From: Johan Vromans on
Hi,

I've been running postfix as my MTA for many years. Recently I
upgraded my main server and now I cannot send mail anymore.

The system is running Fedora 13, with postfix 2.7.0
(postfix-2.7.0-1.fc13.i686). My previous version of postfix was 2.5.
I have a LAN with local DNS that is connected via ADSL to the
internet. As far as the outside world concerns there's only a single
host connected. The output of 'postconf -n' is attached at the end of
this message.

The problem: although I have configured

mydomain = squirrel.nl
myorigin = squirrel.nl

postfix stil uses the real, local hostname in the SMTP envelope:

> EHLO phoenix.squirrel.nl
< 250-smtp-vbr12.xs4all.nl Hello sioban.squirrel.nl [80.101.24.220], pleased to meet you
< 250-ENHANCEDSTATUSCODES
< 250-PIPELINING
< 250-8BITMIME
< 250-SIZE 31457280
< 250-DSN
< 250-AUTH LOGIN PLAIN
< 250-STARTTLS
< 250-DELIVERBY
< 250 HELP
server features: 0x901f size 31457280
Using ESMTP PIPELINING, TCP send buffer size is 4096
> MAIL FROM:<jv(a)phoenix.squirrel.nl> SIZE=694

As you may have guessed, phoenix.squirrel.nl is a local hostname and
not known in the outer world. The xs4all mail server therefore rejects
the mail with

553 5.1.8 jv(a)phoenix.squirrel.nl... Domain of sender address jv(a)phoenix.squirrel.nl does not exist

Since I did not have any problems with outgoing mail before the
upgrade to 2.7 I'm pretty sure that in the older version of postfix
myorigin was applied to the SMTP envelope too,

I temporarily 'fixed' the problem by adding a CNAME for phoenix in the
global DNS but that's not a good solution.

Did I overlook a (new?) config setting?

Thanks for any help,

-- Johan

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias,forward,include
allow_mail_to_files = alias,forward,include
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
luser_relay = jv
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 102400000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname $mydomain localhost localhost.$mydomain vromans.org kensen.org kensen.nl perlsupport.nl perl-support.nl
mydomain = squirrel.nl
myorigin = squirrel.nl
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.7.0/README_FILES
relayhost = [smtp.xs4all.nl]
sample_directory = /usr/share/doc/postfix-2.7.0/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 450

From: Victor Duchovni on
On Tue, Jul 13, 2010 at 09:36:48AM +0200, Johan Vromans wrote:

> Hi,
>
> I've been running postfix as my MTA for many years. Recently I
> upgraded my main server and now I cannot send mail anymore.
>
> The system is running Fedora 13, with postfix 2.7.0
> (postfix-2.7.0-1.fc13.i686). My previous version of postfix was 2.5.
> I have a LAN with local DNS that is connected via ADSL to the
> internet. As far as the outside world concerns there's only a single
> host connected. The output of 'postconf -n' is attached at the end of
> this message.
>
> The problem: although I have configured
>
> mydomain = squirrel.nl
> myorigin = squirrel.nl
>
> > MAIL FROM:<jv(a)phoenix.squirrel.nl> SIZE=694
>

Postfix only uses myorigin to qualify *bare* email addresses. If the
application that submits the mail into Postfix (via SMTP or sendmail(1))
already specified a domain name, Postfix is not going to change that
by default.

http://www.postfix.org/ADDRESS_REWRITING_README.html
http://www.postfix.org/postconf.5.html#myorigin
http://www.postfix.org/postconf.5.html#canonical_maps
http://www.postfix.org/postconf.5.html#smtp_generic_maps

You can also use masquerade_domains, but my personal view is that this
mechanism (like other wild-card rewrites) is a legacy that plays poorly
with recipient validation, and is difficult to use correctly on an
integrated gateway that handles mail to and from the Internet.

--
Viktor.

From: Johan Vromans on
Victor Duchovni <Victor.Duchovni(a)morganstanley.com> writes:

> Postfix only uses myorigin to qualify *bare* email addresses. If the
> application that submits the mail into Postfix (via SMTP or sendmail(1))
> already specified a domain name, Postfix is not going to change that
> by default.

Ok.

> You can also use masquerade_domains, but my personal view is that this
> mechanism (like other wild-card rewrites) is a legacy that plays poorly
> with recipient validation, and is difficult to use correctly on an
> integrated gateway that handles mail to and from the Internet.

For the time being, setting masquerade_domains to $mydomain solves the
problem at hand. I'll look into the other alternatives to see if they
suit better.

The question remains: was this a deliberate change in 2.6 or 2.7? I
double checked and verified that postfix 2.5 generates the 'right'
domain names in the MAIL FROM, even without masquerade_domains being
set.

Thanks for your time and patience,

-- Johan

From: Victor Duchovni on
On Tue, Jul 13, 2010 at 05:47:12PM +0200, Johan Vromans wrote:

> The question remains: was this a deliberate change in 2.6 or 2.7? I
> double checked and verified that postfix 2.5 generates the 'right'
> domain names in the MAIL FROM, even without masquerade_domains being
> set.

Postfix address rewriting did not change between these releases. In
fact, $myorigin processing has only changed once since 1.0, when
"local" vs. "remote" rewriting contexts were introduced in Postfix 2.2

http://www.postfix.org/postconf.5.html#local_header_rewrite_clients

You clearly also changed the application that injects email into Postfix.

--
Viktor.

From: Wietse Venema on
Johan Vromans:
> double checked and verified that postfix 2.5 generates the 'right'
> domain names in the MAIL FROM, even without masquerade_domains being
> set.

Again, Postfix does not change the MAIL FROM domain unless you
configure it otherwise.

Wietse