Loading ...
Sorry, an error occurred while loading the content.
 

Question on virtual domains

Expand Messages
  • Chris Zimmerman
    Pardon me if this has been asked before: I have several virtual domains setup using the virtual readme on the Postfix ... My question is this: how can I
    Message 1 of 15 , Oct 31, 2007
      Pardon me if this has been asked before:

      I have several virtual domains setup using the virtual readme on the Postfix site.  I followed these instructions:

      Non-Postfix mailbox store: separate domains, non-UNIX accounts

      This is a variation on the Postfix virtual mailbox example. Again, every hosted address can have its own mailbox.

      While non-Postfix software is being used for final delivery, some Postfix concepts are still needed in order to glue everything together. For additional background on this glue you may want to take a look at the virtual mailbox domain class as defined in the ADDRESS_CLASS_README file.

      The text in this section describes what things should look like from Postfix's point of view. See CYRUS_README or MAILDROP_README for specific information about Cyrus or about Courier maildrop.

      Here is an example for a hosted domain example.com that delivers to a non-Postfix delivery agent:

       1 /etc/postfix/main.cf:
      2 virtual_transport = ...see below...
      3 virtual_mailbox_domains = example.com ...more domains...
      4 virtual_mailbox_maps = hash:/etc/postfix/vmailbox
      5 virtual_alias_maps = hash:/etc/postfix/virtual
      6
      7 /etc/postfix/vmailbox:
      8 info@... whatever
      9 sales@... whatever
      10 # Comment out the entry below to implement a catch-all.
      11 # Configure the mailbox store to accept all addresses.
      12 # @example.com whatever
      13 ...virtual mailboxes for more domains...
      14
      15 /etc/postfix/virtual:
      16 postmaster@... postmaster

      My question is this: how can I deliver mail to a virtual user and an external address?  In the above example, info@... routes to the vmail directory, but I also need to route that mail to someone@... at the same time.  Is there a way to do this?


    • Magnus Bäck
      On Wednesday, October 31, 2007 at 22:43 CET, ... Use a virtual alias: info@example.com info@example.com, otheraddress@example.net -- Magnus Bäck
      Message 2 of 15 , Oct 31, 2007
        On Wednesday, October 31, 2007 at 22:43 CET,
        Chris Zimmerman <czimmer@...> wrote:

        > My question is this: how can I deliver mail to a virtual user and an
        > external address? In the above example, info@... routes to
        > the vmail directory, but I also need to route that mail to
        > someone@... the same time. Is there a way to do this?

        Use a virtual alias:

        info@... info@..., otheraddress@...

        --
        Magnus Bäck
        magnus@...
      • Javier Togra A.
        Hello. I migrated linux users of /etc/passwd to an ldap directory using the ldap migration tools. It is ok. The base ldif file is: ======= dn:
        Message 3 of 15 , Oct 31, 2007

          Hello.

           

          I migrated linux users of /etc/passwd to an ldap directory using the ldap migration tools. It is ok.

          The base ldif file is:

          =======

          dn: dc=dominio,dc=com

          dc: dominio

          objectClass: top

          objectClass: domain

           

          dn: ou=People,dc=dominio,dc=com

          ou: People

          objectClass: top

          objectClass: organizationalUnit

           

          dn: ou=Group,dc=dominio,dc=com

          ou: Group

          objectClass: top

          objectClass: organizationalUnit

           

          The users ldif file is similar to:

          ==

          dn: uid=ldap,ou=People,dc=dominio,dc=com

          uid: ldap

          cn: LDAP User

          objectClass: account

          objectClass: posixAccount

          objectClass: top

          objectClass: shadowAccount

          userPassword: {crypt}!!

          shadowLastChange: 13756

          loginShell: /bin/false

          uidNumber: 55

          gidNumber: 55

          homeDirectory: /var/lib/ldap

          gecos: LDAP User

           

          Tunning nss-ldap, this works fine to authenticate unix users and pop accounts. But postfix doesn´t recognize the users and reject messages.

