Re: Virtual domains
- On Tue, 01 Jun 2010, curtis@... wrote:
> > On Tue, 01 Jun 2010, curtis@... wrote:At first glance, I notice you redefine several parameters to their
> > [ .. ]
> >> At Victor's urging, this afternoon, I enabled the
> >> relay_recipient_maps and that solved the rejecting unknown before
> >> the handoff to the amavisd-new, but broke the domains that I need
> >> to forward all mail for.
> > Explain what you mean by 'broke', and make sure to include related log
> > excerpts. Please also include the output of 'postconf -n' in your next
> > response.
> What I meant was that the system started rejecting unknown recipients
> (that's good.) however all mail that all I do is filter and relay started
> getting rejected as unknown recipients (that's bad.)
> postconf -n follows.
default value. Why? I'll point out just a few of them below.
> access_map_reject_code = 554This is default.
> bounce_queue_lifetime = 0Are you sure about this?
> defer_code = 550Why?
> local_recipient_maps = mysql:/etc/postfix/sql-recipients.cfHm?
> local_transport = no local mail delivery
> mail_owner = postfixAgain, default.
> relay_recipient_maps =Why is this empty? As per ADDRESS_CLASS_README: "If this parameter
value is empty, the Postfix SMTP server accepts all recipients for
domains listed with the relay_domains parameter."
Sahil Tandon <sahil@...>
> On Tue, 01 Jun 2010, curtis@... wrote:Probably not a good idea, but I was stabbing at things without really
>> postconf -n follows.
> At first glance, I notice you redefine several parameters to their
> default value. Why? I'll point out just a few of them below.
>> access_map_reject_code = 554
> This is default.
>> bounce_queue_lifetime = 0
> Are you sure about this?
understanding them. I was working from readme's and examples. the postfix
book that I have is good, but incomplete when it comes to virtual domains
and wasn't any help in what I wanted to do. I'll look at the
bounce_queue_lifetime and set it to something appropriate.
>Why not? I'll look more at the docs.
>> defer_code = 550
>Again, I was stabbing at things, here trying to get the system to reject
>> local_recipient_maps = mysql:/etc/postfix/sql-recipients.cf
>> local_transport = no local mail delivery
>> mail_owner = postfix
where it wasn't rejecting. The fact is there is no local transport.
There are no local accounts. Everything is handled by dbmail. I will set
that up, its simple enough. Thanks for pointing that out.
>Well, when I filled this in, that's when it broke things the mail relay.
> Again, default.
>> relay_recipient_maps =
> Why is this empty? As per ADDRESS_CLASS_README: "If this parameter
> value is empty, the Postfix SMTP server accepts all recipients for
> domains listed with the relay_domains parameter."
>Sahil, thank you for your help. As near as I can tell, what I need to do
> Sahil Tandon <sahil@...>
is set up two areas.
for hosted domains:
for relay domains:
- On 2010-06-02 8:21 AM, curtis@... wrote:
> Probably not a good idea, but I was stabbing at things withoutThe general rule is, use the default setting unless you fully understand
> really understanding them. I was working from readme's and examples.
> the postfix book that I have is good, but incomplete when it comes to
> virtual domains and wasn't any help in what I wanted to do. I'll
> look at the bounce_queue_lifetime and set it to something
what it does and why you need to change it.
In other words, only change the bare minimum to get your install working
properly, then as you understand different aspects (especially for UCE
control), slowly start introducing changes, but again, only when you
understand what it is you are changing and why.
- On Tue, Jun 01, 2010 at 08:48:27PM -0400, curtis@... wrote:
> I have several domains that I have non-unix mailboxes (they areNo, don't do that. This will cause you to be a backscatter spammer.
> stored by sql using an alternative lmtp daemon after running them
> through amavisd-new. This works under the current configuration,
> but I'm not bouncing anything until after it goes through
> amavisd-new and I'd like to reject incoming mail for unknown
> recipients before being sent to amavisd-new. amavisd-new is a
> massive resource hog and the less that I have to send to it for
> processing, the better.
> I have a couple of domains that I need to forward all mail since
> they are sent to an exchange server.
There's no valid business model for that. They're surely not paying
you enough to cover the costs of being treated like a spammer!
