Loading ...
Sorry, an error occurred while loading the content.

best way to only alias postmaster@ for local domains?

Expand Messages
  • Justin McAleer
    I m setting up a server that all of our customers will use for outbound mail. For domains that we host, it will send the messages to our internal servers, and
    Message 1 of 5 , Mar 1, 2007
    • 0 Attachment
      I'm setting up a server that all of our customers will use for outbound
      mail. For domains that we host, it will send the messages to our
      internal servers, and otherwise out to wherever the MX record points.
      The problem I'm dealing with is I want postmaster/abuse/root@<local
      domains> to all be redirected to a handler address. So, I have a pcre
      map included in the virtual alias maps like so:

      /^postmaster@/ postmaster-handler@...

      The problem is that virtual alias expansion is done to all recipients,
      not just those hosted by us, so we would end up intercepting messages to
      abuse@..., for example. What is the best way to only redirect mail
      to our domains? I'd like to avoid listing postmaster/abuse/root for the
      hungreds of domains we host, so I thought I'd ask for any other
      suggestions for a more static solution.

      While I'm asking stuff, I have clamsmtpd running on this server as a
      content filter, reinjecting back into Postfix. Could I only send the
      non-hosted mail through clamsmtpd, and just pass on hosted mail to the
      internal servers (they do AV scanning)?

      Thanks for any ideas!


      Here is postconf -n, just in case:

      alias_maps = hash:/etc/postfix/aliases
      anvil_rate_time_unit = 60s
      bounce_queue_lifetime = 3h
      bounce_size_limit = 1
      broken_sasl_auth_clients = yes
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      content_filter = smtp-clam:[127.0.0.1]:10024
      daemon_directory = /usr/libexec/postfix
      debug_peer_level = 2
      default_delivery_slot_cost = 2
      default_destination_concurrency_limit = 15
      header_checks = pcre:/etc/postfix/maps/pre_filter_header_checks.pcre
      mail_owner = postfix
      mailbox_command = /usr/bin/procmail -d "$USER"
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/local/man
      maximal_backoff_time = 600s
      maximal_queue_lifetime = 3d
      message_size_limit = 15728640
      minimal_backoff_time = 300s
      mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, train.neonova.net
      mydomain = $myhostname
      mynetworks = 137.118.16.6 137.118.16.7
      newaliases_path = /usr/bin/newaliases
      queue_directory = /var/spool/postfix
      queue_minfree = 104857600
      queue_run_delay = 180s
      relay_domains = $mydestination
      sendmail_path = /usr/sbin/sendmail
      setgid_group = postdrop
      smtpd_client_connection_count_limit = 2
      smtpd_client_connection_rate_limit = 30
      smtpd_client_message_rate_limit = 60
      smtpd_client_recipient_rate_limit = 120
      smtpd_client_restrictions = check_client_access cdb:/etc/postfix/maps/client_restrictions
      smtpd_data_restrictions = reject_unauth_pipelining reject_multi_recipient_bounce
      smtpd_delay_reject = yes
      smtpd_discard_ehlo_keywords = pipelining
      smtpd_error_sleep_time = 1
      smtpd_hard_error_limit = 8
      smtpd_helo_required = yes
      smtpd_helo_restrictions = reject_invalid_helo_hostname check_helo_access cdb:/etc/postfix/maps/helo_restrictions
      smtpd_junk_command_limit = 5
      smtpd_peername_lookup = yes
      smtpd_recipient_limit = 200
      smtpd_recipient_restrictions = reject_non_fqdn_recipient permit_mynetworks permit_sasl_authenticated check_client_access cdb:/etc/postfix/maps/client_restrictions check_client_access cidr:/etc/postfix/maps/relay_ips.cidr reject_unauth_destination check_recipient_access cdb:/etc/postfix/maps/recipient_exceptions reject
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_path = private/auth
      smtpd_sasl_type = dovecot
      smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access cdb:/etc/postfix/maps/sender_exceptions reject_unlisted_sender
      smtpd_soft_error_limit = 5
      smtpd_timeout = 10
      strict_rfc821_envelopes = yes
      unknown_local_recipient_reject_code = 550
      virtual_alias_domains = cdb:/etc/postfix/maps/aliasonly_domains cdb:/etc/postfix/maps/dropbox_domains cdb:/etc/postfix/maps/domalias_domains
      virtual_alias_maps = pcre:/etc/postfix/maps/role_accounts proxy:mysql:/etc/postfix/maps/mysql-aliasonly.cf proxy:mysql:/etc/postfix/maps/mysql-dropbox.cf proxy:mysql:/etc/postfix/maps/mysql-domalias.cf
      virtual_mailbox_domains = cdb:/etc/postfix/maps/real_domains
      virtual_mailbox_maps = proxy:mysql:/etc/postfix/maps/mysql-mailboxes.cf
      virtual_transport = smtp-in:[relay-v.neonova.net]
    • Noel Jones
      ... For real local domains (equal to $myorigin, listed in mydestination, or [my.ip.num.ber]), you can use a bare username in virtual_alias_maps. see
      Message 2 of 5 , Mar 1, 2007
      • 0 Attachment
        At 10:17 AM 3/1/2007, Justin McAleer wrote:
        >I'm setting up a server that all of our customers will use for
        >outbound mail. For domains that we host, it will send the messages
        >to our internal servers, and otherwise out to wherever the MX record
        >points. The problem I'm dealing with is I want
        >postmaster/abuse/root@<local domains> to all be redirected to a
        >handler address. So, I have a pcre map included in the virtual alias
        >maps like so:
        >
        >/^postmaster@/ postmaster-handler@...