           

          Oct 31 15:32:28 master postfix/smtpd[27957]: NOQUEUE: reject: RCPT from seginfo.net[198.65.234.170]: 550 5.1.1 <togrita3@...>: Recipient address rejected: User unknown in local recipient table; from=<jtogra@...> to=<togrita3@...> proto=ESMTP helo=<seginfo.net>

           

          Main.cf config is like this:

          alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf

           

          Please guide me, to solve this problem.

           

          Javier Togra A.

        • Magnus Bäck
          To start a new topic on a mailing list, do not reply to an old message in an unrelated thread. This means, choose Compose or New message or whatever it s
          Message 4 of 15 , Oct 31, 2007
            To start a new topic on a mailing list, do not reply to an old message
            in an unrelated thread. This means, choose "Compose" or "New message" or
            whatever it's called in your email client. Do not choose "Reply".

            On Wednesday, October 31, 2007 at 23:03 CET,
            "Javier Togra A." <jtogra@...> wrote:

            > I migrated linux users of /etc/passwd to an ldap directory using the ldap
            > migration tools. It is ok.

            [...]

            > Tunning nss-ldap, this works fine to authenticate unix users and pop
            > accounts. But postfix doesn´t recognize the users and reject messages.

            > Oct 31 15:32:28 master postfix/smtpd[27957]: NOQUEUE: reject: RCPT from
            > seginfo.net[198.65.234.170]: 550 5.1.1 <togrita3@...>: Recipient
            > address rejected: User unknown in local recipient table;
            > from=<jtogra@...> to=<togrita3@...> proto=ESMTP
            > helo=<seginfo.net>

            Show the output of the following commands (making the obvious username
            substitution):

            getent passwd valid-username
            postmap -q valid-username unix:passwd.byname

            > Main.cf config is like this:
            >
            > alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf

            Full "postconf -n", please.

            --
            Magnus Bäck
            magnus@...
          • Javier Togra A.
            ... [root@master ~]# getent passwd eacebo eacebo:x:543:543::/home/eacebo:/bin/false [root@master ~]# postmap -q eacebo unix:passwd.byname
            Message 5 of 15 , Oct 31, 2007
              Sorry Magnus:

              >Show the output of the following commands (making the obvious username
              >substitution):

              >getent passwd valid-username
              >postmap -q valid-username unix:passwd.byname

              [root@master ~]# getent passwd eacebo
              eacebo:x:543:543::/home/eacebo:/bin/false
              [root@master ~]# postmap -q eacebo unix:passwd.byname
              eacebo:x:543:543::/home/eacebo:/bin/false

              > Main.cf config is like this:
              ==========

              alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
              bounce_size_limit = 500000
              broken_sasl_auth_clients = yes
              command_directory = /usr/sbin
              config_directory = /etc/postfix
              daemon_directory = /usr/libexec/postfix
              debug_peer_level = 2
              html_directory = no
              inet_interfaces = all
              local_recipient_maps = unix:passwd.byname $alias_maps
              mail_owner = postfix
              mailbox_size_limit = 3071200000
              mailq_path = /usr/bin/mailq.postfix
              manpage_directory = /usr/share/man
              message_size_limit = 30400000
              mydestination = $myhostname, $mydomain, localhost
              mydomain = dominio.com
              myhostname = mail.dominio.com
              mynetworks = $config_directory/mail-externo
              mynetworks_style = subnet
              myorigin = $mydomain
              newaliases_path = /usr/bin/newaliases.postfix
              queue_directory = /var/spool/postfix
              readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
              sample_directory = /usr/share/doc/postfix-2.3.3/samples
              sendmail_path = /usr/sbin/sendmail.postfix
              setgid_group = postdrop
              smtpd_banner = $myhostname ESMTP
              smtpd_client_restrictions = permit_mynetworks
              smtpd_delay_reject = yes
              smtpd_helo_required = yes
              smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
              smtpd_recipient_restrictions = permit_mynetworks,
              permit_sasl_authenticated, reject_unknown_sender_domain,
              reject_unauth_destination, reject_unauth_pipelining,
              reject_non_fqdn_recipient,
              smtpd_sasl_auth_enable = yes
              smtpd_sasl_local_domain = $myhostname
              smtpd_sasl_security_options = noanonymous
              smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated,
              reject_unknown_sender_domain
              unknown_local_recipient_reject_code = 550
              virtual_alias_domains = ambiente.com
              virtual_alias_maps = hash:/etc/postfix/virtual
              =======

