Support guidelines
I've found a bug and checked that ...
Description
Postfix configuration at the moment is such that check_policy_service comes after permit_mynetworks. The effect is that all mail from local networks is forwarded without checking if, e.g., an alias is activated or not. This is especially problematic when Addy is receiving mail forwarded from a Postfix relay in the same network (e.g., another mail server container on the same host).
Expected behaviour
All mail should be going through the policy service, even if it comes from local networks.
Actual behaviour
If mail comes from local network (e.g., a Postfix relay in the same network), then Addy delivers the email without going through policy checks.
Steps to reproduce
- Create Addy instance that is receiving mail from another Postfix server in the same network
- Create an alias and deactivate it
- Send email to deactivated alias
(mail is delivered even though alias is deactivated)
Docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 12
Running: 12
Paused: 0
Stopped: 0
Images: 48
Server Version: 20.10.24+dfsg1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 1.6.20~ds1-1+b1
runc version: 1.1.5+ds1-1+deb12u1
init version:
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 6.1.0-23-amd64
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.62GiB
Name: v220240637402273018
ID: JOAL:Y3H2:TW2J:SWQH:UHJ6:WGOB:NN6F:QIOD:NYFH:KOQY:H46T:RSPU
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Docker Compose config
No response
Logs
Additional info
Bug is fixed simply by reordering the two in smtpd_recipient_restrictions.
Support guidelines
I've found a bug and checked that ...
Description
Postfix configuration at the moment is such that
check_policy_servicecomes afterpermit_mynetworks. The effect is that all mail from local networks is forwarded without checking if, e.g., an alias is activated or not. This is especially problematic when Addy is receiving mail forwarded from a Postfix relay in the same network (e.g., another mail server container on the same host).Expected behaviour
All mail should be going through the policy service, even if it comes from local networks.
Actual behaviour
If mail comes from local network (e.g., a Postfix relay in the same network), then Addy delivers the email without going through policy checks.
Steps to reproduce
(mail is delivered even though alias is deactivated)
Docker info
Docker Compose config
No response
Logs
Additional info
Bug is fixed simply by reordering the two in
smtpd_recipient_restrictions.