        For real local domains (equal to $myorigin, listed in
        mydestination, or [my.ip.num.ber]), you can use a bare username in
        virtual_alias_maps. see virtual(5)
        postmaster real-postmaster@...

        For other domains the best idea is a scripted update that takes a
        list of the domains and generates postmaster@...,
        abuse@... etc. addresses to a virtual_alias_maps hash file.

        --
        Noel Jones
      • mouss
        ... as Noel said, use a script. alternatively use mysql or so, when you can write the query to do what you want. ... you need multiple instances: in the
        Message 3 of 5 , Mar 1, 2007
        • 0 Attachment
          Justin McAleer wrote:
          > I'm setting up a server that all of our customers will use for
          > outbound mail. For domains that we host, it will send the messages to
          > our internal servers, and otherwise out to wherever the MX record
          > points. The problem I'm dealing with is I want
          > postmaster/abuse/root@<local domains> to all be redirected to a
          > handler address. So, I have a pcre map included in the virtual alias
          > maps like so:
          >
          > /^postmaster@/ postmaster-handler@...
          >
          > The problem is that virtual alias expansion is done to all recipients,
          > not just those hosted by us, so we would end up intercepting messages
          > to abuse@..., for example. What is the best way to only redirect
          > mail to our domains? I'd like to avoid listing postmaster/abuse/root
          > for the hungreds of domains we host, so I thought I'd ask for any
          > other suggestions for a more static solution.
          >

          as Noel said, use a script. alternatively use mysql or so, when you can
          write the query to do what you want.

          > While I'm asking stuff, I have clamsmtpd running on this server as a
          > content filter, reinjecting back into Postfix. Could I only send the
          > non-hosted mail through clamsmtpd, and just pass on hosted mail to the
          > internal servers (they do AV scanning)?
          >
          you need multiple instances: in the instance before the filter, use
          transport_maps instead of content_filter to send mail to the filter for
          the hosted domains, and to the second instance for other mail.

          multiple instances are needed because transports are global within an
          instance (multiple instances mean running postfix multiple times, not
          adding multiple lines to a single master.cf...).


          Note that using FILTER isn't reliable because only one content_filter is
          used, even if there are multiple recipients.

          you can even use 3 instances here, where one instance gets mail from
          clamsmtpd and only handles your hosted domains. In this instance, you
          can use your aliases without a script.
        • Justin McAleer
          ... It s the other way around; I want to send mail destined for the Internet to the filter. I tried having the virtual_transport set to the internal server,
          Message 4 of 5 , Mar 2, 2007
          • 0 Attachment
            mouss wrote:
            > Justin McAleer wrote:
            >
            >> While I'm asking stuff, I have clamsmtpd running on this server as a
            >> content filter, reinjecting back into Postfix. Could I only send the
            >> non-hosted mail through clamsmtpd, and just pass on hosted mail to
            >> the internal servers (they do AV scanning)?
            >>
            > you need multiple instances: in the instance before the filter, use
            > transport_maps instead of content_filter to send mail to the filter
            > for the hosted domains, and to the second instance for other mail.
            >
            It's the other way around; I want to send mail destined for the Internet
            to the filter. I tried having the virtual_transport set to the internal
            server, and the default_transport set to the filter (overriding that in
            master.cf). But, I learned you can't override the default_transport
            option in master.cf, as you say below, so mail just looped.
            > multiple instances are needed because transports are global within an
            > instance (multiple instances mean running postfix multiple times, not
            > adding multiple lines to a single master.cf...).
            >
            >
            > Note that using FILTER isn't reliable because only one content_filter
            > is used, even if there are multiple recipients.
            >
            > you can even use 3 instances here, where one instance gets mail from
            > clamsmtpd and only handles your hosted domains. In this instance, you
            > can use your aliases without a script.
            >
            >
          • mouss
            ... so you filter mail sent to the internet but not mail sent to your domains? that s surprising, but why not... just swap the choices in my post. ... first,
            Message 5 of 5 , Mar 2, 2007
            • 0 Attachment
              Justin McAleer wrote:
              > mouss wrote:
              >> Justin McAleer wrote:
              >>
              >>> While I'm asking stuff, I have clamsmtpd running on this server as a
              >>> content filter, reinjecting back into Postfix. Could I only send the
              >>> non-hosted mail through clamsmtpd, and just pass on hosted mail to
              >>> the internal servers (they do AV scanning)?
              >>>
              >> you need multiple instances: in the instance before the filter, use
              >> transport_maps instead of content_filter to send mail to the filter
              >> for the hosted domains, and to the second instance for other mail.
              >>
              > It's the other way around; I want to send mail destined for the
              > Internet to the filter.

              so you filter mail sent to the internet but not mail sent to your
              domains? that's surprising, but why not... just "swap" the choices in my
              post.

              > I tried having the virtual_transport set to the internal server, and
              > the default_transport set to the filter (overriding that in
              > master.cf). But, I learned you can't override the default_transport
              > option in master.cf, as you say below, so mail just looped.

              first, forget about virtual_transport. second, take the time to read the
              rest: in particular, the part that says this:
              >> multiple instances are needed because transports are global within an
              >> instance (multiple instances mean running postfix multiple times, not
              >> adding multiple lines to a single master.cf...).
            Your message has been successfully submitted and would be delivered to recipients shortly.