem,
but thanks for postconf -n and postconf -Mf anyway

need more help show logs of a real problem
Reply | Threaded
Open this post in threaded view
|

RE: wrong From: and Return Path: address

Michael Fox
> Michael Fox skrev den 2017-09-21 19:52:
> > I have a problem that seems to have started when I upgraded from Ubuntu
> > 14.04/Postfix 2.11.0 to Ubuntu 16.04/Postfix 3.1.0.  It involves the
> > From:
> > and Return Path: addresses seen by recipients of mail sent from a
> > virtual
> > domain on that machine.
>
> you should not care of return-path at all, and if you try to make them
> equal with from you have a hard time with that job, no logs no problem,
> but thanks for postconf -n and postconf -Mf anyway

Thanks Benny.

I don't really care about Return-path and I'm not trying to make them equal.
Again, what I reported is that recipients on Gmail, Yahoo, Rackspace and
others see the correct value (user@virtualdomain) in both headers (Return
Path: and From: ), whether I send from the new Postfix 3.1.0 machine or the
older Postfix 2.11.0 machine.  However, recipients at this one (large) email
provider see the wrong value (user@gatewayhostname) in both headers when
sending from Postfix 3.1.0 and the right value (user@virtualdomain) when
sending from Postfix 2.11.0.

> need more help show logs of a real problem

Here are two sets of logs.  The first is from the Postfix 3.1.0 machine
which results in the recipient seeing the wrong From: address.  The second
is from the Postfix 2.11.0 machine which results in the recipient seeing the
correct address.  In both cases, I included submission of the message
through delivery to the destination.

I'm not very skilled at interpreting the logs, but I've looked at them line
by line and I don't see where the destination server would ever get "From:
[hidden email]".  I'm hoping that someone here with more
knowledge than me can see where I went wrong.  I'm stumped.

Thanks,
Michael

From Postfix 3.1.0 - recipient sees From: [hidden email],
should be From: [hidden email]