> There's a proxy thing that IIt's trivial, and it's a FAQ on this list. The answer is to use
> can do to check those, but that's another topic.
reject_unverified_recipient for those domains.
> For now suffice it to say that for these few domains, I need toSpam is wrong, however valid you might think your reasons are.
> filter and forward all mail destined for them.
> I've been using the transport maps to accomplish the handoff to theYou'll want a wildcard, catchall entry for those domains. You will
> lmtp server. I was using the local_recipient_maps for the mailbox
> checking, but the system is not recognizing those users as local.
> At Victor's urging, this afternoon, I enabled the
> relay_recipient_maps and that solved the rejecting unknown before
> the handoff to the amavisd-new, but broke the domains that I need
> to forward all mail for.
find an example of this at postconf.5.html#relay_recipient_maps .
> From all the reading that I've done, it looks to me like I needPerhaps because what you're wanting is partly beyond the scope of
> some sort of hybrid system.
> The virtual How-To is confusing and I don't see any clear examples
> of what I'm looking to do.
> It looks like I need to do the relay_domains and the transportsRight, typically transport_maps are needed for relay_domains. See
> thing for the domains that need to be forwarded.
for the explanation. You do NOT need to tinker with the default
relay_transport, but you probably DO need to use transport_maps to
override the nexthop that DNS would tell you.
> It also looks like I need to use the virtual_mailbox_domains,Typically dbmail-served domains should be in virtual_mailbox_domains
> virtual_mailbox_maps, but I don't see how to get from there, to the
> alternat lmtp. Everything I've read says that it all goes to local
> unix accounts and that's not what I need.
and the user query in virtual_mailbox_maps, yes. You can mangle the
local address class to do this, just as you can force a square peg
into a round hole. It won't fit quite right. I don't know what dbmail
documentation shows, but you're better off doing it the right way for
> Can anyone point me in the right direction in the docs that explainRead over the aforementioned ADDRESS_CLASS_README.
> how to do this or a couple of examples?
 I hate to use the word, "trivial," because nothing in email
administration is ever trivial. Misunderstandings of how mail
works lead to bad management decisions, too. Suffice to say
that if the basic understanding of Postfix and email is good,
this solution is pretty easy.
 Another option, besides transport_maps, would be a special DNS
view with a different MX value for the domain in question. If
this does not make sense to you, disregard it for now, but it
might make sense later.
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
- On Wed, Jun 02, 2010 at 08:21:03AM -0400, curtis@... wrote:
> >> defer_code = 550Because it is an incredibly bad idea. Transient errors need to
> > Why?
> Why not? I'll look more at the docs.
generate *transient* (4XX) error response codes. Setting the
defer_code to 5XX is about as misguided as it gets.
On 6/2/2010 1:20 PM, Victor Duchovni wrote:
Point taken and its fixed.
On Wed, Jun 02, 2010 at 08:21:03AM -0400, curtis@... wrote:
defer_code = 550
Why not? I'll look more at the docs.
Because it is an incredibly bad idea. Transient errors need to generate *transient* (4XX) error response codes. Setting the defer_code to 5XX is about as misguided as it gets.
I have things working the way they should be now. amavisd-new is not working hard, but spamhaus is. I have to look at harvesting addresses and setting up my own rbl, but thats a discussion for the pdns list. :-)
relay_domains = cdb:/etc/postfix/transport
relay_domains_reject_code = 554
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client \ ix.dnsbl.manitu.net, permit
smtpd_recipient_restrictions = reject_unauth_destination, reject_unlisted_recipient
smtpd_sasl_auth_enable = yes
transport_maps = cdb:/etc/postfix/transport, mysql:/etc/postfix/transport.cf
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_mailbox_domains = mysql:/etc/postfix/virtual.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql-recipients.cf
virtual_transport = mysql:/etc/postfix/transport.cf
as of this minute
42930 messages blocked by rbl zen.spamhaus.org
416 messages quarantined by amavis
666 messages blocked by amavis
Thanks for all of your help,
- On 2010-06-02 4:15 PM, Curtis Maurand wrote:
> 666 messages blocked by amavisHopefully you aren't BOUNCING these ('rejecting' *after* you've accepted
them, which, once they get to amavisd-new, you've accepted them unless
you're using it in a pre-queue filter, which is resource intensive and
only practical on a low volume server)).