Mailcow-dockerized: Transport map * routes MailCow own domains
Hello,
Prior to placing the issue, please check following: (fill out each checkbox with a X once done)
- [x] I understand that not following below instructions might result in immediate closing and deletion of my issue.
- [X] I have understood that answers are voluntary and community-driven, and not commercial support.
- [X] I have verified that my issue has not been already answered in the past. I also checked previous issues.
Description of the bug: What kind of issue have you exactly come across?
When using a Transport Map with "*" destination, MailCow's managed domain are also routed to this address. It breaks MailCow's mailboxes because when incoming mail arrives, it bounces back between next hop and mailcow itself.
Sender-dependent transports cannot be used in my case because I also want my aliases to go through an external SMTP server (as port 25 is blocked on my ISP).
Reproduction of said bug: How exactly do you reproduce the bug?
Create a transport-map with Destination "*" and an external Next hop (MailGun in my case).
Send an email to a MailCow account from an external provider.
System information
Further information (where applicable):
| Question | Answer |
| --- | --- |
| My operating system | CentOS 7 |
| Is Apparmor, SELinux or similar active? | No |
| Virtualization technlogy (KVM, VMware, Xen, etc) | VMware vSphere |
| Server/VM specifications (Memory, CPU Cores) | 2vCPU, 4GB ram |
| Docker Version (docker version) | 19.03.2 |
| Docker-Compose Version (docker-compose version) | 1.24.1 |
| Reverse proxy (custom solution) | HAProxy |
Further notes:
- Output of
git diff origin/master, any other changes to the code? If so, please post them. - All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help _us_ to help _you_:
iptables -L -vn,ip6tables -L -vn,iptables -L -vn -t natandip6tables -L -vn -t nat - Check
docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254(set the IP accordingly, if you changed the internal mailcow network) anddocker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @1.1.1.1- output? Timeout?
Postfix logs:
Dec 13 13:37:01 mail postfix/postscreen[12929]: CONNECT from [209.85.222.172]:35550 to [172.22.1.12]:25
Dec 13 13:37:01 mail postfix/postscreen[12929]: WHITELISTED [209.85.222.172]:35550
Dec 13 13:37:03 mail postfix/smtpd[12931]: connect from mail-qk1-f172.google.com[209.85.222.172]
Dec 13 13:37:04 mail postfix/smtpd[12931]: Anonymous TLS connection established from mail-qk1-f172.google.com[209.85.222.172]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Dec 13 13:37:04 mail postfix/smtpd[12931]: 6AD118C26F0: client=mail-qk1-f172.google.com[209.85.222.172]
Dec 13 13:37:04 mail postfix/cleanup[12936]: 6AD118C26F0: message-id=<CAK_xSPsrLmoH4-bgFMjgoqjCf3pnMajBX1iet5UgxdOj48bJYA@mail.gmail.com>
Dec 13 13:37:13 mail postfix/qmgr[348]: 6AD118C26F0: from=<sender_email>, size=9029, nrcpt=1 (queue active)
Dec 13 13:37:13 mail postfix/smtpd[12931]: disconnect from mail-qk1-f172.google.com[209.85.222.172] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Dec 13 13:37:15 mail postfix/smtp[12937]: Trusted TLS connection established to smtp.eu.mailgun.org[3.121.92.52]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 13 13:37:15 mail postfix/smtp[12937]: 6AD118C26F0: to=<mailcow_email>, relay=smtp.eu.mailgun.org[3.121.92.52]:587, delay=11, delays=9/0.05/1.7/0.43, dsn=2.0.0, status=sent (250 Great success)
Dec 13 13:37:15 mail postfix/qmgr[348]: 6AD118C26F0: removed
...
