How to stop postfix from forwarding mail to spampd when connection is from localhost
Earlier today I asked about postfix and spamassassin for mail sent from localhost, postfix, spam assassin, swiftmailer and received a good answer quickly (thanks). Using sendmail directly has solved the speed problem, but I'd like to try using SMTP for other reasons, so I need to know how to stop postfix from forwarding mail to spampd when the connecting client is localhost. At the moment, bounces are being returned not to the REPLY-TO address but to the webserver admin, and I think that is because of using sendmail directly. My config is shown in the earlier question, except currently I've configured the mailer as
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
// send all mails to a file by default. You have to set
// 'useFileTransport' to false and configure a transport
// for the mailer to send real emails.
'useFileTransport' => false,
'transport' => [
'class' => 'Swift_SendmailTransport'
],
],
Here is how I solved the problem. Relevant doc is at http://www.postfix.org/SMTPD_PROXY_README.html
In /etc/postfix/master.cf are the relevant configs.
smtp inet n - y - 20 smtpd
-o smtpd_proxy_filter=127.0.0.1:10025
-o smtpd_client_connection_count_limit=10
127.0.0.1:10026 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
These define port 10026 to receive outputs from the milter and are handled by the post-filter SMTP service of postfix. I set my config to send to port 10026 and SMTP handles the email with no delay.
I've tested this with an incorrect email address and the bounce is correctly sent to the reply-to address instead of to my webserver admin.
Actually I'm surprised I couldn't find more discussion of this issue, but maybe most servers have a single website so the webserver admin is the same or similar to the email sender on the website. In our case we have about 100 different email senders so it's important they get their own bounces.
Here's the Yii2 Swiftmailer config we are now using:
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
// send all mails to a file by default. You have to set
// 'useFileTransport' to false and configure a transport
// for the mailer to send real emails.
'useFileTransport' => false,
'transport' => [
'class' => 'Swift_SmtpTransport',
'host' => '127.0.0.1',
'port' => '10026'
]
],
It should be obvious, but I will state that port 10026 isn't open on the firewall, so only localhost can use the port.