Postfix/AMaViS: no_address_mappings

  • Re :


    Quote
    • We specify "no_unknown_recipient_checks" to disable attempts to find out if a recipient is unknown.
    • We specify "no_header_body_checks" to disable header/body checks.
    • We specify "no_milters" to disable Milter applications (this option is available only in Postfix 2.3 and later)


    These parameters are optional. The no_header_body_checks and no_milters are ineffective with i-MSCP because we are not using any body check map, nor the milter service.


    About the no_unknown_recipient_checks parameter, we already disable the smtp restrictions so I think that the result is same.


    Quote


    We don't specify "no_address_mappings" here. This enables virtual alias expansion, canonical mappings, address masquerading, and other address mappings after the content filter. The main.cf setting of "receive_override_options" disables these mappings before the content filter.


    If I understand well, this parameter is useless since these mappings are already disabled in main.cf. Well, we can remove this parameter from master.cf if you want.


    Thank you for using i-MSCP

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().

  • In this case I think it is less important which parameters are there, but more important which are not :)


    How I understand it (correct me if I am wrong)


    Before Content Filter
    The follwing disables the address mapping

    Code
    1. receive_override_options=no_address_mappings


    If it is defined in main.cf it is valid for ALL services in the master.cf. If it is only disabled in the master.cf it is only for the services where it is specified.
    I am not sure which one is the correct solution, because you find both in different manuals/docs :D


    After Content Filter
    The 10025 service is the one after amavis, so when postfix gets the mails through this port, the address mapping should be activated again.
    Now comes the part where I am still not 100% sure, but as the 10025 service is defined in master.cf it inherits the settings from main.cf, so if address mapping was disabled there, it woulds still be. Therefore it is enabled again by setting

    Code
    1. receive_override_options=no_unknown_recipient_checks,no_header_body_checks


    I suppose you could also do:

    Code
    1. receive_override_options=


    Both will override the previously set value (which is address mapping disabled)
    If in the step "Before Content Filter" the disabling was done not globally but only in master.cf, then I am not sure if the value on 10025 is inherited from the mail flow, or if it is already disabled. I suppose it already is disabled and that's why in my tests it made no difference if I enabled the mapping again or not. I have to do some tests tomorrow how it looks with a gloablly disabled address mapping.


    Why is postfix so complicated? :D

  • Ok, I did some further tests :)


    Test setup are 2 domain emails [email protected], [email protected] with an additional forwarding from one->two


    To test a mail to [email protected] is sent. Expected result is the same mail in both inboxes.


    [size=medium]1. Only content filtering[/size]
    First let's enable amavis in the main.cf

    Code
    1. content_filter = amavis:[127.0.0.1]:10024


    This enables content filtering on all the postfix services defined in the master.cf


    With only this setup the previously mentioned mail duplication happens.
    - Mail arrives at [email protected] and 2 times on [email protected]
    - Input service does not matter (pickup/smtp/..)


    [size=medium]2. Disable address mapping in main.cf[/size]
    Now let's disable the address mapping in the main.cf

    Code
    1. receive_override_options = no_address_mappings


    Result:
    - Mail arrives only at [email protected]
    - Input service does not matter (pickup/smtp/..)


    [size=medium]3. Enable address mapping in master.cf[/size]
    Obviously address mapping is not working anymore. So we enable it again for the service which gets the mails after amavis is done.
    In master.cf:

    Code
    1. localhost:10025 inet n - n - - smtpd -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks


    or: (makes no difference regarding the enabling of address mapping. Above is just for better performance because some already done checks are disabled.)

    Code
    1. localhost:10025 inet n - n - - smtpd -o receive_override_options=


    Result:
    - Mail arrives once at [email protected] and once at [email protected]
    - Input service does not matter (pickup/smtp/..)




    Ok, now some variations:
    Revert step 3 and 2 and do the following instead:


    [size=medium]2b. Disable address mapping in master.cf[/size]
    Now let's try to disable the address mapping in the master.cf

    Code
    1. smtp inet n - - - - smtpd
    2. -o receive_override_options=no_address_mappings


    Result:
    - Mail arrives once at [email protected] and once at [email protected] (if received through smtp)
    - Input service now matters! Because only set for smtp it only works for mails received through port 25. Mails from local pickup service are duplicated!


    [size=medium]3b. Enable address mapping in master.cf[/size]
    Do the same as in step 3 above.


    Result: same as in 2b



    [size=medium]Conclusion:[/size]
    If address mapping is disabled in main.cf you have to enable it again in master.cf service 10025. If it is only disabled in master.cf there seems to be no need to activate it again in master.cf on service 10025.