              Javier Togra
            • Reinaldo Carvalho
              ... you can have problems with SPF. -- Reinaldo Carvalho
              Message 6 of 15 , Oct 31, 2007
                >
                > My question is this: how can I deliver mail to a virtual user and an
                > external address? In the above example, info@... routes to the
                > vmail directory, but I also need to route that mail to someone@...
                > at the same time. Is there a way to do this?
                >
                >
                >

                you can have problems with SPF.

                --
                Reinaldo Carvalho
              • Chris Zimmerman
                This won t create a loop? So, if I have an entry in my vmailbox file such as: info@example.com /var/spool/vmail/example.com/info/ AND an entry in the
                Message 7 of 15 , Oct 31, 2007
                  This won't create a loop?  So, if I have an entry in my vmailbox file such as:

                  info@...   /var/spool/vmail/example.com/info/

                  AND

                  an entry in the virtual file that has:

                  info@...   info@..., another@...

                  that it won't loop on info@...?

                  Thanks!

                  On 10/31/07, Magnus Bäck <magnus@...> wrote:
                  On Wednesday, October 31, 2007 at 22:43 CET,
                       Chris Zimmerman <czimmer@...> wrote:

                  > My question is this: how can I deliver mail to a virtual user and an
                  > external address?  In the above example, info@... routes to
                  > the vmail directory, but I also need to route that mail to
                  > someone@... the same time.  Is there a way to do this?

                  Use a virtual alias:

                  info@...        info@..., otheraddress@...

                  --
                  Magnus Bäck
                  magnus@...

                • Magnus Bäck
                  On Thursday, November 01, 2007 at 03:07 CET, ... No. -- Magnus Bäck magnus@dsek.lth.se
                  Message 8 of 15 , Oct 31, 2007
                    On Thursday, November 01, 2007 at 03:07 CET,
                    Chris Zimmerman <czimmer@...> wrote:

                    > > Use a virtual alias:
                    > >
                    > > info@... info@..., otheraddress@...
                    >
                    > This won't create a loop?

                    No.

                    --
                    Magnus Bäck
                    magnus@...
                  • Magnus Bäck
                    On Wednesday, October 31, 2007 at 23:24 CET, ... Okay, looks good. [...] ... Also looks good. But a message to the eacebo user will be rejected, yes? Are you
                    Message 9 of 15 , Oct 31, 2007
                      On Wednesday, October 31, 2007 at 23:24 CET,
                      "Javier Togra A." <jtogra@...> wrote:

                      > Sorry Magnus:
                      >
                      > > Show the output of the following commands (making the obvious username
                      > > substitution):
                      > >
                      > > getent passwd valid-username
                      > > postmap -q valid-username unix:passwd.byname
                      >
                      > [root@master ~]# getent passwd eacebo
                      > eacebo:x:543:543::/home/eacebo:/bin/false
                      > [root@master ~]# postmap -q eacebo unix:passwd.byname
                      > eacebo:x:543:543::/home/eacebo:/bin/false

                      Okay, looks good.

                      [...]

                      > local_recipient_maps = unix:passwd.byname $alias_maps

                      Also looks good. But a message to the eacebo user will be rejected, yes?
                      Are you running smtpd(8) chrooted?

                      [...]

                      --
                      Magnus Bäck
                      magnus@...
                    • mouss
                      ... As Magnus said, there is no loop here. the result of an alias is not expanded if it matches the lookup key. so info@example.com will not be expanded again.
                      Message 10 of 15 , Nov 1, 2007
                        Chris Zimmerman wrote:
                        > This won't create a loop? So, if I have an entry in my vmailbox file such
                        > as:
                        >
                        > info@... /var/spool/vmail/example.com/info/
                        >
                        > AND
                        >
                        > an entry in the virtual file that has:
                        >
                        > info@... info@..., another@...
                        >
                        > that it won't loop on info@...?
                        >


                        As Magnus said, there is no loop here. the result of an alias is not
                        expanded if it matches the lookup key. so info@... will not be
                        expanded again.
                      • Javier Togra A.
                        ... Also looks good. But a message to the eacebo user will be rejected, yes? Are you running smtpd(8) chrooted? [...] Yes postfix is chrooted. Currently
                        Message 11 of 15 , Nov 1, 2007

                           

                          > local_recipient_maps = unix:passwd.byname $alias_maps

                           

                          Also looks good. But a message to the eacebo user will be rejected, yes?

