Sending from multiple IPs, based on a header?
in [Postfix]
|
Prev: Relayhost to multiple hosts
Next: Postfix Multiple IPs
From: Ian Duggan on 18 Nov 2009 15:24 I am trying to configure postfix to work as follows: 1) In a header_check, look for a header "X-Vmta: n" where n is some number. 2) Based on n, choose an outgoing smtp transport (bound to some ip) Basically I want postfix to choose the outgoing IP based on a header that can be placed within the message. I have configured it thusly, so far, but I am getting a "mail loops back to myself" error. main.cf: header_checks = regexp:/etc/postfix/header_checks header_checks: /^X-Vmta.*1$/ FILTER vmta1: /^X-Vmta.*2$/ FILTER vmta2: /^X-Vmta.*3$/ FILTER vmta3: /^X-Vmta.*4$/ FILTER vmta4: /^X-Vmta.*5$/ FILTER vmta5: master.cf: vmta1 unix - - n - - smtp -o smtp_bind_address=x.x.x.x vmta2 unix - - n - - smtp -o smtp_bind_address=y.y.y.y vmta3 unix - - n - - smtp -o smtp_bind_address=z.z.z.z vmta4 unix - - n - - smtp -o smtp_bind_address=w.w.w.w.w vmta5 unix - - n - - smtp -o smtp_bind_address=v.v.v.v My expectation was that the header_check would "tag" the mails when readding them to the queue and then they would go out the specified transport, but maybe the loop detection in postfix is defeating me? Is it that the requeued emails also pass through the header_checks? I'm fine with stripping off the header during the check to avoid that, but I don't see how to FILTER and IGNORE the same line based on header_checks(5). Ideas? --Ian
From: Wietse Venema on 18 Nov 2009 15:34 Ian Duggan: > I am trying to configure postfix to work as follows: > > 1) In a header_check, look for a header "X-Vmta: n" where n is some number. > 2) Based on n, choose an outgoing smtp transport (bound to some ip) > > Basically I want postfix to choose the outgoing IP based on a header > that can be placed within the message. I have configured it thusly, so > far, but I am getting a "mail loops back to myself" error. It means that the recipient domain resolves to a local address. Unfortunately you ignored instructions in the mailing list welcome message, and therefore there is no more concrete answer. Wietse > main.cf: > header_checks = regexp:/etc/postfix/header_checks > > header_checks: > /^X-Vmta.*1$/ FILTER vmta1: > /^X-Vmta.*2$/ FILTER vmta2: > /^X-Vmta.*3$/ FILTER vmta3: > /^X-Vmta.*4$/ FILTER vmta4: > /^X-Vmta.*5$/ FILTER vmta5: > > master.cf: > vmta1 unix - - n - - smtp > -o smtp_bind_address=x.x.x.x > vmta2 unix - - n - - smtp > -o smtp_bind_address=y.y.y.y > vmta3 unix - - n - - smtp > -o smtp_bind_address=z.z.z.z > vmta4 unix - - n - - smtp > -o smtp_bind_address=w.w.w.w.w > vmta5 unix - - n - - smtp > -o smtp_bind_address=v.v.v.v > > My expectation was that the header_check would "tag" the mails when > readding them to the queue and then they would go out the specified > transport, but maybe the loop detection in postfix is defeating me? Is > it that the requeued emails also pass through the header_checks? I'm > fine with stripping off the header during the check to avoid that, but > I don't see how to FILTER and IGNORE the same line based on > header_checks(5). > > Ideas? > > --Ian > >
From: Ian Duggan on 18 Nov 2009 16:37 On Wed, Nov 18, 2009 at 12:34 PM, Wietse Venema <wietse(a)porcupine.org> wrote: >> far, but I am getting a "mail loops back to myself" error. > > It means that the recipient domain resolves to a local address. > > Unfortunately you ignored instructions in the mailing list welcome > message, and therefore there is no more concrete answer. My apologies, trying again. The recipient domain does not map to this machine, as near as I can tell. This machine hosts mail for users @scribd.com. I am sending mail to ian(a)ianduggan.net, through this server. I am trying to configure postfix to work as follows: 1) In a header_check, look for a header "X-Vmta: n" where n is some number. 2) Based on n, choose an outgoing smtp transport (bound to some ip) Basically I want postfix to choose the outgoing IP based on a header that can be placed within the message. I am getting a "mail loops back to myself" error, however. The log output produced during the send is this: Nov 18 15:19:22 mail01 postfix/cleanup[3242]: D9024B689D2: filter: header X-Vmta: 2 from unknown[192.168.100.114]; from=<donotreply(a)scribd.com> to=<test.scribd(a)gmail.com> proto=SMTP helo=<raptor.local>: vmta2: Nov 18 15:19:22 mail01 postfix/smtp[3333]: D9024B689D2: to=<test.scribd(a)gmail.com>, relay=none, delay=0.05, delays=0.05/0/0/0, dsn=5.4.6, status=bounced (mail for mail01.scribd.com loops back to myself) header_checks is here: header_checks: /^X-Vmta.*1$/ FILTER vmta1: /^X-Vmta.*2$/ FILTER vmta2: /^X-Vmta.*3$/ FILTER vmta3: /^X-Vmta.*4$/ FILTER vmta4: /^X-Vmta.