So I've been setting up a small email server on my network that hosts both an internal/vpn domain (mydomain.vpn) as well as domains for some of my 'external' email addresses; ie: gmail, my ISP's email.
I've got things running pretty well; emails are sent between the internal/vpn addresses fine, and I have fetchmail picking up my external email and delivering it locally to the appropriate virtual address/account.
I also have been trying to get smtp relay setup such that if I send an email from, say, my gmail account, on my local (mail.mydomain.vpn) system, it'll relay it to gmail's smtp servers before sending to it's destination.
The problem I'm having is that if I send a message to an address using the same domain that I have setup locally (the idea is that I login to my mail.mydomain.vpn box as user 'myname@gmail.com' using a web-based mail client like roundcube hosted on mail.mydomain.vpn), the send fails because the target address can't be found locally.
That is; if I send a message to
someoneelse@gmail.com, postfix only looks for the address locally and tries to deliver it instead of forwarding it on to gmail's smtp; which results in an immediate bounce/undeliverable message.
If I send a message to a domain other than gmail or myisp, it goes through successfully.
I've tried a bunch of different things that I've come across online to try and get this to work properly, but I seem to be missing something.
Can someone take a look at my config's (below) and help me figure this out?
main.cf:
Code:
alias_maps = pgsql:/usr/local/etc/postfix/pgsql-aliases.cf
append_dot_mydomain = no
biff = no
compatibility_level = 2
data_directory = /var/run/postfix
inet_interfaces = all
inet_protocols = ipv4
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
mail_owner = email
mailbox_size_limit = 0
maillog_file=/var/log/postfix.log
mailbox_transport = lmtp:[127.0.0.1]:24
message_size_limit = 51200000
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
mydestination = mydomain.vpn, mail.mydomain.vpn, localhost, localhost.localdomain
mydomain = mydomain.vpn
myhostname = mail.mydomain.vpn
mynetworks = 127.0.0.0/8 10.8.0.0/24
mynetworks_style = host
myorigin = /etc/mailname
non_smtpd_milters = $smtpd_milters
queue_directory = /var/run/postfix/spool
readme_directory = no
recipient_delimiter = +
relayhost=
relay_domains = gmail.com, myisp.com
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sender_dependent_default_transport_maps = hash:/usr/local/etc/postfix/relay_transport
sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/smtp_sasl_password
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /usr/local/etc/ssl/ca-mydomainvpn/ca.crt
smtp_tls_loglevel = 3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Raspbian)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, permit
smtpd_milters = inet:127.0.0.1:11332
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = mydomain.vpn
smtpd_sasl_path = auth-dovecot
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/ssl/mail.mydomain.vpn.TLS.crt
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /usr/local/etc/ssl/mail.mydomain.vpn.TLS.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols = TLS1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls=yes
transport_maps = pgsql:/usr/local/etc/postfix/transport.cf
virtual_alias_maps = pgsql:/usr/local/etc/postfix/virtual_alias_maps.cf,pgsql:/usr/local/etc/postfix/virtual_alias_domains_maps.cf
virtual_alias_domains = pgsql:/usr/local/etc/postfix/virtual_alias_domains.cf
virtual_gid_maps = static:2020
virtual_mailbox_base = /data/local/mail
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/virtual_mailbox_maps.cf
virtual_maps = pgsql:/usr/local/etc/postfix/virtual_maps.cf
virtual_minimum_uid = 2020
virtual_transport = lmtp:[127.0.0.1]:24
virtual_uid_maps = static:2020
meta_directory = /etc/postfix
setgid_group = postdrop
command_directory = /usr/sbin
sample_directory = /etc/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
sendmail_path = /usr/sbin/sendmail
daemon_directory = /usr/lib/postfix/sbin
manpage_directory = /usr/share/man
html_directory = /usr/share/doc/postfix/html
shlib_directory = /usr/lib/postfix
master.cf:
Code:
smtp inet n - y - - smtpd -v
submission inet n - y - - smtpd -v
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_reject_unlisted_recipient=no
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_security_level=encrypt
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=no
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
# -o smtpd_sasl_type=dovecot
# -o smtpd_sasl_path=private/auth
#smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp -v
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
relay_recipients for relay_recipients_map:
Code:
me@gmail.com OK
me@myisp.com OK
relay_transport for sender_dependent_default_transport_maps:
Code:
@gmail.com smtp:[smtp.gmail.com]:587
@myisp.com smtp:[smtp.myisp.com]:587
sender_relay for sender_dependent_relayhost_maps:
Code:
@gmail.com smtp:[smtp.gmail.com]:587
@myisp.com smtp:[smtp.myisp.com]:587
transport_maps via pgsql:/usr/local/etc/postfix/transport.cf:
Code:
gmail.com lmtp:[127.0.0.1]:24
myisp.com lmtp:[127.0.0.1]:24
I'm pretty sure it comes down to my transport settings, which I've fooled around with, but if I change my settings in my transport_maps to one of the smtp settings in the other files, then when fetchmail retrieves messages, it attempts to relay it via the smtp instead of delivering it to the appropriate mailbox locally.
What I really want is for ALL messages from any domain other than my internal/vpn domain to be send via the appropriate smtp relay based on who/what domain is sending it.
I *thought* that's what the 'sender_dependent' settings would do, but apparently I'm missing something.
I'm still very new to email servers as a whole, so forgive me if I've missed something obvious. I'd really appreciate any insight into what might be causing my problem.
I can post additional config settings and/or log output if requested.
Thank you!
- skubik