                          Are you running smtpd(8) chrooted?

                          [...]

                          Yes postfix is chrooted.

                          Currently postfix is working fine for unix users.

                           

                          When I try to send mail to an ldapuser togrita3 the ldap log says:

                          ====

                          Nov  1 10:08:48 master slapd[32624]: conn=11177 op=38 SRCH base="dc=domino,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=togrita3@...))"

                          Nov  1 10:08:48 master slapd[32624]: conn=11177 op=38 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass

                          Nov  1 10:08:48 master slapd[32624]: conn=11177 op=38 SEARCH RESULT tag=101 err=0 nentries=0 text=

                          Nov  1 10:08:48 master slapd[32624]: conn=11178 op=38 SRCH base="dc=domino,dc=com" scope=2 deref=0 filter="(uid=togrita3@...)"

                          Nov  1 10:08:48 master slapd[32624]: conn=11178 op=38 SRCH attr=uid

                          Nov  1 10:08:48 master slapd[32624]: conn=11178 op=38 SEARCH RESULT tag=101 err=0 nentries=0 text=

                          Nov  1 10:08:48 master slapd[32624]: conn=11177 op=39 SRCH base="dc=domino,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=togrita3))"

                          Nov  1 10:08:48 master slapd[32624]: conn=11177 op=39 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass

                          Nov  1 10:08:48 master slapd[32624]: conn=11177 op=39 SEARCH RESULT tag=101 err=0 nentries=0 text=

                          Nov  1 10:08:48 master slapd[32624]: conn=11178 op=39 SRCH base="dc=domino,dc=com" scope=2 deref=0 filter="(uid=togrita3)"

                          Nov  1 10:08:48 master slapd[32624]: conn=11178 op=39 SRCH attr=uid

                          Nov  1 10:08:48 master slapd[32624]: conn=11178 op=39 SEARCH RESULT tag=101 err=0 nentries=0 text=

                           

                          --

                          Magnus Bäck

                          magnus@...

                           

                          __________ Información de NOD32, revisión 2632 (20071101) __________

                           

                          Este mensaje ha sido analizado con NOD32 antivirus system

                          http://www.nod32.com

                           

                        • Magnus Bäck
                          On Thursday, November 01, 2007 at 16:17 CET, ... And the obvious follow-up question is of course, does local deliveries work if you take smtpd(8) out of the
                          Message 12 of 15 , Nov 1, 2007
                            On Thursday, November 01, 2007 at 16:17 CET,
                            "Javier Togra A." <jtogra@...> wrote:

                            > > Are you running smtpd(8) chrooted?
                            >
                            > Yes postfix is chrooted.

                            And the obvious follow-up question is of course, does local deliveries
                            work if you take smtpd(8) out of the jail?

                            [...]

                            --
                            Magnus Bäck
                            magnus@...
                          • Victor Duchovni
                            ... Note, chroot requires: local_recipient_maps = proxy:unix:passwd.byname ... NOT local_recipient_maps = proxy:unix:passwd.byname ... The default value for
                            Message 13 of 15 , Nov 1, 2007
                              On Thu, Nov 01, 2007 at 09:29:03PM +0100, Magnus B?ck wrote:

                              > On Thursday, November 01, 2007 at 16:17 CET,
                              > "Javier Togra A." <jtogra@...> wrote:
                              >
                              > > > Are you running smtpd(8) chrooted?
                              > >
                              > > Yes postfix is chrooted.
                              >
                              > And the obvious follow-up question is of course, does local deliveries
                              > work if you take smtpd(8) out of the jail?

