Loading ...
Sorry, an error occurred while loading the content.

Routing Control of locally generated bounces in Postfix

Expand Messages
  • nullnullachtfuenfzehn@...
    Hi, my Question is: Is it possible to implement routing control of locally generated bounces in Postfix - WITHOUT impact to remotely generated bounces? And in
    Message 1 of 7 , Apr 17, 2013
    • 0 Attachment
      Hi,

      my Question is: Is it possible to implement routing control of locally generated bounces in Postfix - WITHOUT impact to remotely generated bounces?
      And in case it is: How can this be accomplished?

      Thanks for any hint
    • Viktor Dukhovni
      ... What problem are you trying to solve (what is your actual end-goal)? What is routing control ? -- Viktor.
      Message 2 of 7 , Apr 17, 2013
      • 0 Attachment
        On Wed, Apr 17, 2013 at 12:11:52PM +0200, nullnullachtfuenfzehn@... wrote:

        > my Question is: Is it possible to implement routing control of
        > locally generated bounces in Postfix - WITHOUT impact to remotely
        > generated bounces?
        > And in case it is: How can this be accomplished?

        What problem are you trying to solve (what is your actual end-goal)?
        What is "routing control"?

        --
        Viktor.
      • nullnullachtfuenfzehn@...
        ... Von: Viktor Dukhovni An: postfix-users@postfix.org Datum: 17.04.2013 17:40 Betreff: Re: Routing Control of locally
        Message 3 of 7 , Apr 18, 2013
        • 0 Attachment
          ----- Original Nachricht ----
          Von: Viktor Dukhovni <postfix-users@...>
          An: postfix-users@...
          Datum: 17.04.2013 17:40
          Betreff: Re: Routing Control of locally generated bounces in Postfix

          > On Wed, Apr 17, 2013 at 12:11:52PM +0200, nullnullachtfuenfzehn@...
          > wrote:
          >
          > > my Question is: Is it possible to implement routing control of
          > > locally generated bounces in Postfix - WITHOUT impact to remotely
          > > generated bounces?
          > > And in case it is: How can this be accomplished?
          >
          > What problem are you trying to solve (what is your actual end-goal)?


          The scenario is: 2 private organistations in 2 networks (let´s name them A and B), each with its own DNS servers serving the same tld and completely independent from each other.
          Not all of the DNS servers allow zone transfers to extract all MX records and build upon that information full-fledged transport tables.
          All mail between the 2 organisations is routed through our Postfix.

          The Postfix server has a multi instance setup.
          One instance receives only mail from senders in network A for recipients in network B and relays all mail to a relayhost which uses DNS servers located in network B.
          The other instance receives only mail from senders in network B for recipients in network A.
          The Postfix uses DNS servers located in network A.

          The problem happens with mail sent from network B to network A and locally generated bounces.
          Because the postfix host uses DNS servers located in network A and the lack of some MX records in network B to build full-fledged transport tables of domains in network B, some bounces can not be delivered.
          Log file analysis could identify the missing MX records in network B but would be a long lasting process and at least the first bounce can not be delivered.
          I tried sender_dependent_relayhost_maps, but because it works on the envelope sender address, locally generated bounces to recipients in network B and remotely in network B generated bounces to recipients in network A are treated the same way.
          If sender_dependent_relayhost_maps would also examine the From header it would be the perfect solution to this problem.


          > What is "routing control"?

          I meant different routing for locally generated bounces.


          Peter

          >
          > --
          > Viktor.
          >
        • Viktor Dukhovni
          ... Your description is too sketchy. Please choose appropriate domain names under example.com, example.net, example.org, ... (if the real domain names are
          Message 4 of 7 , Apr 18, 2013
          • 0 Attachment
            On Thu, Apr 18, 2013 at 10:32:25AM +0200, nullnullachtfuenfzehn@... wrote:

            > > What problem are you trying to solve (what is your actual end-goal)?
            >
            > The Postfix server has a multi instance setup.
            >
            > One instance receives only mail from senders in network A for
            > recipients in network B and relays all mail to a relayhost which
            > uses DNS servers located in network B.

            Your description is too sketchy. Please choose appropriate domain
            names under example.com, example.net, example.org, ... (if the real
            domain names are sensitive) that make it clear what sender and
            recipient addresses look like in each direction.

            You should be able to the right thing with transport_maps, but specific
            guidane requires a less vague description.

