Loading ...
Sorry, an error occurred while loading the content.

Virtual mailboxes only

Expand Messages
  • Karol Babioch
    Hi, I m pretty sure that this was asked for already, but I couldn t find anything useful with the keywords I was using. I ve tried to play with some
    Message 1 of 19 , Mar 1 7:24 PM
    • 0 Attachment
      Hi,

      I'm pretty sure that this was asked for already, but I couldn't find
      anything useful with the keywords I was using. I've tried to play with
      some configurations, but couldn't find a reliable solution so far.

      I will explain what I'm trying to do with two example domains:

      I've got a server, which can be found at the domain "example.com"
      (including a PTR record for reverse DNS lookups).

      Now I want to run a mailserver for "example.com", but I don't want to
      create local users, but instead use virtual mailboxing.

      Furthermore I've got the domain "example.net" which I want to be a mail
      host for - once again using virtual mailboxing.

      Emails to "info@..." should be stored (using dovecot) in
      "/var/spool/mail/example.com/info". The emails for the "example.net"
      domain should be treated the same way (e.g.
      "/var/spool/mail/example.net/info").

      Now what would be the best way to deal with these kind of problem? From
      my understanding the documentation seems to assume that virtual
      mailboxing is only used for "additional" domains, but not for the "main"
      one.

      So my question, I guess, comes down to this: What would be the best way
      to have a single "main" domain virtual mailboxed, so that I don't have
      to create system users for each account? Is this even possible in a
      clean way?

      Best regards,
      Karol Babioch
    • Ansgar Wiechers
      ... True, and the recommended way of handling things. However, the main domain of the server can be the server itself, and you can restrict the ...
      Message 2 of 19 , Mar 2 1:26 AM
      • 0 Attachment
        On 2012-03-02 Karol Babioch wrote:
        > I've got a server, which can be found at the domain "example.com"
        > (including a PTR record for reverse DNS lookups).
        >
        > Now I want to run a mailserver for "example.com", but I don't want to
        > create local users, but instead use virtual mailboxing.
        >
        > Furthermore I've got the domain "example.net" which I want to be a
        > mail host for - once again using virtual mailboxing.
        >
        > Emails to "info@..." should be stored (using dovecot) in
        > "/var/spool/mail/example.com/info". The emails for the "example.net"
        > domain should be treated the same way (e.g.
        > "/var/spool/mail/example.net/info").
        >
        > Now what would be the best way to deal with these kind of problem?
        > From my understanding the documentation seems to assume that virtual
        > mailboxing is only used for "additional" domains, but not for the
        > "main" one.

        True, and the recommended way of handling things. However, the "main"
        domain of the server can be the server itself, and you can restrict the
        valid local mailboxes via $local_recipient_maps:

        ----8<----
        mydestination = $myhostname
        local_recipient_maps = $alias_maps
        ---->8----

        I'd suggest to have $alias_maps look somewhat like this:

        ----8<----
        mailer-daemon: postmaster

        postmaster: root
        hostmaster: root
        abuse: root

        root: mailadmin@...
        ---->8----

        For the virtual mailbox domain setup follow the examples in the Virtual
        Domain Hosting Howto [1].

        [1] http://www.postfix.org/VIRTUAL_README.html

        Regards
        Ansgar Wiechers
        --
        "Abstractions save us time working, but they don't save us time learning."
        --Joel Spolsky
      • Karol Babioch
        Hi, ... thanks for your reply. However I m not quite sure whether I ve understood your advice in the right way. What value would $myhostname have in the above
        Message 3 of 19 , Mar 2 9:46 AM
        • 0 Attachment
          Hi,

          Am 02.03.2012 10:26, schrieb Ansgar Wiechers:
          > True, and the recommended way of handling things. However, the "main"
          > domain of the server can be the server itself, and you can restrict the
          > valid local mailboxes via $local_recipient_maps:
          >
          > ----8<----
          > mydestination = $myhostname
          > local_recipient_maps = $alias_maps
          > ---->8----

          thanks for your reply. However I'm not quite sure whether I've
          understood your advice in the right way. What value would $myhostname
          have in the above example? Because when I set $myhostname to
          "example.com" (in order to have the server consistently reporting itself
          as "example.com"), I then would have mentioned "example.com" both in the
          $mydestination parameter as well as a virtual domain.

