Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endless loop #140

Open
nd1012 opened this issue Feb 23, 2023 · 2 comments
Open

Endless loop #140

nd1012 opened this issue Feb 23, 2023 · 2 comments
Labels
configuration Postfix or configuration issue

Comments

@nd1012
Copy link

nd1012 commented Feb 23, 2023

Hi,

I'm using postsrsd since some years now on several MTAs, but today I had a strange behavior (the daemon is configured as documented btw.). This is how an incoming email is being processed:

  1. MX is an antispam system, which forwards to the SRS MTA (the antispam system is whitelisted here)
  2. The SRS MTA is responsible for email delivery and sends all outgoing email using the antispam system as SMTP relay

Today a spam email found its way trough the antispam system, targeting a non-existing alias of the used SRS domain (which should bounce, actually). Now this happened:

  1. Antispam system forwarded email from [email protected] to the SRS MTA
  2. SRS MTA rewrote the sender address to SRS...spammer.tld=[email protected] and sends it using the antispam system as SMTP relay to its own SRS domain MX (!?)
  3. Antispam system forwarded the email using the SRS rewritten sender back to the SRS MTA
  4. SRS MTA is happy about the valid SRS sender and doesn't rewrite again, but still sends it using the antispam system as SMTP relay to its own SRS domain again (!?)

Then this loops endless from point 3. Usually I assumed if the recipient email alias wasn't found at the SRS MTA, the email should be bounced here (this is how it is configured and it works with non-SRS domains). But instead the sender is being rewritten, if required, and the email is being sent again - so Postfix stops the processing at that point, and there is no local recipient alias validation using the virtual maps anymore.

Now I try to find a way to fix that problem... Do you have any idea what could be wrong, why that nasty loop happens?
@roehling
Copy link
Owner

Off the top of my head, the fact that the SRS MTA treats srsdomain.tld as a relay domain looks fishy. If I understand your setup correctly, one of two things should happen for any mail addressed to that domain:

  1. The recipient is a valid SRS alias, PostSRSd rewrites it to the actual destination, and the SRS MTA relays it to your antispam system.
  2. The recipient is not a valid SRS alias, PostSRSd will not touch it, and the SRS MTA should either deliver it locally (if it is addressed to a valid local mailbox) or reject it.

What definitely should not happen is that the SRS MTA relays emails for srsdomain.tld which it cannot deliver locally.

@roehling roehling added the configuration Postfix or configuration issue label Mar 7, 2023
@roehling
Copy link
Owner

Did you solve the issue? If yes, I'm curious to know what the problem was.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
configuration Postfix or configuration issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@roehling @nd1012