Difference between revisions of "Postfix SRS Only Forwarded Emails"

From ivc wiki
Jump to navigationJump to search
Line 36: Line 36:
Log from working system:
Log from working system:


  May 11 12:07:13 elitus postfix/smtpd[21921]: connect from nmsh5.e.xyz.com[198.123.160.199]
  May 11 12:07:13 mail postfix/smtpd[21921]: connect from nmsh5.e.xyz.com[198.123.160.199]
  May 11 12:07:13 elitus postfix/smtpd[21921]: Anonymous TLS connection established from nmsh5.e.xyz.com[198.123.160.199]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
  May 11 12:07:13 mail postfix/smtpd[21921]: Anonymous TLS connection established from nmsh5.e.xyz.com[198.123.160.199]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
  May 11 12:07:13 elitus policyd-spf[21927]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=198.123.160.199; helo=nmsh5.e.xyz.com; envelope-from=user@external.org; receiver=user@example.org
  May 11 12:07:13 mail policyd-spf[21927]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=198.123.160.199; helo=nmsh5.e.xyz.com; envelope-from=user@external.org; receiver=user@example.org
  May 11 12:07:13 elitus postfix/smtpd[21921]: F3D8914CDE4: client=nmsh5.e.xyz.com[198.123.160.199]
  May 11 12:07:13 mail postfix/smtpd[21921]: F3D8914CDE4: client=nmsh5.e.xyz.com[198.123.160.199]
  May 11 12:07:14 elitus postfix/cleanup[21929]: F3D8914CDE4: message-id=<28F41311-7768-4CB8-8975-3F92D0A98CD8@external.org>
  May 11 12:07:14 mail postfix/cleanup[21929]: F3D8914CDE4: message-id=<28F41311-7768-4CB8-8975-3F92D0A98CD8@external.org>
  May 11 12:07:14 elitus opendmarc[24151]: F3D8914CDE4: external.org none
  May 11 12:07:14 mail opendmarc[24151]: F3D8914CDE4: external.org none
  May 11 12:07:14 elitus postfix/qmgr[21914]: F3D8914CDE4: from=<user@external.org>, size=1425, nrcpt=1 (queue active)
  May 11 12:07:14 mail postfix/qmgr[21914]: F3D8914CDE4: from=<user@external.org>, size=1425, nrcpt=1 (queue active)
  May 11 12:07:14 elitus postfix/smtpd[21921]: disconnect from nmsh5.e.xyz.com[198.123.160.199] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
  May 11 12:07:14 mail postfix/smtpd[21921]: disconnect from nmsh5.e.xyz.com[198.123.160.199] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
  May 11 12:07:14 elitus postfix/smtpd[21933]: connect from localhost[127.0.0.1]
  May 11 12:07:14 mail postfix/smtpd[21933]: connect from localhost[127.0.0.1]
  May 11 12:07:14 elitus opendmarc[24151]: ignoring connection from localhost
  May 11 12:07:14 mail opendmarc[24151]: ignoring connection from localhost
  May 11 12:07:14 elitus policyd-spf[21935]: prepend X-Comment: SPF check N/A for local connections - client-ip=127.0.0.1; helo=elitus.x-pec.com; envelope-from=user@external.org; receiver=user@gmail.com
  May 11 12:07:14 mail policyd-spf[21935]: prepend X-Comment: SPF check N/A for local connections - client-ip=127.0.0.1; helo=mail.example.org; envelope-from=user@external.org; receiver=user@gmail.com
  May 11 12:07:14 elitus postfix/smtpd[21933]: E492A14CE00: client=localhost[127.0.0.1]
