[pfx] some questions about controlling postfix and meaning of data

[Don Cohen via Postfix-users]

(took a while to join the list cause it seems the IP of my new
server was formerly used to do something objectionable to
Abusix Mail Intelligence)

In an older server I run my own mail ACCEPTING demon but it uses
sendmail (postfix) for local delivery, and I also use sendmail for
sending to remote systems.  I comment out the first line of master.cf:
#smtp      inet  n       -       n       -       -       smtpd
and then listen on port 25 with my own software.

I find this no longer works in my new server (running newer OS version
and, I presume, newer postfix).  The following works on the old server
but not the new one:
this no longer works (whereas it does in the old server)
 date | sendmail don
(same result for mail as sendmail, though they seem to be totally
different programs)
   
I see in maillog something like this:

Jan 17 22:22:50 isis-20240117-1030 sendmail[120557]: 40HMMokm120557: to=don, 
ctladdr=opc (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, 
pri=30107, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, reply=554- , stat=Service 
unavailable

which makes me think that I now need postfix listening on port 25,
at least for localhost.
And when I uncomment that line, then the commands above do work.

Is this a change in postfix, that it now needs to listen to port 25
in order to deliver mail locally?  
Is there a good reason for this change?
Obviously it's a problem for my usage.
I've managed to work around it as follows:
 - uncomment the line above 
 - change inet_interfaces in main.cf to 127.0.0.1 
   (Interesting that lo doesn't work, even though it sounds from the 
   name that this parameter should be a set of interfaces.)
 - have my server listen on another port (2502)
 - iptables -A PREROUTING -t nat -p tcp -d [my-ip] --dport 25 -j DNAT --to 
[my-ip]:2502

But I stille see some disturbing differences between the old and new systems:

There's a lot more in the log in the new system:

Jan 18 02:19:50 isis-20240117-1030 sendmail[129320]: 40I2JokQ129320: from=opc, 
size=108, class=0, nrcpts=1, 
msgid=<202401180219.40i2jokq129...@isis.cs3-inc.com>, relay=root@localhost
Jan 18 02:19:50 isis-20240117-1030 postfix/smtpd[129321]: connect from 
localhost[127.0.0.1]
Jan 18 02:19:50 isis-20240117-1030 sendmail[129320]: STARTTLS=client, 
relay=[127.0.0.1], version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, 
bits=256/256
Jan 18 02:19:50 isis-20240117-1030 postfix/smtpd[129321]: C42598F31F: 
client=localhost[127.0.0.1]
Jan 18 02:19:50 isis-20240117-1030 postfix/cleanup[129324]: C42598F31F: 
message-id=<202401180219.40i2jokq129...@isis.cs3-inc.com>
Jan 18 02:19:50 isis-20240117-1030 postfix/qmgr[129306]: C42598F31F: 
from=<o...@isis.cs3-inc.com>, size=567, nrcpt=1 (queue active)
Jan 18 02:19:50 isis-20240117-1030 sendmail[129320]: 40I2JokQ129320: to=root, 
ctladdr=opc (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, 
pri=30108, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 
C42598F31F)
Jan 18 02:19:50 isis-20240117-1030 postfix/smtpd[129321]: disconnect from 
localhost[127.0.0.1] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 18 02:19:50 isis-20240117-1030 postfix/local[129325]: C42598F31F: 
to=<d...@isis.cs3-inc.com>, orig_to=<r...@isis.cs3-inc.com>, relay=local, 
delay=0.08, delays=0.06/0.02/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Jan 18 02:19:50 isis-20240117-1030 postfix/qmgr[129306]: C42598F31F: removed

vs the old:

Jan 19 00:20:10 losangelesyouthorchestra postfix/pickup[18701]: 988894075B: 
uid=0 from=<root>
Jan 19 00:20:10 losangelesyouthorchestra postfix/cleanup[18997]: 988894075B: 
message-id=<20240119002010.9888940...@isis.cs3-inc.com>
Jan 19 00:20:10 losangelesyouthorchestra postfix/qmgr[10483]: 988894075B: 
from=<r...@isis.cs3-inc.com>, size=439, nrcpt=1 (queue active)
Jan 19 00:20:10 losangelesyouthorchestra postfix/local[18999]: 988894075B: 
to=<d...@isis.cs3-inc.com>, orig_to=<don>, relay=local, delay=0.02, 
delays=0.02/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Jan 19 00:20:10 losangelesyouthorchestra postfix/qmgr[10483]: 988894075B: 
removed

And the delivered mail contains more and more complicated received headers:

Received: from isis.cs3-inc.com (localhost [127.0.0.1])
        by isis.cs3-inc.com (Postfix) with ESMTPS id 3685A18DDDB
        for <d...@isis.cs3-inc.com>; Thu, 18 Jan 2024 22:58:09 +0000 (GMT)
Received: (from root@localhost)
        by isis.cs3-inc.com (8.16.1/8.16.1/Submit) id 40IMw8VI202395
        for don; Thu, 18 Jan 2024 22:58:08 GMT
 vs

Received: by isis.cs3-inc.com (Postfix, from userid 0)
        id 68D3D4075B; Thu, 18 Jan 2024 16:38:51 +0000 (UTC)

This gives me the impression that the new path is really two hops while
the old path was only one.

Also, can someone tell me that the (8.16.1/8.16.1/Submit) is all about?

Thanks, and sorry for so many questions.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org