Postfix content filter service recognizing it as relay

Question

After about 30 hours of almost beating my head to the walls I had to come to the conclusion, it's better if I write to people who might be more well-versed in this topic.

I have a Digitalocean server using Ubuntu 22.

Yes I know Digitalocean does not support sending mails and the such, but I'm only using postfix as a simple relay server, nothing else.

Basically I'm using Amazon SES at this moment, to send a mail to ex: "someaddress@customdomain.com". I have several domains that needs to be handled not just one, and all of these domain's configuration (DNS) are correctly set pointing to the server. It was actually working before with brevo, but I must have had some misconfiguration, because they have randomly suspended the account for TOS breach, which was of course not given with any reason, other than "sorry you're suspended".

I'm suspecting I was relaying "From:" addresses directly from senders, and they thought someone took over the account or something, which is fair.

Anyway... Now that I've described the basic setup, and circumstances. The problem is, I have a filter set up, which is absolutely crucial to make this work, and it seems like if I make a custom content_filter service in master.cf:

shell_content_filter unix - n n - - pipe
  flags=Rq user=filteruser argv=/usr/local/bin/minimal_filter.sh

This is the part of the log where we can see the problem:

"relay=shell_content_filter, delay=0.04, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via shell_content_filter service"

And in main.cf:

content_filter = shell_content_filter
receive_override_options = no_address_mappings

Yes there is a "filteruser" created, and yes it works correctly, all permissions are correctly set, and tested, everything is running fine, but my filter is getting recognized as a relay, and it is literally saying the emails are getting delivered by an external service which makes no sense... to me at least.

Not sure if this is enough info, I'd really appreciate if someone knows what is going on, because I'm in quite a lot of trouble, emails are lost, never to be recovered, and I still cant make it work.

Answer 1

At the end of the day I've solved my problem by doing:

smtp      inet  n       -       -       -       -       smtpd
  -o content_filter=piperelay
  -o receive_override_options=no_address_mappings
piperelay unix - n n - - pipe
  flags=Rq user=filteruser argv=/usr/bin/php8.2 /etc/postfix/scripts/modify_header.php

Perhaps I've not stated my original question clearly, sorry. Basically I wanted to be able to overwrite the "From" address line, and to add a Reply-To header line, but with header_checks that didn't seem possible, thus I had to resort to either a milter or a content_filter, but for whatever reason, none of the solutions worked for me that I've been trying while looking around on the internet for literal days.

Naturally I've also tried consulting GPT as I've been using it almost daily for years now, and it did have some constructive things to say, but the o1 model sucks, and GPT 4 legacy model easily solved my problems.

At the end of the day I tried not using the "global settings" as in "main.cf" but set it up directly under that one custom service defined in "master.cf" and that did the job. The content_filter worked, and there was no more infinite loop either, which was a new problem that came up after, that was solved by the "-o receive_override_options=no_address_mappings" which was interesting to see, because if I added this option to "main.cf" as a "global setting" it did not work! It only started to work once I've added it directly under my command to be executed.

And the most important part is, Yes postfix gives our external script (in my case I made a php script) the raw data, which we can read with STDIN but just simply doing STDOUT is not enough, which was NOT clear for me. I had to "send back" or "inject back" the modified email data to the postfix service by using sendmail, which can indeed cause infinite loops if you're not careful. So basically this was what I was missing. Yes it does treat it as the external script is a "relay" thus postfix did not expect it to just be something that filters it, and has further work with it, but correct me if I'm wrong. Anyway I sent the modified email back with sendmail from the php script, and boom, everything worked perfectly fine.

Hope this helps someone in the future!

Sorry if my original question wasn't clear enough, I'm a bit new to making these kind of posts.