Loading ...
Sorry, an error occurred while loading the content.

Aliases on local submissions only

Expand Messages
  • Philip Prindeville
    I have a border postfix MTA that doesn t host any mailboxes, indeed it doesn t even know what the valid usernames are for the domain. It merely serves to
    Message 1 of 7 , Jan 1, 2012
    • 0 Attachment
      I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.

      It merely serves to check messages for viruses, and block DoS attacks.

      As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.

      How do I configure that? I.e. that if a message is submitted locally by a service such as 'cron' or 'logwatch', it should be aliased to an internal mailbox name on an Intranet server...

      Thanks,

      -Philip
    • Wietse Venema
      ... Both alias_maps and virtual_alias_maps are destination properties, not origin properties. Adding context-dependencies to one MTA configuration makes it
      Message 2 of 7 , Jan 1, 2012
      • 0 Attachment
        Philip Prindeville:
        > As such, I need it to perform aliasing *only* on messages generated
        > locally by system services, such as 'cron'.

        Both alias_maps and virtual_alias_maps are destination properties,
        not origin properties. Adding context-dependencies to one MTA
        configuration makes it harder to understand.

        > How do I configure that? I.e. that if a message is submitted locally
        > by a service such as 'cron' or 'logwatch', it should be aliased
        > to an internal mailbox name on an Intranet server...

        The multi-instance README file has an example that splits a mail
        server into a service MTA instance that handles mail from the
        network, and a null MTA instance that handles local submissions
        from cron jobs etc. Sounds that this is what you need.

        Wietse
      • Jeroen Geilman
        ... There are several approaches. Local processes use sendmail(1) to submit mail. This is partly outside the normal flow of SMTP mail, as diagrammed here:
        Message 3 of 7 , Jan 2, 2012
        • 0 Attachment
          On 01/02/2012 02:00 AM, Philip Prindeville wrote:
          > I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
          >
          > It merely serves to check messages for viruses, and block DoS attacks.
          >
          > As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.
          >
          > How do I configure that? I.e. that if a message is submitted locally by a service such as 'cron' or 'logwatch', it should be aliased to an internal mailbox name on an Intranet server...
          >
          > Thanks,
          >
          > -Philip
          There are several approaches.

          Local processes use sendmail(1) to submit mail.
          This is partly outside the normal flow of SMTP mail, as diagrammed here:
          http://www.postfix.org/OVERVIEW.html#receiving

          The pickup(8) service allows you to specify a content_filter, which you
          could use to inject this mail into a separate smtpd(8) listener with
          different restrictions than the main port 25 listener, one of those
          being to allow aliasing to external recipients.

          You could also set receive_override_options on the pickup(8) service
          directly, and disable them on the normal smtpd(8) listener.

          http://www.postfix.org/pickup.8.html
          http://www.postfix.org/postconf.5.html#content_filter
          http://www.postfix.org/FILTER_README.html
          http://www.postfix.org/postconf.5.html#receive_override_options

          --
          J.
        • Philip Prindeville
          ... So I can have: echo receive_override_options = no_address_mappings /etc/postfix/main.cf but then in master.cf have: pickup ... -o
          Message 4 of 7 , Jan 2, 2012
          • 0 Attachment
            On 1/2/12 7:08 AM, Jeroen Geilman wrote:
            > On 01/02/2012 02:00 AM, Philip Prindeville wrote:
            >> I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
            >>
            >> It merely serves to check messages for viruses, and block DoS attacks.
            >>
            >> As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.
            >>
            >> How do I configure that? I.e. that if a message is submitted locally by a service such as 'cron' or 'logwatch', it should be aliased to an internal mailbox name on an Intranet server...
            >>
            >> Thanks,
            >>
            >> -Philip
            > There are several approaches.
            >
            > Local processes use sendmail(1) to submit mail.
            > This is partly outside the normal flow of SMTP mail, as diagrammed here:
            > http://www.postfix.org/OVERVIEW.html#receiving
            >
            > The pickup(8) service allows you to specify a content_filter, which you
            > could use to inject this mail into a separate smtpd(8) listener with
            > different restrictions than the main port 25 listener, one of those
            > being to allow aliasing to external recipients.
            >
            > You could also set receive_override_options on the pickup(8) service
            > directly, and disable them on the normal smtpd(8) listener.
            >
            > http://www.postfix.org/pickup.8.html
            > http://www.postfix.org/postconf.5.html#content_filter
            > http://www.postfix.org/FILTER_README.html
            > http://www.postfix.org/postconf.5.html#receive_override_options
            >

            So I can have:

            echo "receive_override_options = no_address_mappings" >> /etc/postfix/main.cf

            but then in master.cf have:

            pickup ...
            -o receive_override_options=

            is that correct?

