Loading ...
Sorry, an error occurred while loading the content.

mail bounce for valid virtual user

Expand Messages
  • Beast
    I would like to implement virtual users (user without system account) and currently no plan to support virtual domains. This is what I ve done. ... myhostname
    Message 1 of 14 , Feb 28, 2006
    • 0 Attachment
      I would like to implement virtual users (user without system account)
      and currently no plan to support virtual domains.

      This is what I've done.

      main.cf:
      -------------------
      myhostname = test.example.com
      mydomain = test.example.com

      mydestination = localhost, $mydomain, $myhostname, localhost.$mydomain

      ### Virtual mailbox
      virtual_mailbox_base = /home/vmail
      virtual_mailbox_maps = hash:/etc/postfix/vmailbox
      virtual_minimum_uid = 4000
      virtual_uid_maps = static:5000
      virtual_gid_maps = static:5000


      /etc/postfix/vmailbox:
      --------------------------
      beast@... beast/


      [root#] postmap -q 'beast@...' hash:/etc/postfix/vmailbox
      beast/


      maillog:
      -----------------
      Feb 28 16:50:33 cacing postfix/local[6627]: EEDE71760D6:
      to=<beast@...>, orig_to=<beast>, relay=local, delay=1,
      status=bounced (unknown user: "beast")

      What is the reason?



      --

      --beast
    • Werner Detter
      ... hi, do NOT list a virtual_domain in mydestination http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox regards, werner
      Message 2 of 14 , Feb 28, 2006
      • 0 Attachment
        > maillog:
        > -----------------
        > Feb 28 16:50:33 cacing postfix/local[6627]: EEDE71760D6:
        > to=<beast@...>, orig_to=<beast>, relay=local, delay=1,
        > status=bounced (unknown user: "beast")
        >
        > What is the reason?

        hi,

        do NOT list a virtual_domain in mydestination
        http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox


        regards,
        werner
      • Beast
        ... I do not intent to use virtual domains( i only need to host 1 domain only),so i add: virtual_mailbox_domains = but still get unknown user error. Is
        Message 3 of 14 , Feb 28, 2006
        • 0 Attachment
          Werner Detter wrote:
          >
          >> maillog:
          >> -----------------
          >> Feb 28 16:50:33 cacing postfix/local[6627]: EEDE71760D6:
          >> to=<beast@...>, orig_to=<beast>, relay=local, delay=1,
          >> status=bounced (unknown user: "beast")
          >>
          >> What is the reason?
          >
          >
          > hi,
          >
          > do NOT list a virtual_domain in mydestination
          > http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox
          >

          I do not intent to use virtual domains( i only need to host 1 domain
          only),so i add:

          virtual_mailbox_domains =

          but still get unknown user error. Is virtual_mailbox_domains is a
          mandatory parameter when using virtual_mailbox_maps ?



          --

          --beast
        • Roger B.A. Klorese
          ... Yes. You can only have virtual mailboxes in virtual domains.
          Message 4 of 14 , Feb 28, 2006
          • 0 Attachment
            Beast wrote:
            > I do not intent to use virtual domains( i only need to host 1 domain
            > only),so i add:
            >
            > virtual_mailbox_domains =
            >
            > but still get unknown user error. Is virtual_mailbox_domains is a
            > mandatory parameter when using virtual_mailbox_maps ?
            >
            >
            >




            Yes. You can only have virtual mailboxes in virtual domains.
          • Victor Duchovni
            ... You probably want mydomain = example.com , localhost.example.com is more sensible than localhost.test.example.com if test.example.com is a host and
            Message 5 of 14 , Feb 28, 2006
            • 0 Attachment
              On Tue, Feb 28, 2006 at 05:15:56PM +0700, Beast wrote:

              > I would like to implement virtual users (user without system account)
              > and currently no plan to support virtual domains.
              >
              > This is what I've done.
              >
              > main.cf:
              > -------------------
              > myhostname = test.example.com
              > mydomain = test.example.com

              You probably want "mydomain = example.com", "localhost.example.com"
              is more sensible than "localhost.test.example.com" if test.example.com
              is a host and not a sub-domain.

              > mydestination = localhost, $mydomain, $myhostname, localhost.$mydomain
              >
              > ### Virtual mailbox
              > virtual_mailbox_base = /home/vmail
              > virtual_mailbox_maps = hash:/etc/postfix/vmailbox
              > virtual_minimum_uid = 4000
              > virtual_uid_maps = static:5000
              > virtual_gid_maps = static:5000

              This solution is incomplete.