          Am I missing here something?

          Best regards,
          Karol Babioch
        • Charles Marcus
          ... example.com is a FQDN, not a hostname. ... name it mail.example.com, or smtp.example.com, or something like that. Then local mail is the form
          Message 4 of 19 , Mar 2 9:51 AM
          • 0 Attachment
            On 2012-03-02 12:46 PM, Karol Babioch <karol@...> wrote:
            > thanks for your reply. However I'm not quite sure whether I've
            > understood your advice in the right way. What value would $myhostname
            > have in the above example? Because when I set $myhostname to
            > "example.com"

            example.com is a FQDN, not a hostname.

            > (in order to have the server consistently reporting itself
            > as "example.com"),

            name it mail.example.com, or smtp.example.com, or something like that.
            Then local mail is the form user@..., instead of
            user@....

            --

            Best regards,

            Charles
          • Karol Babioch
            Hi, ... That s exactly what I m trying to prevent, because the PTR record for this IP points to example.com . I m guessing I m getting into trouble when there
            Message 5 of 19 , Mar 2 9:53 AM
            • 0 Attachment
              Hi,

              Am 02.03.2012 18:51, schrieb Charles Marcus:
              > name it mail.example.com, or smtp.example.com, or something like that.
              > Then local mail is the form user@..., instead of
              > user@....

              That's exactly what I'm trying to prevent, because the PTR record for
              this IP points to "example.com". I'm guessing I'm getting into trouble
              when there is a mismatch, because its standard procedure when trying to
              block spam.

              Best regards,
              Karol Babioch
            • Charles Marcus
              ... You are mistaken. -- Best regards, Charles
              Message 6 of 19 , Mar 2 10:02 AM
              • 0 Attachment
                On 2012-03-02 12:53 PM, Karol Babioch <karol@...> wrote:
                > That's exactly what I'm trying to prevent, because the PTR record for
                > this IP points to "example.com". I'm guessing I'm getting into trouble
                > when there is a mismatch, because its standard procedure when trying to
                > block spam.

                You are mistaken.

                --

                Best regards,

                Charles
              • Karol Babioch
                Hi, ... Could you elaborate on that please? Its definitely a common way of dealing with spam to check whether the PTR record points to the domain, which the
                Message 7 of 19 , Mar 2 12:56 PM
                • 0 Attachment
                  Hi,

                  Am 02.03.2012 19:02, schrieb Charles Marcus:
                  > You are mistaken.

                  Could you elaborate on that please? Its definitely a common way of
                  dealing with spam to check whether the PTR record points to the domain,
                  which the mailserver claims to work for.

                  When my PTR record points to "example.com", but my mailserver claims to
                  be "mail.example.com", then I would expect to get some negative rating
                  and/or blocking. What's wrong about my conception?

                  Best regards,
                  Karol Babioch
                • Charles Marcus
                  ... Look at the pointers for my domain (media-brokers.com)... then look at the server that originated this email message. We use an outsourced antispam service
                  Message 8 of 19 , Mar 2 1:02 PM
                  • 0 Attachment
                    On 2012-03-02 3:56 PM, Karol Babioch <karol@...> wrote:
                    > Am 02.03.2012 19:02, schrieb Charles Marcus:
                    >> You are mistaken.

                    > Could you elaborate on that please? Its definitely a common way of
                    > dealing with spam to check whether the PTR record points to the domain,
                    > which the mailserver claims to work for.
                    >
                    > When my PTR record points to "example.com", but my mailserver claims to
                    > be "mail.example.com", then I would expect to get some negative rating
                    > and/or blocking. What's wrong about my conception?

                    Look at the pointers for my domain (media-brokers.com)... then look at
                    the server that originated this email message.

                    We use an outsourced antispam service (currently emailfilteirng.com, but
                    soon to switch)...

                    We do also happen to use them for outbound relay too, but even if we
                    didn't, as long as the hostname for our server waqs resolvable,
                    everything is still fine...

