Loading ...
Sorry, an error occurred while loading the content.

Getting + addresses through relay_recipient_maps

Expand Messages
  • Mark Sutton
    Hello Postfix Users! I recently updated our email systems to handle our incoming email as follows: INTERNET ... Email Filter (Postfix - content filter
    Message 1 of 1 , Aug 1, 2008
    • 0 Attachment
      Hello Postfix Users!

      I recently updated our email systems to handle our incoming email as
      follows:

      INTERNET
      |
      Email Filter (Postfix -> content filter (Amavis) -> Postfix)
      |
      Email Storage (Postfix/Maildrop) <--- IMAP/POP access

      All accounts and aliasing is stored within a MySQL database and we
      wrote a script to expand all valid domains, aliases etc into flat
      files for performance and reliability.

      On the email filter server, the first (public interface) instance is
      configured with the following:

      relay_domains = hash:/etc/postfix/mexp/relay_domains
      relay_recipient_maps = hash:/etc/postfix/mexp/rcpt_access_map [same
      content as virtual_alias_maps on email storage server)
      smtpd_recipient_restrictions = reject_unauth_pipelining,
      reject_non_fqdn_recipient,
      reject_unknown_recipient_domain,
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_unauth_destination,
      check_sender_access hash:/etc/postfix/mexp/content_filter_bypass,
      check_policy_service unix:private/policy,
      check_sender_access hash:/etc/postfix/mexp/sender_access_map,
      reject_rbl_client list.dsbl.org,
      reject_rbl_client sbl-xbl.spamhaus.org,
      permit
      transport_maps = hash:/etc/postfix/mexp/transport_map

      The second (post-content-filter interface) instance is configured in
      master.cf as so:

      127.0.0.1:10025 inet n - n - - smtpd
      -o content_filter=
      -o smtpd_delay_reject=no
      -o smtpd_client_restrictions=permit_mynetworks,reject
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o smtpd_data_restrictions=reject_unauth_pipelining
      -o smtpd_end_of_data_restrictions=
      -o smtpd_restriction_classes=
      -o mynetworks=127.0.0.0/8
      -o myhostname=cleanmail.xxxxx
      -o smtpd_error_sleep_time=0
      -o smtpd_soft_error_limit=1001
      -o smtpd_hard_error_limit=1000
      -o smtpd_client_connection_count_limit=0
      -o smtpd_client_connection_rate_limit=0
      -o
      receive_override_options
      =no_header_body_checks,no_unknown_recipient_checks,no_milters
      -o local_header_rewrite_clients=
      -o transport_maps=hash:/etc/postfix/mexp/transport_map
      -o syslog_name=postfix-clean

      The email storage server on the back end is configured as so:

      virtual_alias_domains = hash:/etc/postfix/mexp/virtual_alias_domains
      virtual_alias_maps = hash:/etc/postfix/mexp/virtual_alias_map
      smtpd_recipient_restrictions = permit_sasl_authenticated,
      permit_mynetworks,
      reject_unauth_destination,
      reject_non_fqdn_hostname,
      reject_invalid_hostname,
      check_client_access hash:/etc/postfix/access,
      check_helo_access hash:/etc/postfix/access,
      check_sender_access hash:/etc/postfix/access,
      check_recipient_access hash:/etc/postfix/rejected_recipients,
      reject_unauth_pipelining,
      reject_non_fqdn_sender,
      reject_unknown_sender_domain,
      reject_non_fqdn_recipient,
      reject_unknown_recipient_domain

      The problem is that while the backend email storage server is happy to
      deliver 'user+whatever@...' to the same place as
      'user@...', the email filter server rejects such email because
      the address is not present in the relay_recipient_map.

      I am wondering whether I am missing something here - is there a way to
      make 'user+whatever' work nicely with relay_recipient_map on the
      filtering server? Is there a reason why it shouldn't follow the same
      rationale as virtual_alias_maps in resolving a recipient alias?

      I hope someone has the answer :) Thanks in advance to anyone who can
      clear this up for me.

      Best Regards,

      Mark Sutton
      Fubra Limited
    Your message has been successfully submitted and would be delivered to recipients shortly.