Loading ...
Sorry, an error occurred while loading the content.

292452Re: Setting up virtual domains correctly

Expand Messages
  • Viktor Dukhovni
    Apr 9, 2013
    • 0 Attachment
      On Tue, Apr 09, 2013 at 04:56:28PM -0700, Quanah Gibson-Mount wrote:

      > The main issue right now is that it has:
      > virtual_transport = error
      > which I was told makes little sense, so I'm trying to correct our
      > configuration.

      Actually, it is not always a bad idea. If you have a virtual_mailbox
      domain, solely for the purpose of recipient validation:

      indexed = ${default_database_type}:${config_directory}/
      virtual_mailbox_domains = example.com
      virtual_mailbox_maps = ${indexed}vmbox

      and if delivery to real users in example.com is always via LMTP or
      some other transport that requires an explicit user mapping (say
      to a specific IMAP server, ...) then it may make sense to set:

      virtual_transport = error:5.1.1 User unknown
      transport_maps = ${indexed}transport


      luser@... ok

      luser@... lmtp:inet:imap.example.com:24

      with the result that mail to <luser@...> is delivered to
      the virtual mailbox, while mail for <bogus@...> is not
      only rejected by smtpd(8) (since bogus is not in virtual_mailbox_maps),
      but also bounces if generated locally, since it resolves to the
      error transport without the need to contact the LMTP server (which
      may in some cases be configured to create mailboxes on the fly).

      This said, I would take a different approach:

      # Use virtual alias domains for mail routing, not per-user
      # transport entries.
      indexed = ${default_database_type}:${config_directory}/
      virtual_alias_domains = example.com
      virtual_alias_maps = ${indexed}valias
      virtual_mailbox_domains = ${indexed}vmdomains
      transport_maps = ${indexed}transport

      # Optional, undo virtual(5) rewrites.
      smtp_generic_maps = ${indexed}generic

      # Refuse mail to user@invalid or user@...
      smtpd_relay_restrictions =
      permit_mynetworks, permit_sasl_authenticated,
      smtpd_recipient_restrictions =
      check_recipient_access ${indexed}rcpt-access

      # Don't allow explicit addressing of ".invalid" namespace.
      invalid REJECT 5.1.2 invalid destination domain
      .invalid REJECT 5.1.2 invalid destination domain

      # One entry per valid user
      luser@... luser@...
      luser2@... luser@...

      # Optional, needed if the LMTP servers don't like
      # luser@lmtp<N>.virtual.invalid and need the original
      # external address.
      luser@... luser@...

      # One entry per LMTP server
      lmtp1.virtual.invalid lmtp:inet:server1.example.com:24
      lmtp2.virtual.invalid lmtp:inet:server1.example.com:24

      # One entry per LMTP server
      lmtp1.virtual.invalid virtual
      lmtp2.virtual.invalid virtual

    • Show all 8 messages in this topic