                    All that matters is that whatever you have your mx records pointed to is
                    authoritative for mail for your domain, and that your hostname resolves
                    to a valid IP address...

                    What is your concern?

                    --

                    Best regards,

                    Charles
                  • Karol Babioch
                    Hi, ... to get flagged as spam without no other reason ;)? Best regards, Karol Babioch
                    Message 9 of 19 , Mar 2 1:08 PM
                    • 0 Attachment
                      Hi,

                      Am 02.03.2012 22:02, schrieb Charles Marcus:
                      > What is your concern?

                      to get flagged as spam without no other reason ;)?

                      Best regards,
                      Karol Babioch
                    • Noel Jones
                      ... Any anti-spam system that flags mail only because the sending hostname doesn t match the email sender domain name is *badly* broken. -- Noel Jones
                      Message 10 of 19 , Mar 2 1:19 PM
                      • 0 Attachment
                        On 3/2/2012 3:08 PM, Karol Babioch wrote:
                        > Hi,
                        >
                        > Am 02.03.2012 22:02, schrieb Charles Marcus:
                        >> What is your concern?
                        >
                        > to get flagged as spam without no other reason ;)?
                        >
                        > Best regards,
                        > Karol Babioch
                        >

                        Any anti-spam system that flags mail only because the sending
                        hostname doesn't match the email sender domain name is *badly* broken.



                        -- Noel Jones
                      • Charles Marcus
                        ... Translation: you are worrying about a non-issue... -- Best regards, Charles
                        Message 11 of 19 , Mar 2 1:24 PM
                        • 0 Attachment
                          On 2012-03-02 4:19 PM, Noel Jones <njones@...> wrote:
                          > On 3/2/2012 3:08 PM, Karol Babioch wrote:
                          >> Am 02.03.2012 22:02, schrieb Charles Marcus:
                          >>> What is your concern?
                          >>
                          >> to get flagged as spam without no other reason ;)?

                          > Any anti-spam system that flags mail only because the sending
                          > hostname doesn't match the email sender domain name is *badly* broken.

                          Translation: you are worrying about a non-issue...

                          --

                          Best regards,

                          Charles
                        • Reindl Harald
                          ... to make it clear: this is even not possible in the real world having a server with 500 domains how could the hostname match all this domains? theonly thing
                          Message 12 of 19 , Mar 2 1:33 PM
                          • 0 Attachment
                            Am 02.03.2012 22:19, schrieb Noel Jones:
                            > On 3/2/2012 3:08 PM, Karol Babioch wrote:
                            >> Hi,
                            >>
                            >> Am 02.03.2012 22:02, schrieb Charles Marcus:
                            >>> What is your concern?
                            >>
                            >> to get flagged as spam without no other reason ;)?
                            >>
                            >> Best regards,
                            >> Karol Babioch
                            >>
                            >
                            > Any anti-spam system that flags mail only because the sending
                            > hostname doesn't match the email sender domain name is *badly* broken.

                            to make it clear:

                            this is even not possible in the real world

                            having a server with 500 domains
                            how could the hostname match all this domains?

                            theonly thing what is stronlgy recommended to match
                            is A-Record and PTR of the machine
                          • Karol Babioch
                            Hi, ... Ok, maybe I ve mixed something up here :). Thanks for your replies. I ve got it running now. However I ve now got the problem that my alias_maps
                            Message 13 of 19 , Mar 2 2:26 PM
                            • 0 Attachment
                              Hi,

                              Am 02.03.2012 22:33, schrieb Reindl Harald:
                              > theonly thing what is stronlgy recommended to match
                              > is A-Record and PTR of the machine

                              Ok, maybe I've mixed something up here :). Thanks for your replies.

                              I've got it running now. However I've now got the problem that my
                              alias_maps doesn't get respected. My /etc/aliases looks something like this:

                              ==
                              postmaster: root
                              abuse: root
                              root: me@...
                              ==

                              My main.cf contains the following:

                              ==
                              local_recipient_maps = $alias_maps
                              ==

                              But sending a mail to postmaster@... fails with an unknown user
                              error. I can of course define such aliases within my
                              virtual_domains_maps, but somehow I would like to have some common
                              aliases automatically attached to each domain. Is this possible?

