Failed check "loops back to myself"
in [Postfix]
|
Prev: redirecting non local accounts to their respective domain email address
Next: redirecting non local accounts to their respective domainemail address
From: Carlos Velasco on 17 Jun 2010 12:01 Hello, I am having a weird problem of "loops back to myself" mail. I have setup 2 postfix instances "work" and "dummy". The "work" instance listen on IP 1.1.2.1 port 25 and deliver mail to Internet and transport to another server for inside domains. This is working fine. The "dummy" instance is a new instance, listen on IP 1.1.2.1 port 12025 and its function should be simply to deliver received mail to "work" instance on port 25. The "dummy" instance has myhostname changed and relayhost set to: relayhost = [1.1.2.1]:25 Problem is that "dummy" believes that destination is itself and "loops back to myself" is logged. It is wrong because destination is really "work" instance (port 25) not itself (port 12025). Is there any way to solve this? Or any way to turn off this check for this instance? Jun 17 16:26:57 mail:info postfix-dummy/smtpd: postfix-dummy/smtpd[2482]: connect from mx1.domain.com[1.1.2.1] Jun 17 16:26:58 mail:info postfix-dummy/smtpd: postfix-dummy/smtpd[2482]: 920B41E099: client=mx1.domain.com[1.1.2.1] Jun 17 16:26:58 mail:info postfix-dummy/cleanup: postfix-dummy/cleanup[2484]: 920B41E099: message-id=<20100617142658.920B41E099(a)dummy-andromeda.domain.com> Jun 17 16:26:58 mail:info postfix-dummy/qmgr: postfix-dummy/qmgr[2480]: 920B41E099: from=<from(a)srcdomain.com>, size=374, nrcpt=1 (queue active) Jun 17 16:26:58 mail:warning postfix-dummy/smtp: postfix-dummy/smtp[2485]: warning: relayhost configuration problem Jun 17 16:26:58 mail:info postfix-dummy/smtp: postfix-dummy/smtp[2485]: 920B41E099: to=<destination(a)dstdomain.com>, relay=none, delay=0.1, delays=0.09/0.01/0/0, dsn=4.3.5, status=deferred (mail for 1.1.2.1 loops back to myself) As a workaround I can use, in "dummy" instance: relayhost = [1.1.2.1]:2500 And then in "work" instance add the port (service) 2500 in master.cf as smtp. This works as it seems that "loop check" is ignored if relayhost is not to port 25, but I don't like this solution very much. Any other way to turn this check off or so? Regards, Carlos Velasco *************** AVISO LEGAL *************** Este mensaje va dirigido, de manera exclusiva, a su destinatario y contiene informaci�n confidencial y sujeta al secreto profesional, cuya divulgaci�n no est� permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique mediante correo electr�nico remitido a nuestra atenci�n o a trav�s del tel�fono (+34 914531200) y proceda a su eliminaci�n, as� como a la de cualquier documento adjunto al mismo. Asimismo, le comunicamos que la distribuci�n, copia o utilizaci�n de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, est�n prohibidas por la ley. Le informamos, como destinatario de este mensaje, que el correo electr�nico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as� como tampoco su integridad o su correcta recepci�n, por lo que el CNIC no asume responsabilidad alguna por tales circunstancias. Si no consintiese la utilizaci�n del correo electr�nico o de las comunicaciones v�a Internet le rogamos nos lo comunique y ponga en nuestro conocimiento de manera inmediata. *************** LEGAL NOTICE ************** This message is intended exclusively for the person to whom it is addressed and contains privileged and confidential information protected from disclosure by law. If you are not the addressee indicated in this message, you should immediately delete it and any attachments and notify the sender by reply e-mail or by phone (+34 914531200). In such case, you are hereby notified that any dissemination, distribution, copying or use of this message or any attachments, for any purpose, is strictly prohibited by law. We hereby inform you, as addressee of this message, that e-mail and Internet do not guarantee the confidentiality, nor the completeness or proper reception of the messages sent and, thus, CNIC does not assume any liability for those circumstances. Should you not agree to the use of e-mail or to communications via Internet, you are kindly requested to notify us immediately.
From: Carlos Velasco on 17 Jun 2010 12:38 Some additional information. Postfix version is 2.7.1 smtp -v shows: Jun 17 18:36:00 mail:info postfix-dummy/smtp: postfix-dummy/smtp[4212]: connecting to 1.1.2.1 port 25 Jun 17 18:36:00 mail:info postfix-dummy/smtp: postfix-dummy/smtp[4212]: smtp_addr_one: host 1.1.2.1 Jun 17 18:36:00 mail:info postfix-dummy/smtp: postfix-dummy/smtp[4212]: smtp_find_self: found self at pref 0 Jun 17 18:36:00 mail:warning postfix-dummy/smtp: postfix-dummy/smtp[4212]: warning: relayhost configuration problem .... Jun 17 18:36:00 mail:info postfix-dummy/smtp: postfix-dummy/smtp[4212]: send attr action = delayed Jun 17 18:36:00 mail:info postfix-dummy/smtp: postfix-dummy/smtp[4212]: send attr reason = mail for 1.1.2.1 loops back to myself Jun 17 18:36:00 mail:info postfix-dummy/smtp: postfix-dummy/smtp[4212]: private/defer socket: wanted attribute: status *************** AVISO LEGAL *************** Este mensaje va dirigido, de manera exclusiva, a su destinatario y contiene informaci�n confidencial y sujeta al secreto profesional, cuya divulgaci�n no est� permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique mediante correo electr�nico remitido a nuestra atenci�n o a trav�s del tel�fono (+34 914531200) y proceda a su eliminaci�n, as� como a la de cualquier documento adjunto al mismo. Asimismo, le comunicamos que la distribuci�n, copia o utilizaci�n de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, est�n prohibidas por la ley. Le informamos, como destinatario de este mensaje, que el correo electr�nico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as� como tampoco su integridad o su correcta recepci�n, por lo que el CNIC no asume responsabilidad alguna por tales circunstancias. Si no consintiese la utilizaci�n del correo electr�nico o de las comunicaciones v�a Internet le rogamos nos lo comunique y ponga en nuestro conocimiento de manera inmediata. *************** LEGAL NOTICE ************** This message is intended exclusively for the person to whom it is addressed and contains privileged and confidential information protected from disclosure by law. If you are not the addressee indicated in this message, you should immediately delete it and any attachments and notify the sender by reply e-mail or by phone (+34 914531200). In such case, you are hereby notified that any dissemination, distribution, copying or use of this message or any attachments, for any purpose, is strictly prohibited by law. We hereby inform you, as addressee of this message, that e-mail and Internet do not guarantee the confidentiality, nor the completeness or proper reception of the messages sent and, thus, CNIC does not assume any liability for those circumstances. Should you not agree to the use of e-mail or to communications via Internet, you are kindly requested to notify us immediately.