              - Postfix needs to know which users to route to the virtual
              mailboxes.

              - Postfix needs to know which virtual addresses are valid.

              If you want to do everything with just one domain, you also need:

              main.cf:
              virtual_alias_maps = hash:/etc/postfix/virtual
              transport_maps = hash:/etc/postfix/transport

              virtual:
              # This identity mapping takes care of recipient validation.
              virtual.user@... virtual.user@...

              transport:
              # This user has a virtual mailbox (maildir):
              virtual.user@... example.com/virtual.user/

              And of course there must be a POP or IMAP server willing to give
              the user access to the mail, but that is out of scope for this
              list.

              A simpler solution is to create a non-public virtual alias domain
              and rewrite virtual external addresses into the internal-only
              virtual domain:

              virtual_alias_maps = hash:/etc/postfix/virtual
              virtual_mailbox_domains = virtual.invalid
              smtpd_recipient_restrictions =
              check_recipient_access hash:/etc/postfix/invalid,
              permit_mynetworks,
              reject_unauth_destination,
              #
              # UCE controls go here or better yet,
              # in smtpd_client_restrictions
              # ...

              virtual:
              virtual.user@... virtual.user@...

              invalid:
              invalid REJECT 5.1.2 invalid recipient domain

              vmailbox:
              virtual.user@... virtual.user/

              With the approach above the domain "virtual.invalid" is automatically
              handled via the virtual(8) transport, and virtual(5) rewriting rewrites
              appropriate recipients into this domain. The "virtual.invalid" domain
              is not directly accessible via SMTP (access(5) blocks invalid recipients).

              You could override the virtual_mailbox_maps (parameter) for smtpd in
              master.cf to achieve the same effect (rejecting direct submission to
              all virtual users):

              smtp inet n ... smtpd
              -o virtual_mailbox_maps=

              with this there are no valid users in your internal-only
              virtual_mailbox_domains as far as smtpd(8) is concerned.
              You decide which approach is more to your liking.

              While the master.cf approach is semantically cleaner, the use of master.cf
              overrides makes the implementation less clean to the casual observer
              (someone else or you a few months later).

              --
              Viktor.

              Disclaimer: off-list followups get on-list replies or get ignored.
              Please do not ignore the "Reply-To" header.

              To unsubscribe from the postfix-users list, visit
              http://www.postfix.org/lists.html or click the link below:
              <mailto:majordomo@...?body=unsubscribe%20postfix-users>

              If my response solves your problem, the best way to thank me is to not
              send an "it worked, thanks" follow-up. If you must respond, please put
              "It worked, thanks" in the "Subject" so I can delete these quickly.
            • mouss
              ... you are confused. if you want virtual_mailbox_maps, then you need virtual_mailbox_domains. postfix won t try to deliver to a mailbox if the domain is not
              Message 6 of 14 , Feb 28, 2006
              • 0 Attachment
                Beast a écrit :
                > I would like to implement virtual users (user without system account)
                > and currently no plan to support virtual domains.

                you are confused. if you want virtual_mailbox_maps, then you need
                virtual_mailbox_domains.

                postfix won't try to deliver to a mailbox if the domain is not in the
                right class.

                >
                > This is what I've done.
                >
                > main.cf:
                > -------------------
                > myhostname = test.example.com
                > mydomain = test.example.com
                >
                > mydestination = localhost, $mydomain, $myhostname, localhost.$mydomain
                >
                > ### Virtual mailbox
                > virtual_mailbox_base = /home/vmail
                > virtual_mailbox_maps = hash:/etc/postfix/vmailbox
                > virtual_minimum_uid = 4000
                > virtual_uid_maps = static:5000
                > virtual_gid_maps = static:5000
                >

                you need virtual_mailbox_domains or you don't need virtual_mailbox_maps.

                >
                > /etc/postfix/vmailbox:
                > --------------------------
                > beast@... beast/
                >
                >
                > [root#] postmap -q 'beast@...' hash:/etc/postfix/vmailbox
                > beast/
                >
                >
                > maillog:
                > -----------------
                > Feb 28 16:50:33 cacing postfix/local[6627]: EEDE71760D6:
                > to=<beast@...>, orig_to=<beast>, relay=local, delay=1,
                > status=bounced (unknown user: "beast")
                >
                > What is the reason?

                if the domain is in mydestination, the address should be listed in
                local_recipient_maps (unless rewrite occurs).
              • mouss
                They ask for help and close their ears.... ... : host dc.ldap.or.id[202.154.34.135] said: 554 Service unavailable; Client host
                Message 7 of 14 , Feb 28, 2006
                • 0 Attachment
                  They ask for help and close their ears....