                              Note, chroot requires:

                              local_recipient_maps = proxy:unix:passwd.byname ...

                              NOT

                              local_recipient_maps = proxy:unix:passwd.byname ...

                              The default value for Postfix 2.x is:

                              local_recipient_maps = proxy:unix:passwd.byname $alias_maps

                              --
                              Viktor.

                              Disclaimer: off-list followups get on-list replies or get ignored.
                              Please do not ignore the "Reply-To" header.

                              To unsubscribe from the postfix-users list, visit
                              http://www.postfix.org/lists.html or click the link below:
                              <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                              If my response solves your problem, the best way to thank me is to not
                              send an "it worked, thanks" follow-up. If you must respond, please put
                              "It worked, thanks" in the "Subject" so I can delete these quickly.
                            • Bill Weiss
                              ... Victor, I m sorry, but I m just not seeing the difference there. Could you clarify? -- Bill Weiss
                              Message 14 of 15 , Nov 1, 2007
                                Victor Duchovni(Victor.Duchovni@...)@Thu, Nov 01, 2007 at 04:54:43PM -0400:
                                > On Thu, Nov 01, 2007 at 09:29:03PM +0100, Magnus B?ck wrote:
                                >
                                > > On Thursday, November 01, 2007 at 16:17 CET,
                                > > "Javier Togra A." <jtogra@...> wrote:
                                > >
                                > > > > Are you running smtpd(8) chrooted?
                                > > >
                                > > > Yes postfix is chrooted.
                                > >
                                > > And the obvious follow-up question is of course, does local deliveries
                                > > work if you take smtpd(8) out of the jail?
                                >
                                > Note, chroot requires:
                                >
                                > local_recipient_maps = proxy:unix:passwd.byname ...
                                >
                                > NOT
                                >
                                > local_recipient_maps = proxy:unix:passwd.byname ...

                                Victor,

                                I'm sorry, but I'm just not seeing the difference there. Could you
                                clarify?

                                --
                                Bill Weiss
                              • Victor Duchovni
                                ... The first was supposed to not have a proxy: prefix, which IIRC matches the reported settings. -- Viktor. Disclaimer: off-list followups get on-list
                                Message 15 of 15 , Nov 1, 2007
                                  On Thu, Nov 01, 2007 at 03:36:43PM -0600, Bill Weiss wrote:

                                  > Victor Duchovni(Victor.Duchovni@...)@Thu, Nov 01, 2007 at 04:54:43PM -0400:
                                  > > On Thu, Nov 01, 2007 at 09:29:03PM +0100, Magnus B?ck wrote:
                                  > >
                                  > > > On Thursday, November 01, 2007 at 16:17 CET,
                                  > > > "Javier Togra A." <jtogra@...> wrote:
                                  > > >
                                  > > > > > Are you running smtpd(8) chrooted?
                                  > > > >
                                  > > > > Yes postfix is chrooted.
                                  > > >
                                  > > > And the obvious follow-up question is of course, does local deliveries
                                  > > > work if you take smtpd(8) out of the jail?
                                  > >
                                  > > Note, chroot requires:
                                  > >
                                  > > local_recipient_maps = proxy:unix:passwd.byname ...
                                  > >
                                  > > NOT
                                  > >
                                  > > local_recipient_maps = proxy:unix:passwd.byname ...
                                  >
                                  > Victor,
                                  >
                                  > I'm sorry, but I'm just not seeing the difference there. Could you
                                  > clarify?

                                  The first was supposed to not have a "proxy:" prefix, which IIRC matches
                                  the reported settings.

                                  --
                                  Viktor.

                                  Disclaimer: off-list followups get on-list replies or get ignored.
                                  Please do not ignore the "Reply-To" header.

                                  To unsubscribe from the postfix-users list, visit
                                  http://www.postfix.org/lists.html or click the link below:
                                  <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                                  If my response solves your problem, the best way to thank me is to not
                                  send an "it worked, thanks" follow-up. If you must respond, please put
                                  "It worked, thanks" in the "Subject" so I can delete these quickly.
                                Your message has been successfully submitted and would be delivered to recipients shortly.