  May 11 12:07:14 mail postfix/smtpd[21933]: E492A14CE00: client=localhost[127.0.0.1]
  May 11 12:07:14 elitus postsrsd[21938]: srs_forward: <user@external.org> rewritten as <SRS0=rRYH=VT=external.org=user@x-pec.com>
  May 11 12:07:14 mail postsrsd[21938]: srs_forward: <user@external.org> rewritten as <SRS0=rRYH=VT=external.org=user@x-pec.com>
  May 11 12:07:14 elitus postsrsd[21938]: srs_forward: <SRS0=rRYH=VT=external.org=user@x-pec.com> not rewritten: Valid SRS address for <user@external.org>
  May 11 12:07:14 mail postsrsd[21938]: srs_forward: <SRS0=rRYH=VT=external.org=user@x-pec.com> not rewritten: Valid SRS address for <user@external.org>
  May 11 12:07:14 elitus postfix/cleanup[21937]: E492A14CE00: message-id=<28F41311-7768-4CB8-8975-3F92D0A98CD8@external.org>
  May 11 12:07:14 mail postfix/cleanup[21937]: E492A14CE00: message-id=<28F41311-7768-4CB8-8975-3F92D0A98CD8@external.org>
  May 11 12:07:15 elitus postfix/qmgr[21914]: E492A14CE00: from=<SRS0=rRYH=VT=external.org=user@x-pec.com>, size=2091, nrcpt=1 (queue active)
  May 11 12:07:15 mail postfix/qmgr[21914]: E492A14CE00: from=<SRS0=rRYH=VT=external.org=user@x-pec.com>, size=2091, nrcpt=1 (queue active)
  May 11 12:07:15 elitus postfix/smtpd[21933]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
  May 11 12:07:15 mail postfix/smtpd[21933]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
  May 11 12:07:15 elitus postfix/smtp[21932]: F3D8914CDE4: to=<user@gmail.com>, orig_to=<user@example.org>, relay=127.0.0.1[127.0.0.1]:10027, delay=1.4, delays=0.91/0.01/0.02/0.44, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E492A14CE00)
  May 11 12:07:15 mail postfix/smtp[21932]: F3D8914CDE4: to=<user@gmail.com>, orig_to=<user@example.org>, relay=127.0.0.1[127.0.0.1]:10027, delay=1.4, delays=0.91/0.01/0.02/0.44, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E492A14CE00)
  May 11 12:07:15 elitus postfix/qmgr[21914]: F3D8914CDE4: removed
  May 11 12:07:15 mail postfix/qmgr[21914]: F3D8914CDE4: removed
  May 11 12:07:15 elitus postfix/smtp[21932]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[74.125.131.27]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
  May 11 12:07:15 mail postfix/smtp[21932]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[74.125.131.27]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
  May 11 12:07:15 elitus postfix/smtp[21932]: E492A14CE00: to=<user@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.131.27]:25, delay=1.2, delays=0.44/0/0.39/0.4, dsn=2.0.0, status=sent (250 2.0.0 OK  1652263635 h15-20020ac24daf000000b004722c9f58d6si1447690lfe.448 - gsmtp)
  May 11 12:07:15 mail postfix/smtp[21932]: E492A14CE00: to=<user@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.131.27]:25, delay=1.2, delays=0.44/0/0.39/0.4, dsn=2.0.0, status=sent (250 2.0.0 OK  1652263635 h15-20020ac24daf000000b004722c9f58d6si1447690lfe.448 - gsmtp)
  May 11 12:07:15 elitus postfix/qmgr[21914]: E492A14CE00: removed
  May 11 12:07:15 mail postfix/qmgr[21914]: E492A14CE00: removed