From: Victor Duchovni on 17 Jun 2010 12:42 On Thu, Jun 17, 2010 at 06:01:33PM +0200, Carlos Velasco wrote: > The "dummy" instance has myhostname changed and relayhost set to: > relayhost = [1.1.2.1]:25 The ":25" is not needed and best avoided. > Problem is that "dummy" believes that destination is itself and "loops > back to myself" is logged. It is wrong because destination is really > "work" instance (port 25) not itself (port 12025). Loop detection is on by default when the destination port is 25. Loop detection matches on either banner hostnames or interfaces or IP addresses found in inet_interfaces or proxy_addresses. Remove 192.0.2.1 (better example address than 1.1.2.1) from inet_interfaces in the "dummy" instance. e.g.: inet_interfaces = 127.0.0.1 and in master.cf use 192.0.2.1:12025 smtp inet ... smtpd to explicitly bind the IP owned (on port 25) by the other instance. Then the IP address in question will not trigger loop detection. Alternatively, you can override "inet_interfaces" for just the smtp(8) delivery agent: smtp unix ... smtp -o inet_interfaces=127.0.0.1 Ideally, avoid port 25 forwarding between instances on the same host where multiple instances use the same IP. So IMHO the non-default forwarding port is the cleaner solution. -- Viktor.
From: Carlos Velasco on 17 Jun 2010 12:55 > Loop detection is on by default when the destination port is 25. > Loop detection matches on either banner hostnames or interfaces > or IP addresses found in inet_interfaces or proxy_addresses. It could be good to have a switch to turn it off for cases like this :) > Alternatively, you can override "inet_interfaces" for just the > smtp(8) delivery agent: > > smtp unix ... smtp > -o inet_interfaces=127.0.0.1 I think I will go with this as this one doesn't need smtpd to listen on 127.0.0.1:25. Thank you very much. Regards *************** AVISO LEGAL *************** Este mensaje va dirigido, de manera exclusiva, a su destinatario y contiene informaci�n confidencial y sujeta al secreto profesional, cuya divulgaci�n no est� permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique mediante correo electr�nico remitido a nuestra atenci�n o a trav�s del tel�fono (+34 914531200) y proceda a su eliminaci�n, as� como a la de cualquier documento adjunto al mismo. Asimismo, le comunicamos que la distribuci�n, copia o utilizaci�n de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, est�n prohibidas por la ley. Le informamos, como destinatario de este mensaje, que el correo electr�nico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as� como tampoco su integridad o su correcta recepci�n, por lo que el CNIC no asume responsabilidad alguna por tales circunstancias. Si no consintiese la utilizaci�n del correo electr�nico o de las comunicaciones v�a Internet le rogamos nos lo comunique y ponga en nuestro conocimiento de manera inmediata. *************** LEGAL NOTICE ************** This message is intended exclusively for the person to whom it is addressed and contains privileged and confidential information protected from disclosure by law. If you are not the addressee indicated in this message, you should immediately delete it and any attachments and notify the sender by reply e-mail or by phone (+34 914531200). In such case, you are hereby notified that any dissemination, distribution, copying or use of this message or any attachments, for any purpose, is strictly prohibited by law. We hereby inform you, as addressee of this message, that e-mail and Internet do not guarantee the confidentiality, nor the completeness or proper reception of the messages sent and, thus, CNIC does not assume any liability for those circumstances. Should you not agree to the use of e-mail or to communications via Internet, you are kindly requested to notify us immediately.
From: Victor Duchovni on 17 Jun 2010 22:35
On Thu, Jun 17, 2010 at 06:55:33PM +0200, Carlos Velasco wrote: > > Loop detection is on by default when the destination port is 25. > > Loop detection matches on either banner hostnames or interfaces > > or IP addresses found in inet_interfaces or proxy_addresses. > > It could be good to have a switch to turn it off for cases like this :) > > > Alternatively, you can override "inet_interfaces" for just the > > smtp(8) delivery agent: > > > > smtp unix ... smtp > > -o inet_interfaces=127.0.0.1 > > I think I will go with this as this one doesn't need smtpd to listen on > 127.0.0.1:25. I think this is a mistake, in the sense that it is a crude work-around. The right solution is keep the "inet_interfaces" settings of Postfix instances *disjoint*, and to never forward mail to port 25 *within* an instance. This keeps things clear and predictable. - Each instance "owns" a separate pool of IPs - Internal forwarding is never to port 25, that's where outside mail comes in, and you never loop it back-in again. - Loop detection is not disabled. Don't fight the system, work within the design. -- Viktor. |