DevHeads.net

postfix aliases not functioning with dovecot LDA; want to forward to command

I'm trying to use postforward[1] to use SRS on a small percentage of my
users to send their mail to their personal Gmail accounts. (Postforward
is specified as a command to run in /etc/mail/aliases.) I had this
working until I switched to using Dovecot's LMTP client as the LDA
(wanted sieve support).
I now get errors from Dovecot that indicate /etc/mail/aliases aren't
getting triggered. I'm not sure if this is a configuration error or
expected.
I'd also accept alternate methods for running a command for these
specific users.

Note: I've got a simple content_filter script that normally runs mail
through spamassassin, but I have it just re-inject e-mails that are
going to local accounts that start with "srsforward-" as they are
presumed to be forwarding aliases.

Example from log, 0ABD07602C8 is before content_filter, 908327619CD is
after, EEEEEEE.com is in /etc/postfix/virtual_mail_domains:

========================================================================
Jun 8 11:27:41 kant postfix/smtpd[9605]: connect from
omp.em.art.com[199.7.202.221]
Jun 8 11:27:42 kant postfix/smtpd[9605]: 0ABD07602C8:
client=omp.em.art.com[199.7.202.221]
Jun 8 11:27:42 kant postfix/cleanup[17909]: 0ABD07602C8:
message-id=<0.1.4F1.A7C.1D51E0EB618F9F2. ... at omp dot em.art.com>
Jun 8 11:27:42 kant postfix/qmgr[2601]: 0ABD07602C8:
from=<artcom. ... at envfrm dot rsys5.com>, size=53627, nrcpt=1 (queue active)
Jun 8 11:27:42 kant postfix/content_filter[17919]: 0ABD07602C8:
srsforward-AAAAAAAAAADD-at-gmail.com: /etc/postfix/spamassassin.sh:
skipping filtering because message appears to be using SRSForward
(SPAMUSER: srsforward-AAAAAAAAAADD-at-gmail.com), passing directly to
/usr/sbin/sendmail -G -oi -f <a href="mailto:artcom. ... at envfrm dot rsys5.com">artcom. ... at envfrm dot rsys5.com</a> <a href="mailto: ... at EEEEEEE dot com"> ... at EEEEEEE dot com</a>
Jun 8 11:27:42 kant postfix/pickup[13675]: 908327619CD: uid=111
from=<artcom. ... at envfrm dot rsys5.com>
Jun 8 11:27:42 kant postfix/pipe[17912]: 0ABD07602C8:
to=<srsforward-AAAAAAAAAADD-at-gmail. ... at mx1 dot DAAAAAA.com>,
orig_to=< ... at EEEEEEE dot com>, relay=spamfilter, delay=0.81,
delays=0.78/0/0/0.02, dsn=2.0.0, status=sent (delivered via spamfilter
service)
Jun 8 11:27:42 kant postfix/qmgr[2601]: 0ABD07602C8: removed
Jun 8 11:27:42 kant postfix/cleanup[17909]: 908327619CD:
message-id=<0.1.4F1.A7C.1D51E0EB618F9F2. ... at omp dot em.art.com>
Jun 8 11:27:42 kant postfix/qmgr[2601]: 908327619CD:
from=<artcom. ... at envfrm dot rsys5.com>, size=53996, nrcpt=1 (queue active)
Jun 8 11:27:42 kant dovecot[5167]: lmtp(17924): Connect from local
Jun 8 11:27:42 kant postfix/lmtp[17923]: 908327619CD:
to=<srsforward-AAAAAAAAAADD-at-gmail. ... at mx1 dot DAAAAAA.com>,
orig_to=< ... at EEEEEEE dot com>, relay=mx1.DAAAAAA.com[private/lmtp-dovecot],
delay=0.04, delays=0.01/0/0.01/0.02, dsn=5.1.1, status=bounced (host
mx1.DAAAAAA.com[private/lmtp-dovecot] said: 550 5.1.1
<srsforward-AAAAAAAAAADD-at-gmail. ... at mx1 dot DAAAAAA.com> User doesn't
exist: <a href="mailto:srsforward-AAAAAAAAAADD-at-gmail. ... at mx1 dot DAAAAAA.com">srsforward-AAAAAAAAAADD-at-gmail. ... at mx1 dot DAAAAAA.com</a> (in reply to
RCPT TO command))
Jun 8 11:27:42 kant dovecot[5167]: lmtp(17924): Disconnect from local:
Client has quit the connection (state=READY)
Jun 8 11:27:42 kant postfix/cleanup[17909]: 98EC77619BD:
message-id=<20190608152742. ... at mx1 dot DAAAAAA.com>
Jun 8 11:27:42 kant postfix/bounce[17927]: 908327619CD: sender
non-delivery notification: 98EC77619BD
Jun 8 11:27:42 kant postfix/qmgr[2601]: 98EC77619BD: from=<>,
size=4706, nrcpt=1 (queue active)
Jun 8 11:27:42 kant postfix/qmgr[2601]: 908327619CD: removed
Jun 8 11:27:42 kant postfix/smtpd[9605]: disconnect from
omp.em.art.com[199.7.202.221] ehlo=2 starttls=1 mail=1 rcpt=1 data=1
quit=1 commands=7
========================================================================