Revision as of 13:21, 11 May 2022

As discussed on github discussions for postsrsd, it is possible to only perform Sender Rewriting Scheme (SRS) on emails passing through your server destined for an external address, bases solely on the destination email address, ex. user@example.org forwards to user@gmail.com, only match and SRS process the email going to user@gmail.com. 

/etc/postfix/main.cf:

recipient_canonical_maps=tcp:localhost:10002
recipient_canonical_classes=envelope_recipient,header_recipient

virtual_alias_maps = hash:/etc/postfix/virtual-alias
transport_maps = hash:/etc/postfix/transport_srs

/etc/postfix/virtual-alias:

user@example.org              user@gmail.com
name@example.org              name@gmail.com

/etc/postfic/transport_srs:

user@gmail.com              smtp:[127.0.0.1]:10027
name@gmail.com              smtp:[127.0.0.1]:10027

/etc/postfix/master.cf:

cleanup-srs   unix  n       -       -       -       0       cleanup
       -o sender_canonical_maps=hash:/etc/postfix/virtual-alias,tcp:localhost:10001
       -o sender_canonical_classes=envelope_sender

127.0.0.1:10027 inet    n       -       -       -       -       smtpd
       -o cleanup_service_name=cleanup-srs
       -o smtpd_tls_security_level=none
       -o content_filter=smtp:
       # allow for system users sending email to forwarded alias destinations, ex. user@gmail.com etc
       -o smtpd_sender_restrictions=permit_mynetworks,reject
       # allow for inbound email, ex. user@example.org, which alias maps it to forward/relay outbound again, ex. user@gmail.com etc
       -o smtpd_relay_restrictions=permit_mynetworks,reject

Log from working system: 

May 11 12:07:13 mail postfix/smtpd[21921]: connect from nmsh5.e.xyz.com[198.123.160.199]
May 11 12:07:13 mail postfix/smtpd[21921]: Anonymous TLS connection established from nmsh5.e.xyz.com[198.123.160.199]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
May 11 12:07:13 mail policyd-spf[21927]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=198.123.160.199; helo=nmsh5.e.xyz.com; envelope-from=user@external.org; receiver=user@example.org
May 11 12:07:13 mail postfix/smtpd[21921]: F3D8914CDE4: client=nmsh5.e.xyz.com[198.123.160.199]
May 11 12:07:14 mail postfix/cleanup[21929]: F3D8914CDE4: message-id=<28F41311-7768-4CB8-8975-3F92D0A98CD8@external.org>
May 11 12:07:14 mail opendmarc[24151]: F3D8914CDE4: external.org none
May 11 12:07:14 mail postfix/qmgr[21914]: F3D8914CDE4: from=<user@external.org>, size=1425, nrcpt=1 (queue active)
May 11 12:07:14 mail postfix/smtpd[21921]: disconnect from nmsh5.e.xyz.com[198.123.160.199] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
May 11 12:07:14 mail postfix/smtpd[21933]: connect from localhost[127.0.0.1]
May 11 12:07:14 mail opendmarc[24151]: ignoring connection from localhost
May 11 12:07:14 mail policyd-spf[21935]: prepend X-Comment: SPF check N/A for local connections - client-ip=127.0.0.1; helo=mail.example.org; envelope-from=user@external.org; receiver=user@gmail.com
May 11 12:07:14 mail postfix/smtpd[21933]: E492A14CE00: client=localhost[127.0.0.1]
May 11 12:07:14 mail postsrsd[21938]: srs_forward: <user@external.org> rewritten as <SRS0=rRYH=VT=external.org=user@x-pec.com>
May 11 12:07:14 mail postsrsd[21938]: srs_forward: <SRS0=rRYH=VT=external.org=user@x-pec.com> not rewritten: Valid SRS address for <user@external.org>
May 11 12:07:14 mail postfix/cleanup[21937]: E492A14CE00: message-id=<28F41311-7768-4CB8-8975-3F92D0A98CD8@external.org>
May 11 12:07:15 mail postfix/qmgr[21914]: E492A14CE00: from=<SRS0=rRYH=VT=external.org=user@x-pec.com>, size=2091, nrcpt=1 (queue active)
May 11 12:07:15 mail postfix/smtpd[21933]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
May 11 12:07:15 mail postfix/smtp[21932]: F3D8914CDE4: to=<user@gmail.com>, orig_to=<user@example.org>, relay=127.0.0.1[127.0.0.1]:10027, delay=1.4, delays=0.91/0.01/0.02/0.44, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E492A14CE00)
May 11 12:07:15 mail postfix/qmgr[21914]: F3D8914CDE4: removed
May 11 12:07:15 mail postfix/smtp[21932]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[74.125.131.27]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
May 11 12:07:15 mail postfix/smtp[21932]: E492A14CE00: to=<user@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.131.27]:25, delay=1.2, delays=0.44/0/0.39/0.4, dsn=2.0.0, status=sent (250 2.0.0 OK  1652263635 h15-20020ac24daf000000b004722c9f58d6si1447690lfe.448 - gsmtp)
May 11 12:07:15 mail postfix/qmgr[21914]: E492A14CE00: removed
Retrieved from "https://beta.ivc.no/wiki/index.php?title=Postfix_SRS_Only_Forwarded_Emails&oldid=13580"