                              Best regards,
                              Karol Babioch
                            • Wietse Venema
                              ... It s respected only when Postfix is configured to look there. Report the output of: $ postconf mydestination Postfix will not look in alias_maps when the
                              Message 14 of 19 , Mar 2 2:32 PM
                              • 0 Attachment
                                Karol Babioch:
                                > Hi,
                                >
                                > Am 02.03.2012 22:33, schrieb Reindl Harald:
                                > > theonly thing what is stronlgy recommended to match
                                > > is A-Record and PTR of the machine
                                >
                                > Ok, maybe I've mixed something up here :). Thanks for your replies.
                                >
                                > I've got it running now. However I've now got the problem that my
                                > alias_maps doesn't get respected. My /etc/aliases looks something like this:

                                It's respected only when Postfix is configured to look there.

                                Report the output of:

                                $ postconf mydestination

                                Postfix will not look in alias_maps when the domain is not listed
                                in mydestination.

                                $ postconf alias_maps

                                Postfix will not look in /etc/aliases when that pathname is not
                                listed in alias_maps.

                                $ postmap -q postmaster hash:/etc/aliases

                                (instead of "hash", use the file type as shown in "postconf alias_maps"
                                output).

                                Wietse
                              • Karol Babioch
                                Hi, ... So, when I understand this right, it is not possible to define common aliases for all virtual domains? Because virtual domains won t be listed within
                                Message 15 of 19 , Mar 2 2:48 PM
                                • 0 Attachment
                                  Hi,

                                  Am 02.03.2012 23:32, schrieb Wietse Venema:
                                  > Postfix will not look in alias_maps when the domain is not listed
                                  > in mydestination.

                                  So, when I understand this right, it is not possible to define common
                                  aliases for all virtual domains? Because virtual domains won't be listed
                                  within $mydestination?

                                  Best regards,
                                  Karol Babioch
                                • /dev/rob0
                                  ... This feature is not advertised in the Postfix documentation, therefore it is not available. On the contrary, a point of virtual domains vs. local is this
                                  Message 16 of 19 , Mar 2 3:22 PM
                                  • 0 Attachment
                                    On Fri, Mar 02, 2012 at 11:48:09PM +0100, Karol Babioch wrote:
                                    > Am 02.03.2012 23:32, schrieb Wietse Venema:
                                    > > Postfix will not look in alias_maps when the domain is not
                                    > > listed in mydestination.
                                    >
                                    > So, when I understand this right, it is not possible to
                                    > define common aliases for all virtual domains? Because
                                    > virtual domains won't be listed within $mydestination?

                                    This feature is not advertised in the Postfix documentation,
                                    therefore it is not available. On the contrary, a point of virtual
                                    domains vs. local is this namespace separation.

                                    Generally a solution is to list postmaster@... and
                                    abuse@... in virtual_alias_maps pointing to your (the
                                    postmaster's) address.

                                    Lazy solutions are available to users of SQL map types:


                                    main.cf :

                                    [ ... ]
                                    virtual_alias_maps = [ ... ]
                                    sqlite:/etc/postfix/query/map-postmaster.query
                                    virtual_mailbox_domains =
                                    sqlite:/etc/postfix/query/dom-vmbox.query
                                    [ ... ]

                                    query/dom-vmbox.query :

                                    dbpath = /path/to/your/database
                                    query = SELECT name FROM Domain WHERE CLASS>800 AND name='%s'

                                    query/map-postmaster.query :

                                    dbpath = /path/to/your/database
                                    query = SELECT name FROM Domain WHERE CLASS>800 AND name='%d'
                                    AND ('abuse'='%u' OR 'postmaster'='%u')
                                    result_format = you+%U_%D@...

                                    So if
                                    postmap -q example.net sqlite:/etc/postfix/query/dom-vmbox.query
                                    returns "example.net", then:
                                    postmap -q abuse@... sqlite:/etc/postfix/query/map-postmaster.query
                                    will return "you+abuse_example.net@...".

