Postfix

Temujin_12 · 10-06-2008, 05:30 PM

Here's my situation.

I am currently using a 3rd party for IMAP and SMTP. I want to move this "in house" but need to do so in stages. First, I need to move SMTP. Then after that is up and running for a while, we'll move IMAP over.

I've setup postfix/sasl/courier with a MySQL backend on an ubuntu server, created an SPF record for mydomain.com which includes the IP of this server in it, and things seem to be working well. I can send emails to other domains just fine. However, when an email is sent to one of the virtual domains listed in my domain map, I get the following error:

Quote:

NOQUEUE: reject: RCPT from fromdomain.com[5.5.5.5]: 550 <to@mydomain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<from@mydomain.com> to=<to@mydomain.com> proto=ESMTP helo=<smtp.inhouse.com>

I need the from@mydomain.com address to be listed in my mailbox mapping so that they can authenticate for SMTP (this works fine). However, since mydomain.com is also mapped as a virtual domain (even though to@mydomain.com is not listed in the mailbox mapping), it appears that postfix does not "fall back" to sending to whatever the MX record has for mydomain.com.

How can I tell postfix to send emails to *@mydomain.com to wherever the MX record for mydomain.com points to while still having mydomain.com mapped as a virtual domain?

I guess simply disabling everything except SMTP would work, but I'd much rather configure things so that I can still do incoming (in case I setup other domains on this server) but tell postfix that if the address is not specifically mapped, to send to the domain's MX record and not assume it stays locally.

Hope that makes sense.

Thanks in advance.

billymayday · 10-06-2008, 05:41 PM

Can you either change that code snippet to a quote, or put a line break in the middle - this post is almost unreadable.

Can you post "postconf -n" for us to look at.

I don't quite follow what you want to happen when you send a message to "to", if that virtual mailbox doesn't exist.

Temujin_12 · 10-06-2008, 05:49 PM

Quote:

Can you either change that code snippet to a quote, or put a line break in the middle - this post is almost unreadable.

Done.

Quote:

Can you post "postconf -n" for us to look at.

Sure:

Quote:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_level = 3
debug_peer_list = localhost
delay_warning_time = 4h
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
masquerade_domains = sub.domain.com !sub.dyndomain.com
masquerade_exceptions = root
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
myhostname = mydomain.com
mynetworks = all
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:106
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_uid_maps = static:106

Quote:

I don't quite follow what you want to happen when you send a message to "to", if that virtual mailbox doesn't exist.

I want to send email for mydomain.com while still having authentication (so I'm not an open relay). However, I do not want to receive email for mydomain.com. This, with the long-term goal of eventually also receiving email for this domain.

Does that make sense?

billymayday · 10-06-2008, 06:11 PM

From the postfix site:

Quote:

virtual_mailbox_domains (default: $virtual_mailbox_maps)
Postfix is final destination for the specified list of domains; mail is delivered via the $virtual_transport mail delivery transport. By default this is the Postfix virtual(8) delivery agent. The SMTP server validates recipient addresses with $virtual_mailbox_maps and rejects mail for non-existent recipients. See also the virtual mailbox domain class in the ADDRESS_CLASS_README file.
This parameter expects the same syntax as the mydestination configuration parameter.
This feature is available in Postfix 2.0 and later. The default value is backwards compatible with Postfix version 1.1.

My interpretation of this (and I could well be wrong) is that since you don't define virtual_mailbox_domains, that the domains in virtual_mailbox_maps will be taken up. Perhaps pointing virtual_mailbox_domains to an empty list will fix your problem,

Temujin_12 · 10-06-2008, 06:31 PM

Quote:

Originally Posted by billymayday

From the postfix site:

My interpretation of this (and I could well be wrong) is that since you don't define virtual_mailbox_domains, that the domains in virtual_mailbox_maps will be taken up. Perhaps pointing virtual_mailbox_domains to an empty list will fix your problem,

That did the trick. I had a row in my MySQL DB for mydomain.com. Deleting it from that table still allows me to send mail from and or to mydomain.com (authenticating with my mailbox mapping) but no longer tries to "[deliver it] via the $virtual_transport mail delivery transport" (as per postfix docs).

Thanks billymayday! I'll have to read through the postfix docs more thoroughly in the future.