            --
            Viktor.
          • nullnullachtfuenfzehn@...
            ... My apologies, I try to be more detailed. 2 organisations in 2 private networks. 2 private DNS setups in both organisations, completely independant from
            Message 5 of 7 , Apr 19, 2013
            • 0 Attachment
              > Your description is too sketchy. Please choose appropriate domain
              > names under example.com, example.net, example.org, ... (if the real
              > domain names are sensitive) that make it clear what sender and
              > recipient addresses look like in each direction.
              >
              > You should be able to the right thing with transport_maps, but specific
              > guidane requires a less vague description.

              My apologies, I try to be more detailed.

              2 organisations in 2 private networks.
              2 private DNS setups in both organisations, completely independant from each other.
              Mail between the 2 organisations is routed via MX lookups which point to our Postfix.

              organisation A has the following MX records in its own DNS:

              @...
              @... <- points to our postfix

              organisation B has the following MX records in its own DNS:

              @...
              @...
              @... <- points to our postfix

              The postfix host uses the DNS in organisation A and has a multi instance setup.

              The first instance routes only mail from A to B. It uses smtpd_sender_restrictions=reject_unknown_sender_domain and relays all mail to a relayhost.
              Everything is fine with this instance.

              The second instance routes only mail from B to A. Destination lookups are done via A´s DNS.
              Everything is fine with mail from senders in @... to recipients in @....
              The problem rises with mail originating from senders in @... to recipients in @....
              Because the destination server in A also does a smtpd_sender_restrictions=reject_unknown_sender_domain and @... is unknown in A´s DNS the sender address is rejected.
              The missing MX Record in A´s DNS is ok, because senders in @... are not supposed to participate mail exchange with @... and vice versa.
              But where to deliver the bounce?
              The postfix host uses A´s DNS and the transport_maps are not complete due to not allowed zone transfers from some DNS servers in B.
              I tried sender_dependent_relayhost_maps but because it only works on the envelope sender, locally and remotely bounces are treated equally.

              My end-goal if possible is: distinguish between remotely and locally generated bounces and send locally generated bounces to a relayhost which can deliver the bounce to recipients in @....
              Can this behavior somehow be accomplished or must I go through the prcoess of log file analysis to identify the missing record @... in transport_maps?

              Peter
            • Timo Röhling
              ... Why exactly is there a bounce in the first place? If the @A1 MX rejects mail from @B2 during the SMTP session, it never receives responsibility for any
              Message 6 of 7 , Apr 19, 2013
              • 0 Attachment
                Am 2013-04-19 12:28, schrieb nullnullachtfuenfzehn@...:
                > The problem arises with mail originating from senders in
                > @... to recipients in @....
                > Because the destination server in A also does a
                > smtpd_sender_restrictions=reject_unknown_sender_domain and
                > @... is unknown in A´s DNS the sender address is rejected.
                > The missing MX Record in A´s DNS is ok, because senders in
                > @... are not supposed to participate mail exchange with
                > @... and vice versa.
                > But where to deliver the bounce?
                Why exactly is there a bounce in the first place? If the @A1 MX rejects
                mail from @B2 during the SMTP session, it never receives responsibility
                for any bounces. Unless of course you accept the mail first and then
                decide later to bounce it. But why would you do that?

                -Timo
              • nullnullachtfuenfzehn@...
                ... Timo you opened my eyes. We have the same DNS information as the destination host has. With smtpd_sender_restrictions=reject_unknown_sender_domain
                Message 7 of 7 , Apr 19, 2013
                • 0 Attachment
                  > Am 2013-04-19 12:28, schrieb nullnullachtfuenfzehn@...:
                  > > The problem arises with mail originating from senders in
                  > > @... to recipients in @....
                  > > Because the destination server in A also does a
                  > > smtpd_sender_restrictions=reject_unknown_sender_domain and
                  > > @... is unknown in A´s DNS the sender address is rejected.
                  > > The missing MX Record in A´s DNS is ok, because senders in
                  > > @... are not supposed to participate mail exchange with
                  > > @... and vice versa.
                  > > But where to deliver the bounce?
                  > Why exactly is there a bounce in the first place? If the @A1 MX rejects
                  > mail from @B2 during the SMTP session, it never receives responsibility
                  > for any bounces. Unless of course you accept the mail first and then
                  > decide later to bounce it. But why would you do that?
                  >

                  Timo you opened my eyes.
                  We have the same DNS information as the destination host has. With smtpd_sender_restrictions=reject_unknown_sender_domain activated in this postfix instance the problem silently disappears.

                  Thanks a lot
                  Peter
                Your message has been successfully submitted and would be delivered to recipients shortly.