                  ----------------
                  <beast@...>: host dc.ldap.or.id[202.154.34.135] said: 554 Service
                  unavailable; Client host [82.239.111.75] blocked using dnsbl.sorbs.net;
                  Dynamic IP Addresses See:
                  http://www.sorbs.net/lookup.shtml?82.239.111.75
                  (in reply to RCPT TO command)
                • Victor Duchovni
                  ... This is not true. ... This is not true. The transport(5) switch can override the default class-specific delivery mechanisms when the domain is not a
                  Message 8 of 14 , Feb 28, 2006
                  • 0 Attachment
                    On Tue, Feb 28, 2006 at 06:21:22PM +0100, mouss wrote:

                    > Beast a ?crit :
                    > > I would like to implement virtual users (user without system account)
                    > > and currently no plan to support virtual domains.
                    >
                    > you are confused. if you want virtual_mailbox_maps, then you need
                    > virtual_mailbox_domains.

                    This is not true.

                    > postfix won't try to deliver to a mailbox if the domain is not in the
                    > right class.
                    >

                    This is not true. The transport(5) switch can override the default
                    class-specific delivery mechanisms when the domain is not a virtual
                    alias domain (these latter domains MUST be rewritten).

                    --
                    Viktor.

                    Disclaimer: off-list followups get on-list replies or get ignored.
                    Please do not ignore the "Reply-To" header.

                    To unsubscribe from the postfix-users list, visit
                    http://www.postfix.org/lists.html or click the link below:
                    <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                    If my response solves your problem, the best way to thank me is to not
                    send an "it worked, thanks" follow-up. If you must respond, please put
                    "It worked, thanks" in the "Subject" so I can delete these quickly.
                  • mouss
                    ... Indeed. Now my understanding is that this isn t the situation here.
                    Message 9 of 14 , Feb 28, 2006
                    • 0 Attachment
                      Victor Duchovni a écrit :
                      >
                      > This is not true. The transport(5) switch can override the default
                      > class-specific delivery mechanisms when the domain is not a virtual
                      > alias domain (these latter domains MUST be rewritten).
                      >

                      Indeed. Now my understanding is that this isn't the situation here.
                    • Victor Duchovni
                      ... The user wants a mixture of real and virtual users in the same domain, this works (many ways of doing it). - Local domain with virtual exceptions via
                      Message 10 of 14 , Feb 28, 2006
                      • 0 Attachment
                        On Tue, Feb 28, 2006 at 07:26:29PM +0100, mouss wrote:

                        > Victor Duchovni a ?crit :
                        > >
                        > > This is not true. The transport(5) switch can override the default
                        > > class-specific delivery mechanisms when the domain is not a virtual
                        > > alias domain (these latter domains MUST be rewritten).
                        > >
                        >
                        > Indeed. Now my understanding is that this isn't the situation here.

                        The user wants a mixture of real and virtual users in the same domain,
                        this works (many ways of doing it).

                        - Local domain with virtual exceptions via transport(5) and
                        identity virtual(5) mappings

                        - Virtual mailbox domain with local exceptions via transport(5)
                        and identity virtual(5) mappings

                        - Helper local or virtual domain, with the real domain virtual
                        or local respectively. The exceptions are rewritten into the
                        helper domain.

                        I prefer the helper domain approach, it is simpler. Rejecting of
                        email directly address to the helper domains also can be supported
                        in a number of ways...

                        --
                        Viktor.

                        Disclaimer: off-list followups get on-list replies or get ignored.
                        Please do not ignore the "Reply-To" header.

                        To unsubscribe from the postfix-users list, visit
                        http://www.postfix.org/lists.html or click the link below:
                        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                        If my response solves your problem, the best way to thank me is to not
                        send an "it worked, thanks" follow-up. If you must respond, please put
                        "It worked, thanks" in the "Subject" so I can delete these quickly.
                      • Beast
                        ... Pardon my ignorance, but what should I do? (this is really a question :=) If IP is static, I can put in whitelist, but isn t that sender should wonder why
                        Message 11 of 14 , Feb 28, 2006
                        • 0 Attachment
                          mouss wrote:
                          > They ask for help and close their ears....
                          >
                          > ----------------
                          > <beast@...>: host dc.ldap.or.id[202.154.34.135] said: 554 Service
                          > unavailable; Client host [82.239.111.75] blocked using dnsbl.sorbs.net;
                          > Dynamic IP Addresses See:
                          > http://www.sorbs.net/lookup.shtml?82.239.111.75
                          > (in reply to RCPT TO command)
                          >

                          Pardon my ignorance, but what should I do?
                          (this is really a question :=)

                          If IP is static, I can put in whitelist, but isn't that sender should
                          wonder why sorbs.net is listing their IP?

