Upgrade to ISPconfig 3.2.0 breaks X-Original-To header due to LMTP

Discussion in 'ISPConfig 3 Priority Support' started by KoS, Nov 9, 2020.

  1. KoS

    KoS Member HowtoForge Supporter

    This may be related to my previous issue here: https://www.howtoforge.com/communit...ng-with-newly-setup-server-with-rspamd.82819/
    I have upgraded to ISPconfig 3.2.0 and run the re-configure services and since than, again, the X-Original-To is not added anymore.
    • master.cf was not changed. so the flags=DROhu for dovecot is still set, all good.
    • main.cf i see that enable_original_recipient is set to no. The postfix default is yes. Why is this changed to no?
    • delivery from postfix to dovecot has changed from LDA to LTMP -> this seems to be the main issue. Postfix LMTP does NOT prepend the X-Original-To header, so dovecot doesn't receive it and no mail filtering can be done based on the mail recipient. There would be a "hack" for postfix to add the X-Original-To header, but I won't go this way (http://postfix.1071664.n5.nabble.com/virtual-alias-maps-and-X-Original-To-td9124.html).
    I will change back to LDA in my main.cf and re-enable enable_original_recipient.
    Based on https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4792 I assume that if I remove the dovecot-lmtpd package (which probably got installed as "recommended package" or due to a tutorial on howtoforge), in the future a "reconfigure services" won't add the LMTP options again? It would be good if that would be pointed out somewhere in the documentation (or upgrade/release notes). Thanks.

    Still, the enable_original_recipient should not be disabled. Shall I open a bug/issue for that?
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Hello Kos,

    As mentioned in #4792, when using lmtp you don't need to inject headers to trace the envelope addresses, sieve supports that natively with the "envelope" test.

    This is related to implementing lmtp, which uses recipient address verification to be able to reject bad/undeliverable email addresses in smtp; from ADDRESS_VERIFICATION_README:
    Accordingly, it is set to 'yes' for 3.2 and earlier; 3.3 and later is set to 'no'.

    Yes, changing back to using dovecot's 'deliver' would be needed if you set enable_original_recipient=no, or upgrade to a more recent version of postfix.

    You know the problem with assumptions.... :) On this one, all the newer code/changes would hold true with that, if it doesn't find lmtp installed, it won't configure it for use. The is one exception though, maintaining legacy behavior (so you won't be affected by it, as it didn't apply to you previously), if you have mailbox_virtual_uidgid_maps set (ie. the 'Use Websites Linux uid for mailbox' checkbox in server config), then lmtp will be configured for use, even if it is not detected as installed (this was the old 3.1.x behavior which I left in place).

    No, just upgrade your postfix version. ;) If you want, open a feature request for a checkbox to disable LMTP (with a note to not set enable_original_recipient if lmtp is disabled), which might be doable.

Share This Page