1

Topic: Weird (?) postfix rewriting of invalid domains on incoming email

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? Old installer
- Linux/BSD distribution name and version: Ubuntu 16.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have a single incoming email that has shown some curious rewriting behaviour in postfix that I don't really understand. The logs don't really seem to provide any helpful insight - I may need to log more verbosely and try to reproduce the behaviour but I wondered if the behaviour had been seen before.

I run a few mail domains on my server: call them domain1.com, domain2.com ...
Let's say the mail server itself has hostname / DNS: mail.domain.com

I received an email today, along with some colleagues on other external services, from outside. My address details were correct and the email was delivered through postfix into dovecot on my domain.

However, one of the other To: email address had an invalid domain, call it email@baddomain.com, which has no MX records available. Of course, I received my copy and my colleagues received their copies and I suppose the original sender received a bounce of some sort.

For some reason I don't understand, my postfix rewrote the baddomain.com incoming address, changing it to email@mail.domain.com in the email in my mailbox. When I did a reply-all, my server then threw an error message because email@mail.domain.com (of course) doesn't exist.

It's not a big problem, because you can edit the addressees and delete the problem name when you know it is there - but I'd prefer a more robust solution.

Looking at the replies received from colleagues, a few have mail servers that replace email@baddomain.com with IMCEAINVALID-email@baddomain.com - is that a way that certain other products handle this? Others seem to have just dropped the offending address.

Any thoughts on this puzzle, please?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Weird (?) postfix rewriting of invalid domains on incoming email

martinveasey wrote:

For some reason I don't understand, my postfix rewrote the baddomain.com incoming address, changing it to email@mail.domain.com in the email in my mailbox. When I did a reply-all, my server then threw an error message because email@mail.domain.com (of course) doesn't exist.

Please check mail header, does it have header "From: email@mail.domain.com" or "From: email@mail.domain.com <email@baddomain.com"?

3

Re: Weird (?) postfix rewriting of invalid domains on incoming email

Thanks for getting back to me. Not sure I explained too well.

The email comes from a real person and is addressed to me correctly. The problem address is one of the other recipients on the email and therefore doesn't appear in the From: header. Headers looks a bit like this:

Return-Path: <realperson@client.com>
Delivered-To: martin@domain.com
Received: from mail.domain.com (localhost [127.0.0.1])
    by mail.domain.com (Postfix) with ESMTP id 2D1FB879CB
    for <martin@domain.com>; Wed,  2 Jan 2019 15:11:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mail.domain.com
Authentication-Results: mail.domain.com (amavisd-new);
    dkim=pass (2048-bit key)
Received: from mail.domain.com ([127.0.0.1])
    by mail.domain.com (mail.domain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id Mhw7HX7dAJLk for <martin@domain.com>;
    Wed,  2 Jan 2019 15:11:05 +0000 (UTC)
Received: from xxx.xxx.xxx
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by mail.domain.com (Postfix) with ESMTPS id C8CE482748
    for <martin@domain.com>; Wed,  2 Jan 2019 15:11:05 +0000 (UTC)
From: "Real Person" <realperson@client.com>
To: "Recipient 1" <recipient1@...>,
    martin@domain.com,
    "Recipient 2" <recipient2@...>,
    "Recipient 3" <recipient3@...>,
    "Recipient 4" <recipient4@...>,
    email@mail.domain.com, ...

4

Re: Weird (?) postfix rewriting of invalid domains on incoming email

I'm afraid that i'm lost, i didn't understand what the issue is sad

5

Re: Weird (?) postfix rewriting of invalid domains on incoming email

ZhangHuangbin wrote:

I'm afraid that i'm lost, i didn't understand what the issue is sad

Thanks for looking at this - I don't think I've explained it very well.

I can't see anything odd in my setup and the postfix help files haven't helped me yet. I also haven't been able to replicate my problem using test (i.e. non-client) emails. My client knows that there is some sort of internal domain leakage at their end and are looking at it.

Let's close this question for now and, if I get any insights, I'll share.

Martin