*5$/ FILTER vmta5: Postfinger output: [root(a)mail01 postfix]# postfinger postfinger - postfix configuration on Wed Nov 18 15:26:55 CST 2009 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 2.5.1 hostname = mail01.scribd.com uname = Linux mail01.scribd.com 2.6.18-128.el5 #1 SMP Wed Jan 21 10:41:14 EST 2009 x86_64 x86_64 x86_64 GNU/Linux --Packaging information-- looks like this postfix comes from RPM package: postfix-2.5.1-1.mysql.sasl2.vda.rhel5 --main.cf non-default parameters-- alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases bounce_queue_lifetime = 3d disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.5.1-documentation/html mailbox_size_limit = 1000000000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 100000000 milter_default_action = accept mydestination = mail01.scribd.com, localhost, mail01.local, localhost.scribd.com mynetworks = 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8, 87.228.12.149 myorigin = scribd.com newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = inet:localhost:10099 readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme recipient_delimiter = + sendmail_path = /usr/sbin/sendmail.postfix smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_milters = inet:localhost:10099 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:60000, permit transport_maps = hash:/etc/postfix/transport virtual_alias_domains = scribd.com, ipaper.scribd.com virtual_alias_maps = hash:/etc/postfix/virtual --master.cf-- smtp inet n - n - - smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp fast unix - - n - 50 smtp vmta1 unix - - n - - smtp -o smtp_bind_address=87.228.12.149 vmta2 unix - - n - - smtp -o smtp_bind_address=174.66.250.36 vmta3 unix - - n - - smtp -o smtp_bind_address=174.66.250.37 vmta4 unix - - n - - smtp -o smtp_bind_address=174.66.250.38 vmta5 unix - - n - - smtp -o smtp_bind_address=174.66.250.39 relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache -- end of postfinger output -- --Ian
From: Wietse Venema on 18 Nov 2009 17:03 Ian Duggan: > Nov 18 15:19:22 mail01 postfix/smtp[3333]: D9024B689D2: > to=<test.scribd(a)gmail.com>, relay=none, delay=0.05, delays=0.05/0/0/0, > dsn=5.4.6, status=bounced (mail for mail01.scribd.com loops back to > myself) > > header_checks is here: > > header_checks: > /^X-Vmta.*1$/ FILTER vmta1: > /^X-Vmta.*2$/ FILTER vmta2: > /^X-Vmta.*3$/ FILTER vmta3: > /^X-Vmta.*4$/ FILTER vmta4: > /^X-Vmta.*5$/ FILTER vmta5: Could the problem be that FILTER, as documented, expects a destination? FILTER transport:destination Write a content filter request to the queue file, and inspect the next input line. After the complete message is received it will be sent through the specified external content filter. More information about external content filters is in the Post- fix FILTER_README file. The header_checks(5) manpage does not say what happens when the destination is omitted. The access(5) manpage refers to the transports(5) manpage for syntax (the syntax depends on the type of delivery agent). The transports(5) manpage mentions that the destination defaults to the recipient domain. However, the scheduler uses a different default, which appears to be inconsistent. I wonder what would break if this were to be changed. For now, perhaps your header_checks rules can copy the recipient domain to the FILTER command. Wietse
From: Ian Duggan on 18 Nov 2009 18:49
On Wed, Nov 18, 2009 at 2:03 PM, Wietse Venema <wietse(a)porcupine.org> wrote: > The transports(5) manpage mentions that the destination defaults > to the recipient domain. However, the scheduler uses a different > default, which appears to be inconsistent. I wonder what would > break if this were to be changed. Yes, this seems to be the issue. I'm depending on, from transport(5): "A non-null transport field with a null nexthop field resets the nexthop information to the recipient domain." which doesn't seem to be happening. If you can direct me to the relevant scheduler code or have a patch I could try, I'd be happy to test it and see what happens. > For now, perhaps your header_checks rules can copy the recipient > domain to the FILTER command. Success! Well, more or less. This is working, but I'm not 100% satisfied with it since the sender has to specify the domain to send to twice in the email, making sure the X-Vmta header matches the recipient domain. /^X-Vmta.*\s*([0-9]+)(\s*(\S*))?/ FILTER vmta${1}:${3} So: "X-Vmta: 3 gmail.com" maps to "vmta3:gmail.com" Can anyone think of a way to easily grab the recipient domain from the To: header line and have it available somehow when writing the FILTER line? I can't envision a way to pass information between lines like that. My preference is to figure out how to get postfix to do what transport(5) seems to indicate it should, however. --Ian |