[SOLVED] Postfix as a mail delivery server fails (status bounced loops back to myself)
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Postfix as a mail delivery server fails (status bounced loops back to myself)
I'm trying to configure my Postfix server as a delivery agent for the server. From studying the Postfix documentation it appears that the feature for this is virtual_alias_domains and virtual_alias_maps.
I created a virtual hash file. No matter what I do with the virtual access the system will interpret the address as local and send the email to the local system, not the specified domain. I know that the Postfix server can find the domain because a mail test with the virtual setup removed will send the mail to the proper machine.
/etc/postfix/main.cf:
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = ubunserver.apollo3.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ubunserver.apollo3.com, localhost.apollo3.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
# ----------- Virtual Block ----------------------------
virtual_alias_domains = apollo3.com
virtual_alias_maps = hash:/etc/postfix/virtual
# ------------------------------------------------
If I uncomment the virtual block from the main.cf file the system will deliver the mail to the proper place. Of course it isn't using the virtual.db configuration.
Just checking ... - you didn't edit the .db file did you? .. these should be generated by running 'postmap /etc/postfix/virtual'
Thanks for the attention, kbp. That's correct. The file I edited was virtual. The postmap command created the hash virtual.db file from the virtual file I created.
Cool, I'm guessing that you're sending the test email from the mail server itself, and $myorigin is the same as $myhostname ?
Can you tell us what you were expecting this line to do ?
Actually I spend a number of days trying many different configurations, starting with the most default from the distro documentation. When that didn't work I browsed many sites including the postfix official site.
Some people appeared to have success with that particular example. Take a look at:
I saw this repeated many times. But of course I pointed out in my original text that I tried both.
I also removed "apollo3.com" from the variables you mentioned and that didn't help.
If you look at the code/quote where you took that from you'll see the first line has "apollo3.com". It appeared that the virtual map would use a domain block and convert the name without a domain to the domain in that block. I thought that was the purpose of the first line in the block.
Also if you look at the main.cf file the options there is also indicating apollo3.com as a specific domain:
Again, I removed "apollo3.com" from everywhere so that the only place it would be seen would be in the applicable virtual block.
My objective is to have the server send the mail to the specified domain. I'm trying all the examples that I can find from all the documentation I can find to get it to work. I started over a number of times with a default main.cf. I follow every example I can find on the Postfix support site and the distro support site. The results so far is consistent. Every variation consistently comes back to Postfix trying to figure in a local delivery (again, even when none of the variable point to apollo3.com as local) or just fails to deliver.
My objective is to have the server send the mail to the specified domain
Ok... postfix doesn't need to be explicitly told how to send mail though. If the recipient domain isn't in $mydestination then postfix will perform an MX lookup and send the mail to the appropriate server/s.
What exactly are you trying to do? .. forward mail for a local user to a remote user?
Your /etc/postfix/virtual config indicates that you're trying to send mail destined for ljames@apollo3.com to the local user ljames, is this correct ?
My objective is to have the server send the mail to the specified domain
Ok... postfix doesn't need to be explicitly told how to send mail though. If the recipient domain isn't in $mydestination then postfix will perform an MX lookup and send the mail to the appropriate server/s.
What exactly are you trying to do? .. forward mail for a local user to a remote user?
Your /etc/postfix/virtual config indicates that you're trying to send mail destined for ljames@apollo3.com to the local user ljames, is this correct ?
I'm trying to setup the Postfix server to function as a backup mail delivery server for the apollo3.com domain. Currently it's performed with a very old Red Hat system using Sendmail. I can do this very easily using Sendmail. But I'm currently using Ubuntu on most of my machines and trying to get familiar with using the defaults tested by the developers... both for the purpose of convenience of a tested conventional environment and as a way that I can contribute my experience with the standard back to the community.
I believe the mail server is something referred to as a backup/cache server. It has an mx record in the apollo3.com records.
I actually have 300 names in the virtual map file. The purpose of the virtual map file is to stop the mail at the delivery server rather than caching it, then allowing apollo3.com to bounce it. So the virtual map is serving as an immediate reject flag for spammers who might try sending every name in the dictionary to apollo3.com.
The example excerpt of ljames@apollo3.com/ljames is an example for the test. The virtual file is actually more fully populated.
It's my experience that the backup server doesn't do an mx lookup. It just delivers the mail where it's told. Other servers does an mx look up to see where to send the mail for a domain. If one mx machine isn't available it'd proceed to the next one in line. I'm trying to put the Postfix server as the main one in the line.
By the way, when Postfix sees the mx record, it actually sees itself since I want it to be the main mx server.
I had found something similar that I was testing, but yours looks better. My workaround was delivering the mail, but only if I took down my other backup server. I'm going to change the resolution I was using for the one you posted and get back with the group.
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = ubunserver.apollo3.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ubunserver.apollo3.com, localhost.apollo3.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_policy_service unix:private/policy-spf,
check_policy_service unix:private/policy-spf,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
# check_client_access hash:/etc/postfix/maps/access_client,
# check_helo_access hash:/etc/postfix/maps/access_helo,
# check_sender_access hash:/etc/postfix/maps/access_sender,
# check_recipient_access hash:/etc/postfix/maps/access_recipient,
# reject_rhsbl_client blackhole.securitysage.com,
# reject_rhsbl_sender blackhole.securitysage.com,
# reject_rbl_client relays.ordb.org,
# reject_rbl_client blackholes.easynet.nl,
# reject_rbl_client cbl.abuseat.org,
# reject_rbl_client proxies.blackholes.wirehub.net,
# reject_rbl_client bl.spamcop.net,
# reject_rbl_client sbl.spamhaus.org,
# reject_rbl_client opm.blitzed.org,
# reject_rbl_client dnsbl.njabl.org,
# reject_rbl_client list.dsbl.org,
# reject_rbl_client multihop.dsbl.org,
reject_rbl_client dnsbl.proxybl.org,
permit
# ----------- Virtual Block ----------------------------
# virtual_alias_domains = apollo3.com
# virtual_alias_maps = hash:/etc/postfix/virtual
# ------------------------------------------------
# ----------- Check Entries ----------------------
mydomain = apollo3.com
relay_domains = apollo3.com, $mydestination
queue_run_delay = 200s
relay_recipient_maps = hash:/etc/postfix/relay_recipients
# content_filter = smtp-amavis:[localhost]:10024 # causes bounce back to server error.
# ------------------------------------------------
spf-policyd_time_limit = 3600s
Thank!
As you see I have lots of entries and commented out test. I'm immediately being bombarded with spam until I get the dnsbl's working. I believe the list I have commented out is old. I'm in the process of investigating them... but of course that's a subject for another thread.
Again, looking at the description of your link, I'm sure it's going to work perfect for this immediate application.
I really appreciate your taking the time to understand what I was looking for and to research.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.