Sep 21 18:45:41 w6xsc-gw postfix/submission/smtpd[26419]: connect from
n6mef-gw.n6mef.org[173.167.109.217]
Sep 21 18:45:41 w6xsc-gw postfix/submission/smtpd[26419]: Anonymous TLS
connection established from n6mef-gw.n6mef.org[173.167.109.217]: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Sep 21 18:45:41 w6xsc-gw dovecot: auth:
passwd-file([hidden email],173.167.109.217): unknown user
Sep 21 18:45:41 w6xsc-gw postfix/submission/smtpd[26419]: 6A9E31F70E:
client=n6mef-gw.n6mef.org[173.167.109.217], sasl_method=CRAM-MD5,
sasl_username=[hidden email]
Sep 21 18:45:41 w6xsc-gw postfix/pre-cleanup/cleanup[26426]: 6A9E31F70E:
message-id=<[hidden email]>
Sep 21 18:45:41 w6xsc-gw opendkim[1408]: 6A9E31F70E: DKIM-Signature field
added (s=mail61709, d=email6.scc-ares-races.org)
Sep 21 18:45:41 w6xsc-gw postfix/qmgr[26352]: 6A9E31F70E:
from=<[hidden email]>, size=673, nrcpt=1 (queue active)
Sep 21 18:45:41 w6xsc-gw amavis[2735]: (02735-07) LMTP [127.0.0.1]:10024
/var/lib/amavis/tmp/amavis-20170921T061543-02735-H33h2gd8:
<[hidden email]> -> <[hidden email]> SIZE=673
BODY=8BITMIME Received: from w6xsc-gw.scc-ares-races.org ([127.0.0.1]) by
localhost (w6xsc-gw.scc-ares-races.org [127.0.0.1]) (amavisd-new, port
10024) with LMTP for <[hidden email]>; Thu, 21 Sep 2017 18:45:41 -0700
(PDT)
Sep 21 18:45:41 w6xsc-gw postfix/submission/smtpd[26419]: disconnect from
n6mef-gw.n6mef.org[173.167.109.217] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1
data=1 quit=1 commands=8
Sep 21 18:45:41 w6xsc-gw amavis[2735]: (02735-07) dkim: VALID
Author+Sender+MailFrom signature by d=email6.scc-ares-races.org, From:
<[hidden email]>, a=rsa-sha256, c=simple/simple,
s=mail61709, i=@email6.scc-ares-races.org
Sep 21 18:45:41 w6xsc-gw amavis[2735]: (02735-07) Checking: EmxshYSM9dtH
[173.167.109.217] <[hidden email]> -> <[hidden email]>
Sep 21 18:45:41 w6xsc-gw amavis[2735]: (02735-07) Open relay? Nonlocal
recips but not originating: [hidden email]
Sep 21 18:45:41 w6xsc-gw amavis[2735]: (02735-07) p001 1 Content-Type:
text/plain, size: 10 B, name:
Sep 21 18:45:42 w6xsc-gw postfix/amavisreturn/smtpd[26431]: connect from
localhost.localdomain[127.0.0.1]
Sep 21 18:45:42 w6xsc-gw postfix/amavisreturn/smtpd[26431]: 380AA1F824:
client=localhost.localdomain[127.0.0.1]
Sep 21 18:45:42 w6xsc-gw postfix/cleanup[26432]: 380AA1F824:
message-id=<[hidden email]>
Sep 21 18:45:42 w6xsc-gw postfix/amavisreturn/smtpd[26431]: disconnect from
localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1
commands=5
Sep 21 18:45:42 w6xsc-gw postfix/qmgr[26352]: 380AA1F824:
from=<[hidden email]>, size=1552, nrcpt=1 (queue active)
Sep 21 18:45:42 w6xsc-gw amavis[2735]: (02735-07) EmxshYSM9dtH FWD from
<[hidden email]> -> <[hidden email]>, BODY=7BIT 250
2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 380AA1F824
Sep 21 18:45:42 w6xsc-gw amavis[2735]: (02735-07) Passed CLEAN
{RelayedOpenRelay}, [173.167.109.217]:12252 [173.167.109.217]
<[hidden email]> -> <[hidden email]>, Queue-ID:
6A9E31F70E, Message-ID:
<[hidden email]>, mail_id:
EmxshYSM9dtH, Hits: -4.1, size: 1017, queued_as: 380AA1F824,
dkim_sd=mail61709:email6.scc-ares-races.org, 719 ms
Sep 21 18:45:42 w6xsc-gw amavis[2735]: (02735-07) TIMING-SA total 573 ms -
parse: 1.92 (0.3%), extract_message_metadata: 4.0 (0.7%),
get_uri_detail_list: 0.35 (0.1%), tests_pri_-1000: 11 (1.9%),
tests_pri_-950: 2.5 (0.4%), tests_pri_-900: 2.1 (0.4%), tests_pri_-400: 1.70
(0.3%), tests_pri_0: 497 (86.7%), check_spf: 0.48 (0.1%), check_razor2: 385
(67.2%), check_pyzor: 74 (12.9%), tests_pri_500: 6 (1.0%), learn: 33 (5.7%),
b_learn: 30 (5.2%), b_count_change: 12 (2.0%), get_report: 0.65 (0.1%)
Sep 21 18:45:42 w6xsc-gw postfix/amavisfeed/lmtp[26427]: 6A9E31F70E:
to=<[hidden email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.83,
delays=0.1/0.01/0/0.72, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 380AA1F824)
Sep 21 18:45:42 w6xsc-gw amavis[2735]: (02735-07) size: 1017, TIMING [total
726 ms] - SMTP greeting: 2.1 (0%)0, SMTP LHLO: 0.9 (0%)0, SMTP pre-MAIL: 1.0
(0%)1, SMTP pre-DATA-flush: 3.0 (0%)1, SMTP DATA: 36 (5%)6, check_init: 0.5
(0%)6, digest_hdr: 2.5 (0%)6, digest_body_dkim: 7 (1%)7, collect_info: 3.0
(0%)8, mime_decode: 9 (1%)9, get-file-type1: 19 (3%)11, parts_decode: 0.2
(0%)11, check_header: 0.6 (0%)12, AV-scan-1: 7 (1%)12, spam-wb-list: 1.0
(0%)13, SA msg read: 0.4 (0%)13, SA parse: 2.4 (0%)13, SA check: 568
(78%)91, decide_mail_destiny: 6 (1%)92, notif-quar: 0.3 (0%)92, fwd-connect:
19 (3%)95, fwd-mail-pip: 11 (2%)96, fwd-rcpt-pip: 0.3 (0%)96,
fwd-data-chkpnt: 0.1 (0%)96, write-header: 0.6 (0%)96, fwd-data-contents:
0.1 (0%)96, fwd-end-chkpnt: 10 (1%)98, prepare-dsn: 1.1 (0%)98, report: 2.2
(0%)98, main_log_entry: 8 (1%)99, update_snmp: 3.1 (0%)100, SMTP
pre-response: 0.4 (0%)100, SMTP response: 0.3 (0%)100, unlink-1-files: 0.3
(0%)100, rundown: 0.9 (0%)100
Sep 21 18:45:42 w6xsc-gw postfix/qmgr[26352]: 6A9E31F70E: removed
Sep 21 18:45:43 w6xsc-gw postfix/smtp[26433]: 380AA1F824:
to=<[hidden email]>, relay=mailin-02.mx.sonic.net[69.12.210.173]:25,
delay=1.5, delays=0.02/0.01/1.1/0.35, dsn=2.0.0, status=sent (250 2.0.0
v8M1jgLS017129 Message accepted for delivery)
Sep 21 18:45:43 w6xsc-gw postfix/qmgr[26352]: 380AA1F824: removed