                                    The gist of this being that you do the same test as for your virtual
                                    domain list, test two hardcoded localparts, and return a hardcoded
                                    result which goes to your mailbox.

                                    Note: I don't use this; I manually create postmaster and abuse
                                    aliases. It's untested. Test it before you commit. :)
                                    --
                                    http://rob0.nodns4.us/ -- system administration and consulting
                                    Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
                                  • Wietse Venema
                                    ... Only the local address class (defined by the list of domain names in mydestination) has a shared user name space, and that is only because of
                                    Message 17 of 19 , Mar 2 4:33 PM
                                    • 0 Attachment
                                      Karol Babioch:
                                      > Hi,
                                      >
                                      > Am 02.03.2012 23:32, schrieb Wietse Venema:
                                      > > Postfix will not look in alias_maps when the domain is not listed
                                      > > in mydestination.
                                      >
                                      > So, when I understand this right, it is not possible to define common
                                      > aliases for all virtual domains? Because virtual domains won't be listed
                                      > within $mydestination?

                                      Only the local address class (defined by the list of domain names
                                      in mydestination) has a shared "user" name space, and that is only
                                      because of compatibility with historical UNIX mail implementations.

                                      There is nothing mysterical about Postfix; all this is documented.

                                      Wietse
                                    • Nikolaos Milas
                                      ... You may also want to read this thread: http://tech.groups.yahoo.com/group/postfix-users/message/267828 Regards, Nick
                                      Message 18 of 19 , Mar 3 12:38 AM
                                      • 0 Attachment
                                        On 3/3/2012 12:48 πμ, Karol Babioch wrote:

                                        > So, when I understand this right, it is not possible to define common
                                        > aliases for all virtual domains?

                                        You may also want to read this thread:
                                        http://tech.groups.yahoo.com/group/postfix-users/message/267828

                                        Regards,
                                        Nick
                                      • mouss
                                        ... no. you can use virtual mailbox domains for whatever domain you like. there s no concept of additional domains.
                                        Message 19 of 19 , Mar 4 6:34 PM
                                        • 0 Attachment
                                          Le 02/03/2012 04:24, Karol Babioch a écrit :
                                          > Hi,
                                          >
                                          > I'm pretty sure that this was asked for already, but I couldn't
                                          > find anything useful with the keywords I was using. I've tried to
                                          > play with some configurations, but couldn't find a reliable
                                          > solution so far.
                                          >
                                          > I will explain what I'm trying to do with two example domains:
                                          >
                                          > I've got a server, which can be found at the domain "example.com"
                                          > (including a PTR record for reverse DNS lookups).
                                          >
                                          > Now I want to run a mailserver for "example.com", but I don't want
                                          > to create local users, but instead use virtual mailboxing.
                                          >
                                          > Furthermore I've got the domain "example.net" which I want to be a
                                          > mail host for - once again using virtual mailboxing.
                                          >
                                          > Emails to "info@..." should be stored (using dovecot) in
                                          > "/var/spool/mail/example.com/info". The emails for the
                                          > "example.net" domain should be treated the same way (e.g.
                                          > "/var/spool/mail/example.net/info").
                                          >
                                          > Now what would be the best way to deal with these kind of problem?
                                          > From my understanding the documentation seems to assume that
                                          > virtual mailboxing is only used for "additional" domains, but not
                                          > for the "main" one.

                                          no. you can use virtual mailbox domains for whatever domain you like.
                                          there's no concept of "additional" domains.

                                          http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
                                          shows an example with relay_domains. you can do the same with
                                          virtual_mailbox_domains. or you can do


                                          mydestination = localhost
                                          virtual_mailbox_domains = ...

                                          and use localhost (via virtual_alias_maps) when you need to execute
                                          scripts or use the "include" feature (because virtual does not allow
                                          you to do that).

                                          >
                                          > So my question, I guess, comes down to this: What would be the best
                                          > way to have a single "main" domain virtual mailboxed, so that I
                                          > don't have to create system users for each account? Is this even
                                          > possible in a clean way?
                                          >
                                          > Best regards, Karol Babioch
                                          >
                                        Your message has been successfully submitted and would be delivered to recipients shortly.