Relevant line from /etc/postfix/virtual:
========================================================================
<a href="mailto: ... at EEEEEEE dot com"> ... at EEEEEEE dot com</a> srsforward-AAAAAAAAAADD-at-gmail.com
========================================================================

And from /etc/mail/aliases:
========================================================================
srsforward-AAAAAAAAAADD-at-gmail.com: "|/usr/sbin/postforward
... at gmail dot com"
========================================================================

postconf -n
========================================================================
alias_maps = hash:/etc/mail/aliases
append_dot_mydomain = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
ec2_mx_class = check_client_access cidr:/etc/postfix/ec2-mx.cidr
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = .maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_transport = lmtp:unix:private/lmtp-dovecot
mail_owner = postfix
mailbox_size_limit = 314572800
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
message_size_limit = 52428800
meta_directory = /etc/postfix
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = DAAAAAA.com
myhostname = mx1.DAAAAAA.com
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = no
recipient_canonical_classes = envelope_recipient,header_recipient
recipient_canonical_maps = tcp:localhost:10002
recipient_delimiter = +
relay_domains = $mydestination BBBB.us CCCCCCCCCCC.org
relay_recipient_maps = hash:/etc/postfix/relay_recipients
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix/${mail_version}
smtp_tls_CApath = /etc/ssl/certs/
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_connection_count_limit = 20
smtpd_client_connection_rate_limit = 100
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
regexp:/etc/postfix/helo.regexp, permit
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
unix:/var/run/clamav/clamav-milter.sock
smtpd_recipient_restrictions = check_client_access
hash:/etc/postfix/helo_client_exceptions, check_sender_access
hash:/etc/postfix/sender_checks, reject_invalid_hostname,
permit_sasl_authenticated, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
permit_mynetworks, reject_unauth_destination, check_recipient_access
hash:/etc/postfix/rcpt_classes, check_policy_service {
inet:127.0.0.1:2501, default_action=DUNNO } check_client_access
hash:/etc/postfix/rbl_client_exceptions, reject_rbl_client
cbl.abuseat.org, reject_rbl_client b.barracudacentral.org,
smtpd_relay_restrictions =
smtpd_restriction_classes = ec2_mx_class
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_cert_file = /etc/letsencrypt/live/secure.DAAAAAA.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/ssl/postfix/dhparams.pem
smtpd_tls_key_file = /etc/letsencrypt/live/secure.DAAAAAA.com/privkey.pem
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4,
MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5,
CBC3-SHA
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
smtputf8_enable = no
spamfilter_destination_recipient_limit = 1
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
virtual_alias_domains = /etc/postfix/virtual_mail_domains
virtual_alias_maps = regexp:/etc/postfix/virtual.regexp,
hash:/etc/postfix/virtual
========================================================================

postconf -Mf
========================================================================
smtp inet n - n - - smtpd
-o content_filter=spamfilter
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o content_filter=spamfilter
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
spamfilter unix - n n - - pipe flags=RqO
user=spamd argv=/etc/postfix/spamassassin.sh ${user} ${queue_id} -G
-oi -f
${sender} ${original_recipient}
========================================================================

Thanks in advance.

-- Philippe Chaintreuil

[1] <a href="https://github.com/zoni/postforward" title="https://github.com/zoni/postforward">https://github.com/zoni/postforward</a>

Comments

Re: postfix aliases not functioning with dovecot LDA; want to fo

By Noel Jones at 06/10/2019 - 10:19

On 6/10/2019 8:51 AM, Philippe Chaintreuil wrote:
This is expected. /etc/aliases support is provided by the
postfix/local delivery agent, which you are no longer using.

Implement your external commands in sieve.

-- Noel Jones

Re: postfix aliases not functioning with dovecot LDA; want to fo

By Philippe Chaintreuil at 06/11/2019 - 08:48

On 6/10/2019 10:19 AM, Noel Jones wrote:
Thanks.

That's kind of what I suspected, but I had run into several posts
across the internet that made it seem like aliases still ran anyway for
some reason.

-- Philippe Chaintreuil

Re: postfix aliases not functioning with dovecot LDA; want to fo

By Wietse Venema at 06/11/2019 - 09:34

Philippe Chaintreuil:
The $alias_maps setting is used by the local(8) delivery agent
only. Documents that say otherwise are incorrect.

Wietse