            -Philip
          • Lorens Kockum
            ... Wouldn t the easiest way be to configure the box with a specific local domain? If its local domain is antivirus.example.com , then it won t do alias
            Message 5 of 7 , Jan 2, 2012
            • 0 Attachment
              On Sun, Jan 01, 2012 at 06:00:46PM -0700, Philip Prindeville wrote:
              > I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
              >
              > It merely serves to check messages for viruses, and block DoS attacks.
              >
              > As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.

              Wouldn't the easiest way be to configure the box with a specific
              local domain? If its local domain is "antivirus.example.com",
              then it won't do alias expansion for anything else. Should the
              box have your main domain as a local domain it it doesn't even
              know the valid usernames for the domain?

              HTH
            • Philip Prindeville
              ... Creating extra domains would involve a lot of paperwork and retooling. Plus it seems like it would be fixing the symptoms but not the cause.
              Message 6 of 7 , Jan 3, 2012
              • 0 Attachment
                On 1/3/12 12:36 AM, Lorens Kockum wrote:
                > On Sun, Jan 01, 2012 at 06:00:46PM -0700, Philip Prindeville wrote:
                >> I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
                >>
                >> It merely serves to check messages for viruses, and block DoS attacks.
                >>
                >> As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.
                > Wouldn't the easiest way be to configure the box with a specific
                > local domain? If its local domain is "antivirus.example.com",
                > then it won't do alias expansion for anything else. Should the
                > box have your main domain as a local domain it it doesn't even
                > know the valid usernames for the domain?
                >
                > HTH

                Creating extra domains would involve a lot of paperwork and retooling.

                Plus it seems like it would be fixing the symptoms but not the cause.
              • Jeroen Geilman
                ... God no, why would you do that ? man postconf, postconf -e option = value ... If both behave as documented, that would give you the desired result, yes.
                Message 7 of 7 , Jan 3, 2012
                • 0 Attachment
                  On 2012-01-03 04:33, Philip Prindeville wrote:
                  > On 1/2/12 7:08 AM, Jeroen Geilman wrote:
                  >> On 01/02/2012 02:00 AM, Philip Prindeville wrote:
                  >>> I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
                  >>>
                  >>> It merely serves to check messages for viruses, and block DoS attacks.
                  >>>
                  >>> As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.
                  >>>
                  >>> How do I configure that? I.e. that if a message is submitted locally by a service such as 'cron' or 'logwatch', it should be aliased to an internal mailbox name on an Intranet server...
                  >>>
                  >>> Thanks,
                  >>>
                  >>> -Philip
                  >> There are several approaches.
                  >>
                  >> Local processes use sendmail(1) to submit mail.
                  >> This is partly outside the normal flow of SMTP mail, as diagrammed here:
                  >> http://www.postfix.org/OVERVIEW.html#receiving
                  >>
                  >> The pickup(8) service allows you to specify a content_filter, which you
                  >> could use to inject this mail into a separate smtpd(8) listener with
                  >> different restrictions than the main port 25 listener, one of those
                  >> being to allow aliasing to external recipients.
                  >>
                  >> You could also set receive_override_options on the pickup(8) service
                  >> directly, and disable them on the normal smtpd(8) listener.
                  >>
                  >> http://www.postfix.org/pickup.8.html
                  >> http://www.postfix.org/postconf.5.html#content_filter
                  >> http://www.postfix.org/FILTER_README.html
                  >> http://www.postfix.org/postconf.5.html#receive_override_options
                  >>
                  > So I can have:
                  >
                  > echo "receive_override_options = no_address_mappings">> /etc/postfix/main.cf

                  God no, why would you do that ?

                  man postconf, postconf -e "option = value"

                  >
                  > but then in master.cf have:
                  >
                  > pickup ...
                  > -o receive_override_options=
                  >
                  > is that correct?

                  If both behave as documented, that would give you the desired result, yes.


                  --
                  J.
                Your message has been successfully submitted and would be delivered to recipients shortly.