From Postfix 2.11.0 - the same recipient as above sees correct From:
address:  [hidden email]

Sep 21 18:43:22 n6mef-gw postfix/submission/smtpd[9519]: connect from
unknown[192.168.7.147]
Sep 21 18:43:22 n6mef-gw postfix/submission/smtpd[9519]: Anonymous TLS
connection established from unknown[192.168.7.147]: TLSv1.2 with cipher
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Sep 21 18:43:22 n6mef-gw dovecot: auth:
passwd-file([hidden email],192.168.7.147): unknown user
Sep 21 18:43:22 n6mef-gw postfix/submission/smtpd[9519]: D30ED1F8:
client=unknown[192.168.7.147], sasl_method=CRAM-MD5,
sasl_username=[hidden email]
Sep 21 18:43:22 n6mef-gw postfix/pre-cleanup/cleanup[9524]: D30ED1F8:
message-id=<[hidden email]>
Sep 21 18:43:22 n6mef-gw opendkim[3104]: D30ED1F8: DKIM-Signature field
added (s=mail01700, d=email.n6mef.org)
Sep 21 18:43:22 n6mef-gw mimedefang.pl[9411]: D30ED1F8: filter_begin: Enter
Sep 21 18:43:22 n6mef-gw mimedefang.pl[9411]: D30ED1F8: filter_begin: Exit
Sep 21 18:43:22 n6mef-gw mimedefang.pl[9411]: D30ED1F8: filter_end: Enter
Sep 21 18:43:22 n6mef-gw mimedefang.pl[9411]: D30ED1F8:
MDLOG,D30ED1F8,mail_in,,,<[hidden email]>,<[hidden email]>,test
good
Sep 21 18:43:22 n6mef-gw mimedefang.pl[9411]: D30ED1F8: filter_end: Exit
Sep 21 18:43:23 n6mef-gw postfix/qmgr[9455]: D30ED1F8:
from=<[hidden email]>, size=639, nrcpt=1 (queue active)
Sep 21 18:43:23 n6mef-gw amavis[2514]: (02514-06) LMTP::10024
/var/lib/amavis/tmp/amavis-20170920T174708-02514-cBtySv0X:
<[hidden email]> -> <[hidden email]> SIZE=639 BODY=8BITMIME
Received: from n6mef-gw.n6mef.org ([127.0.0.1]) by localhost
(n6mef-gw.n6mef.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP for
<[hidden email]>; Thu, 21 Sep 2017 18:43:23 -0700 (PDT)
Sep 21 18:43:23 n6mef-gw amavis[2514]: (02514-06) dkim: VALID
Author+Sender+MailFrom signature by d=email.n6mef.org, From:
<[hidden email]>, a=rsa-sha256, c=simple/simple, s=mail01700,
i=@email.n6mef.org
Sep 21 18:43:23 n6mef-gw amavis[2514]: (02514-06) Checking: 6xdyL5iwLkkP
[192.168.7.147] <[hidden email]> -> <[hidden email]>
Sep 21 18:43:23 n6mef-gw amavis[2514]: (02514-06) Open relay? Nonlocal
recips but not originating: [hidden email]
Sep 21 18:43:23 n6mef-gw amavis[2514]: (02514-06) p001 1 Content-Type:
text/plain, size: 11 B, name:
Sep 21 18:43:23 n6mef-gw postfix/submission/smtpd[9519]: disconnect from
unknown[192.168.7.147]
Sep 21 18:43:25 n6mef-gw postfix/amavisreturn/smtpd[9529]: connect from
localhost.localdomain[127.0.0.1]
Sep 21 18:43:25 n6mef-gw postfix/amavisreturn/smtpd[9529]: 84C081EE:
client=localhost.localdomain[127.0.0.1]
Sep 21 18:43:25 n6mef-gw postfix/cleanup[9530]: 84C081EE:
message-id=<[hidden email]>
Sep 21 18:43:25 n6mef-gw postfix/qmgr[9455]: 84C081EE:
from=<[hidden email]>, size=1514, nrcpt=1 (queue active)
Sep 21 18:43:25 n6mef-gw postfix/amavisreturn/smtpd[9529]: disconnect from
localhost.localdomain[127.0.0.1]
Sep 21 18:43:25 n6mef-gw amavis[2514]: (02514-06) FWD from
<[hidden email]> -> <[hidden email]>,BODY=7BIT 250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 84C081EE
Sep 21 18:43:25 n6mef-gw amavis[2514]: (02514-06) Passed CLEAN
{RelayedOpenRelay}, [192.168.7.147]:62053 [192.168.7.147]
<[hidden email]> -> <[hidden email]>, Queue-ID: D30ED1F8,
Message-ID: <[hidden email]>, mail_id:
6xdyL5iwLkkP, Hits: -2.1, size: 1017, queued_as: 84C081EE,
dkim_sd=mail01700:email.n6mef.org, 2551 ms
Sep 21 18:43:25 n6mef-gw amavis[2514]: (02514-06) TIMING-SA total 2460 ms -
parse: 0.52 (0.0%), extract_message_metadata: 1.02 (0.0%),
get_uri_detail_list: 0.11 (0.0%), tests_pri_-1000: 1.47 (0.1%),
tests_pri_-950: 0.58 (0.0%), tests_pri_-900: 0.41 (0.0%), tests_pri_-400:
0.38 (0.0%), tests_pri_0: 2395 (97.3%), check_spf: 0.15 (0.0%),
check_razor2: 2116 (86.0%), check_pyzor: 268 (10.9%), tests_pri_500: 2.4
(0.1%), learn: 54 (2.2%), b_learn: 53 (2.2%), b_count_change: 2.6 (0.1%),
get_report: 0.21 (0.0%)
Sep 21 18:43:25 n6mef-gw postfix/amavisfeed/lmtp[9525]: D30ED1F8:
to=<[hidden email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7,
delays=0.16/0/0/2.6, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 84C081EE)
Sep 21 18:43:25 n6mef-gw amavis[2514]: (02514-06) size: 1017, TIMING [total
2552 ms] - SMTP greeting: 1 (0%)0, SMTP LHLO: 0 (0%)0, SMTP pre-MAIL: 0
(0%)0, SMTP pre-DATA-flush: 1 (0%)0, SMTP DATA: 36 (1%)2, check_init: 0
(0%)2, digest_hdr: 1 (0%)2, digest_body_dkim: 2 (0%)2, mime_decode: 3 (0%)2,
get-file-type1: 5 (0%)2, parts_decode: 0 (0%)2, check_header: 0 (0%)2,
AV-scan-1: 2 (0%)2, spam-wb-list: 0 (0%)2, SA parse: 1 (0%)2, SA check: 2459
(96%)98, decide_mail_destiny: 2 (0%)98, notif-quar: 0 (0%)98, fwd-connect: 6
(0%)99, fwd-mail-pip: 3 (0%)99, fwd-rcpt-pip: 0 (0%)99, fwd-data-chkpnt: 0
(0%)99, write-header: 0 (0%)99, fwd-data-contents: 0 (0%)99, fwd-end-chkpnt:
25 (1%)100, prepare-dsn: 0 (0%)100, main_log_entry: 3 (0%)100, update_snmp:
1 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 0 (0%)100,
unlink-1-files: 0 (0%)100, rundown: 0 (0%)100
Sep 21 18:43:25 n6mef-gw postfix/qmgr[9455]: D30ED1F8: removed
Sep 21 18:43:26 n6mef-gw postfix/smtp[9531]: 84C081EE:
to=<[hidden email]>, relay=mailin-01.mx.sonic.net[69.12.210.174]:25,
delay=1.4, delays=0.03/0/1.1/0.28, dsn=2.0.0, status=sent (250 2.0.0
v8M1hPc2018675 Message accepted for delivery)
Sep 21 18:43:26 n6mef-gw postfix/qmgr[9455]: 84C081EE: removed



Reply | Threaded
Open this post in threaded view
|

Re: wrong From: and Return Path: address

Benny Pedersen-2
Michael Fox skrev den 2017-09-22 04:07:

