Loading ...
Sorry, an error occurred while loading the content.

"Received:" headers and mail forwarding loops

Expand Messages
  • Stefan Förster
    When I submit a mail to my Postfix server (using SASL auth over a TLS connection), Postfix adds the following received header: Received: from aletheia.cite.lan
    Message 1 of 3 , Jul 31, 2009
    • 0 Attachment
      When I submit a mail to my Postfix server (using SASL auth over a TLS
      connection), Postfix adds the following received header:

      Received: from aletheia.cite.lan (33.33.33.333.dynamic.cablesurf.de
      [33.33.33.333]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
      (No client certificate requested) by mail.incertum.net (Postfix) with
      ESMTPSA for <cite@...>; Fri, 31 Jul 2009 23:42:33 +0200 (CEST)

      This is working as expected. If I create a new mail and forcibly
      insert the above header before I submit it, I get a NDR saying that
      there is a mail forwarding loop for cite@... - which is
      exactly what I expected, but I'm not 100% sure how this mechanism
      works. So my question is:

      Does Postfix compare both the sending host _and_ the recipient address
      in "Received:" headers? If not, with regard to "Received:" headers,
      which (if any) information is compared to detect a mail forwarding
      loop?


      Cheers
      Stefan
    • Wietse Venema
      ... As documented, Postfix uses Delivered-To: headers for loop detection. Local delivery agent: ===================== prepend_delivered_header (default:
      Message 2 of 3 , Jul 31, 2009
      • 0 Attachment
        Stefan F?rster:
        > When I submit a mail to my Postfix server (using SASL auth over a TLS
        > connection), Postfix adds the following received header:
        >
        > Received: from aletheia.cite.lan (33.33.33.333.dynamic.cablesurf.de
        > [33.33.33.333]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
        > (No client certificate requested) by mail.incertum.net (Postfix) with
        > ESMTPSA for <cite@...>; Fri, 31 Jul 2009 23:42:33 +0200 (CEST)
        >
        > This is working as expected. If I create a new mail and forcibly
        > insert the above header before I submit it, I get a NDR saying that
        > there is a mail forwarding loop for cite@... - which is

        As documented, Postfix uses Delivered-To: headers for loop detection.

        Local delivery agent:
        =====================
        prepend_delivered_header (default: command, file, forward)
        The message delivery contexts where the Postfix local(8) delivery agent
        prepends a Delivered-To: message header with the address that the mail
        was delivered to. This information is used for mail delivery loop
        detection.

        By default, the Postfix local delivery agent prepends a Delivered-To:
        header when forwarding mail and when delivering to file (mailbox) and
        command. Turning off the Delivered-To: header when forwarding mail is
        not recommended.

        Specify zero or more of forward, file, or command.

        Example:

        prepend_delivered_header = forward

        Pipe delivery agent:
        ====================
        flags=BDFORXhqu.> (optional)
        Optional message processing flags. By default, a message is
        copied unchanged.

        ...

        D Prepend a "Delivered-To: recipient" message header with
        the envelope recipient address. Note: for this to work,
        the transport_destination_recipient_limit must be 1 (see
        SINGLE-RECIPIENT DELIVERY above for details).

        The D flag also enforces loop detection (Postfix 2.5 and
        later): if a message already contains a Delivered-To:
        header with the same recipient address, then the message
        is returned as undeliverable. The address comparison is
        case insensitive.

        Wietse

        > exactly what I expected, but I'm not 100% sure how this mechanism
        > works. So my question is:
        >
        > Does Postfix compare both the sending host _and_ the recipient address
        > in "Received:" headers? If not, with regard to "Received:" headers,
        > which (if any) information is compared to detect a mail forwarding
        > loop?
        >
        >
        > Cheers
        > Stefan
        >
        >
      • Stefan Förster
        ... I am very sorry - I had indeed pasted too many lines into my test email. Cheers Stefan
        Message 3 of 3 , Jul 31, 2009
        • 0 Attachment
          * Wietse Venema <wietse@...> wrote:
          > Stefan Förster:
          > > This is working as expected. If I create a new mail and forcibly
          > > insert the above header before I submit it, I get a NDR saying that
          > > there is a mail forwarding loop for cite@... - which is
          >
          > As documented, Postfix uses Delivered-To: headers for loop detection.

          I am very sorry - I had indeed pasted too many lines into my test
          email.


          Cheers
          Stefan
        Your message has been successfully submitted and would be delivered to recipients shortly.