                          --

                          --beast
                        • Keith Matthews
                          On Wed, 01 Mar 2006 13:23:42 +0700 ... As disusssed here on several occasions some blacklists assume that _all_ DSL addresses are dynamic (and hence are
                          Message 12 of 14 , Feb 28, 2006
                          • 0 Attachment
                            On Wed, 01 Mar 2006 13:23:42 +0700
                            Beast <beast@...> wrote:

                            > mouss wrote:
                            > > They ask for help and close their ears....
                            > >
                            > > ----------------
                            > > <beast@...>: host dc.ldap.or.id[202.154.34.135] said: 554
                            > > Service
                            > > unavailable; Client host [82.239.111.75] blocked using
                            > > dnsbl.sorbs.net; Dynamic IP Addresses See:
                            > > http://www.sorbs.net/lookup.shtml?82.239.111.75
                            > > (in reply to RCPT TO command)
                            > >
                            >
                            > Pardon my ignorance, but what should I do?
                            > (this is really a question :=)
                            >
                            > If IP is static, I can put in whitelist, but isn't that sender should
                            > wonder why sorbs.net is listing their IP?
                            >


                            As disusssed here on several occasions some blacklists assume that _all_
                            DSL addresses are dynamic (and hence are spammers). This ignores the
                            reality of what many ISPs are selling to their customers, especially
                            those that refuse to setup sensible reverse DNS pointers.

                            The only thing to do is not use sorbs. There is nothing else _you_ can
                            do (apart from whitelist the sender as you sugest).

                            --
                            Due to excessive spam as a result of archiving of this list I only
                            accept mail through the list server.
                          • mouss
                            ... you mean something like mydestination = localhost virtual_mailbox_domains = example.com virtual_alias_maps: # local users foo@example.com foo@localhost
                            Message 13 of 14 , Mar 1, 2006
                            • 0 Attachment
                              Victor Duchovni a écrit :
                              >
                              > The user wants a mixture of real and virtual users in the same domain,
                              > this works (many ways of doing it).
                              >
                              > - Local domain with virtual exceptions via transport(5) and
                              > identity virtual(5) mappings
                              >
                              > - Virtual mailbox domain with local exceptions via transport(5)
                              > and identity virtual(5) mappings
                              >
                              > - Helper local or virtual domain, with the real domain virtual
                              > or local respectively. The exceptions are rewritten into the
                              > helper domain.
                              >

                              you mean something like

                              mydestination = localhost
                              virtual_mailbox_domains = example.com

                              virtual_alias_maps:
                              # local users
                              foo@... foo@localhost
                              ...


                              > I prefer the helper domain approach, it is simpler. Rejecting of
                              > email directly address to the helper domains also can be supported
                              > in a number of ways...
                              >
                            • Matt Fretwell
                              On Wed, 01 Mar 2006 13:23:42 +0700 ... The point was more with regards the the blocklist you are using. Their listing criteria, (as has been mentioned many
                              Message 14 of 14 , Mar 1, 2006
                              • 0 Attachment
                                On Wed, 01 Mar 2006 13:23:42 +0700
                                Beast <beast@...> wrote:


                                > > <beast@...>: host dc.ldap.or.id[202.154.34.135] said:
                                > > 554 Service unavailable; Client host [82.239.111.75] blocked
                                > > using dnsbl.sorbs.net; Dynamic IP Addresses See:
                                > > http://www.sorbs.net/lookup.shtml?82.239.111.75
                                > > (in reply to RCPT TO command)
                                > >
                                >
                                > Pardon my ignorance, but what should I do?
                                > (this is really a question :=)
                                >
                                > If IP is static, I can put in whitelist, but isn't that sender
                                > should wonder why sorbs.net is listing their IP?


                                The point was more with regards the the blocklist you are
                                using. Their listing criteria, (as has been mentioned many times
                                on the list), is inconsistent and will probably end up with you
                                rejecting a noticable percentage of legitimate mail. Better to
                                only use blocklists that have stringent, and methodical,
                                listing criteria and checks. A sane delisting method usually
                                helps as well :)


                                Matt
                              Your message has been successfully submitted and would be delivered to recipients shortly.