> I'm not very skilled at interpreting the logs, but I've looked at them
> line
> by line and I don't see where the destination server would ever get
> "From:
> [hidden email]".  I'm hoping that someone here with
> more
> knowledge than me can see where I went wrong.  I'm stumped.

sorry for late reply on this here, i noted from logs that you use
mimedefang and amavisd for same mails, why ?

and aswell that postfix send auth users mails to amavisd inbound so its
classified as incomming mails, clean that up :=)

-o content-filter override in master.cf on postfix solves this very
nice, dont use content-filer in postfix main.cf, little hint here

make sure amavisd have same mynetworks settings as postfix have, both
should know all border ips aswell as rfc1918, and ipv6 dito, basicly all
in ifconfig as a minimal

and i think you have a problem on how sasl is configured on dovecot, is
it only local system users auth that can relay mails ?, that way the
auth only check local part of the mails to allow senders, that explains
possible to change domain part and still authed for the local part of
email, check that and ask for help with that on dovecot maillist

basicly random realm domain

to big logs make it harder for me to nerrow it more dowm
Reply | Threaded
Open this post in threaded view
|

RE: wrong From: and Return Path: address

Michael Fox
> sorry for late reply on this here,

No problem Benny.  Thanks for taking the time to review ...


> i noted from logs that you use
> mimedefang and amavisd for same mails, why ?

amavisd runs spamassassin and clamav.  No difference in setup between
Postfix 2.11 and 3.1.  

I just added mimedefang to perform some additional message mangling to help
out really old clients (like removing redundant html).  But I'm confident
that's irrelevant to the From: domain problem since I can take out
mimedefang and the problem persists.
 

> and as well that postfix send auth users mails to amavisd inbound so its
> classified as incomming mails, clean that up :=)
>
> -o content-filter override in master.cf on postfix solves this very
> nice, dont use content-filer in postfix main.cf, little hint here

We want all emails to go through amavis (spamassassin and clamav), whether
they are from one of our relay domains, virtual domains, a local user, or
the outside world.  We follow /usr/share/doc/amavisd-new/README.postfix.html
section 3.1 - Filtering E-mail globally.

Are you suggesting something different?  Can you be more explicit?

Regardless, I don't think this is related to the From: domain problem since
the config is the same for Postfix 2.11 and 3.1(unless there's a mistake
that I can't find).

 
> make sure amavisd have same mynetworks settings as postfix have, both
> should know all border ips aswell as rfc1918, and ipv6 dito, basicly all
> in ifconfig as a minimal

If you're referring to the following line:

    amavis[2735]: (02735-07) Open relay? Nonlocal recips but not
originating: <user>@<domain>

then, yeah, I've struggled with that.  (And based on Internet searches many
others do, too!)  I've verified it's not an open relay.  We're not using
IPv6 and the IPv4 nets are the same in amavis mynetworks and postfix
mynetworks.  Yet it continues to complain.  

I'm not sure what you mean by "... both should know all border IPs ...".
Can you be more explicit?

Regardless, the configuration is the same in postfix 2.11 and 3.1  So I
don't see how that could be causing the difference in behavior either
(unless there's a mistake that I can't find).

 
> and i think you have a problem on how sasl is configured on dovecot, is
> it only local system users auth that can relay mails ?, that way the
> auth only check local part of the mails to allow senders, that explains
> possible to change domain part and still authed for the local part of
> email, check that and ask for help with that on dovecot maillist

Dovecot performs SASL authentication of virtual domain users on the
submission port.  There are only a couple of local accounts for sysadmins,
and they don't use submission or SASL.  Since the problem with the Postfix
3.1 machine DOES involve the virtual domain being changed to the mail
gateway's hostname and this doesn't happen for relay domains, you may be
onto something.  But SASL does check both local part and domain part.  And
the SASL config hasn't changed between 2.11 and 3.1 (unless there's a
mistake that I can't find).

I don't understand what problem you see.  Can you be more specific?

 
> basicly random realm domain
>
> to big logs make it harder for me to nerrow it more dowm

Well, thanks for taking a look.  I've been over and over the configs using
diff tools and I don't find anything significantly different between the
2.11 and the 3.1 configs.  Yet the 3.1 system results in the recipient
seeing the wrong From: domain at one (so far) email hosting provider.

The email hosting provider took a pcap trace and doesn't see anything wrong
yet with the SMTP session, but will continue to research on Monday.  

Michael