Dec 13 13:39:17 mail postfix/smtpd[12931]: 79C938C26F0: client=m32-19.eu.mailgun.net[141.193.32.19]
Dec 13 13:39:17 mail postfix/cleanup[12936]: 79C938C26F0: message-id=<CAK_xSPsrLmoH4-bgFMjgoqjCf3pnMajBX1iet5UgxdOj48bJYA@mail.gmail.com>
Dec 13 13:39:17 mail postfix/qmgr[348]: 79C938C26F0: from=<bounce+007ad6.5ac5f-redacted>, size=66083, nrcpt=1 (queue active)
Dec 13 13:39:18 mail postfix/smtp[12937]: Trusted TLS connection established to smtp.eu.mailgun.org[54.93.138.41]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 13 13:39:18 mail postfix/smtp[12937]: 79C938C26F0: to=<mailcow_email>, relay=smtp.eu.mailgun.org[54.93.138.41]:587, delay=0.87, delays=0.5/0/0.18/0.19, dsn=2.0.0, status=sent (250 Great success)
Dec 13 13:39:18 mail postfix/qmgr[348]: 79C938C26F0: removed
Dec 13 13:39:19 mail postfix/smtpd[12931]: 3742A8C26F0: client=m32-19.eu.mailgun.net[141.193.32.19]
Dec 13 13:39:19 mail postfix/cleanup[12936]: 3742A8C26F0: message-id=<CAK_xSPsrLmoH4-bgFMjgoqjCf3pnMajBX1iet5UgxdOj48bJYA@mail.gmail.com>
Dec 13 13:39:19 mail postfix/qmgr[348]: 3742A8C26F0: from=<bounce+007ad6.5ac5f-redacted>, size=68624, nrcpt=1 (queue active)
Dec 13 13:39:19 mail postfix/smtp[12937]: Trusted TLS connection established to smtp.eu.mailgun.org[54.93.138.41]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 13 13:39:19 mail postfix/smtp[12937]: 3742A8C26F0: to=<mailcow_email>, relay=smtp.eu.mailgun.org[54.93.138.41]:587, delay=0.76, delays=0.36/0/0.21/0.19, dsn=2.0.0, status=sent (250 Great success)
Dec 13 13:39:19 mail postfix/qmgr[348]: 3742A8C26F0: removed
Dec 13 13:39:20 mail postfix/smtpd[12931]: 0A0F28C26F0: client=m32-19.eu.mailgun.net[141.193.32.19]
Dec 13 13:39:20 mail postfix/cleanup[12936]: warning: 0A0F28C26F0: message rejected: hopcount exceeded
Shouldn't domains handled by MailCow have a specific transport map to avoid this issue ?
Hakujou
All 6 comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 11 Feb 2020
Hello,
Can I get some help on this?
Thanks
Hakujou
on 11 Feb 2020
This is exactly what happens with "*", that's default Postfix behavior. Not sure what you try to archive. :/ This is not a bug, but expected.
andryyy
on 2 Mar 2020
Hi, this can be achieved by modifying data/conf/postfix/custom_transport.pcre and adding a line such as: /example.com$/ :
There's more info in the postfix documentation:
In order to deliver internal mail directly, while using a mail relay for all other mail, specify a null entry for internal destinations (do not change the delivery transport or the nexthop information) and specify a wildcard for all other destinations.
Maybe a null nexthop could be considered as valid in mailcow's ui so this can be acheived without requiring the use of custom_transport.pcre?
amjadkamali
on 29 May 2020
Indeed, the workaround works perfectly, specified domains in pcre don't bounce.
A way to achieve that without manual edits would be nice!
Hakujou
on 29 May 2020
Thank you @amjadkamali
I had to create this file because it doesn't exist.
It works as excepted ! Muchas Gracias again
warnerbryce
on 19 Aug 2020
Related issues
lgleim
路
3Comments
schoebelh
路
3Comments
damdinsharav
路
3Comments
RogerSik
路
3Comments
a3li
路
3Comments
Most helpful comment
Hi, this can be achieved by modifying
data/conf/postfix/custom_transport.pcreand adding a line such as:/example.com$/ :There's more info in the postfix documentation:
Maybe a null nexthop could be considered as valid in mailcow's ui so this can be acheived without requiring the use of
custom_transport.pcre?