Loading ...
Sorry, an error occurred while loading the content.
 

Re: Virtual mailboxes only

Expand Messages
  • Ansgar Wiechers
    ... True, and the recommended way of handling things. However, the main domain of the server can be the server itself, and you can restrict the ...
    Message 1 of 19 , Mar 2 1:26 AM
      On 2012-03-02 Karol Babioch wrote:
      > I've got a server, which can be found at the domain "example.com"
      > (including a PTR record for reverse DNS lookups).
      >
      > Now I want to run a mailserver for "example.com", but I don't want to
      > create local users, but instead use virtual mailboxing.
      >
      > Furthermore I've got the domain "example.net" which I want to be a
      > mail host for - once again using virtual mailboxing.
      >
      > Emails to "info@..." should be stored (using dovecot) in
      > "/var/spool/mail/example.com/info". The emails for the "example.net"
      > domain should be treated the same way (e.g.
      > "/var/spool/mail/example.net/info").
      >
      > Now what would be the best way to deal with these kind of problem?
      > From my understanding the documentation seems to assume that virtual
      > mailboxing is only used for "additional" domains, but not for the
      > "main" one.

      True, and the recommended way of handling things. However, the "main"
      domain of the server can be the server itself, and you can restrict the
      valid local mailboxes via $local_recipient_maps:

      ----8<----
      mydestination = $myhostname
      local_recipient_maps = $alias_maps
      ---->8----

      I'd suggest to have $alias_maps look somewhat like this:

      ----8<----
      mailer-daemon: postmaster

      postmaster: root
      hostmaster: root
      abuse: root

      root: mailadmin@...
      ---->8----

      For the virtual mailbox domain setup follow the examples in the Virtual
      Domain Hosting Howto [1].

      [1] http://www.postfix.org/VIRTUAL_README.html

      Regards
      Ansgar Wiechers
      --
      "Abstractions save us time working, but they don't save us time learning."
      --Joel Spolsky
    • Karol Babioch
      Hi, ... thanks for your reply. However I m not quite sure whether I ve understood your advice in the right way. What value would $myhostname have in the above
      Message 2 of 19 , Mar 2 9:46 AM
        Hi,

        Am 02.03.2012 10:26, schrieb Ansgar Wiechers:
        > True, and the recommended way of handling things. However, the "main"
        > domain of the server can be the server itself, and you can restrict the
        > valid local mailboxes via $local_recipient_maps:
        >
        > ----8<----
        > mydestination = $myhostname
        > local_recipient_maps = $alias_maps
        > ---->8----

        thanks for your reply. However I'm not quite sure whether I've
        understood your advice in the right way. What value would $myhostname
        have in the above example? Because when I set $myhostname to
        "example.com" (in order to have the server consistently reporting itself
        as "example.com"), I then would have mentioned "example.com" both in the
        $mydestination parameter as well as a virtual domain.

        Am I missing here something?

        Best regards,
        Karol Babioch
      • Charles Marcus
        ... example.com is a FQDN, not a hostname. ... name it mail.example.com, or smtp.example.com, or something like that. Then local mail is the form
        Message 3 of 19 , Mar 2 9:51 AM
          On 2012-03-02 12:46 PM, Karol Babioch <karol@...> wrote:
          > thanks for your reply. However I'm not quite sure whether I've
          > understood your advice in the right way. What value would $myhostname
          > have in the above example? Because when I set $myhostname to
          > "example.com"

          example.com is a FQDN, not a hostname.

          > (in order to have the server consistently reporting itself
          > as "example.com"),

          name it mail.example.com, or smtp.example.com, or something like that.
          Then local mail is the form user@..., instead of
          user@....

          --

          Best regards,

          Charles
        • Karol Babioch
          Hi, ... That s exactly what I m trying to prevent, because the PTR record for this IP points to example.com . I m guessing I m getting into trouble when there
          Message 4 of 19 , Mar 2 9:53 AM
            Hi,

            Am 02.03.2012 18:51, schrieb Charles Marcus:
            > name it mail.example.com, or smtp.example.com, or something like that.
            > Then local mail is the form user@..., instead of
            > user@....

            That's exactly what I'm trying to prevent, because the PTR record for
            this IP points to "example.com". I'm guessing I'm getting into trouble
            when there is a mismatch, because its standard procedure when trying to
            block spam.

            Best regards,
            Karol Babioch
          • Charles Marcus
            ... You are mistaken. -- Best regards, Charles
            Message 5 of 19 , Mar 2 10:02 AM
              On 2012-03-02 12:53 PM, Karol Babioch <karol@...> wrote:
              > That's exactly what I'm trying to prevent, because the PTR record for
              > this IP points to "example.com". I'm guessing I'm getting into trouble
              > when there is a mismatch, because its standard procedure when trying to
              > block spam.

              You are mistaken.

              --

              Best regards,

              Charles
            • Karol Babioch
              Hi, ... Could you elaborate on that please? Its definitely a common way of dealing with spam to check whether the PTR record points to the domain, which the
              Message 6 of 19 , Mar 2 12:56 PM
                Hi,

                Am 02.03.2012 19:02, schrieb Charles Marcus:
                > You are mistaken.

                Could you elaborate on that please? Its definitely a common way of
                dealing with spam to check whether the PTR record points to the domain,
                which the mailserver claims to work for.

                When my PTR record points to "example.com", but my mailserver claims to
                be "mail.example.com", then I would expect to get some negative rating
                and/or blocking. What's wrong about my conception?

                Best regards,
                Karol Babioch
              • Charles Marcus
                ... Look at the pointers for my domain (media-brokers.com)... then look at the server that originated this email message. We use an outsourced antispam service
                Message 7 of 19 , Mar 2 1:02 PM
                  On 2012-03-02 3:56 PM, Karol Babioch <karol@...> wrote:
                  > Am 02.03.2012 19:02, schrieb Charles Marcus:
                  >> You are mistaken.

                  > Could you elaborate on that please? Its definitely a common way of
                  > dealing with spam to check whether the PTR record points to the domain,
                  > which the mailserver claims to work for.
                  >
                  > When my PTR record points to "example.com", but my mailserver claims to
                  > be "mail.example.com", then I would expect to get some negative rating
                  > and/or blocking. What's wrong about my conception?

                  Look at the pointers for my domain (media-brokers.com)... then look at
                  the server that originated this email message.

                  We use an outsourced antispam service (currently emailfilteirng.com, but
                  soon to switch)...

                  We do also happen to use them for outbound relay too, but even if we
                  didn't, as long as the hostname for our server waqs resolvable,
                  everything is still fine...

                  All that matters is that whatever you have your mx records pointed to is
                  authoritative for mail for your domain, and that your hostname resolves
                  to a valid IP address...

                  What is your concern?

                  --

                  Best regards,

                  Charles
                • Karol Babioch
                  Hi, ... to get flagged as spam without no other reason ;)? Best regards, Karol Babioch
                  Message 8 of 19 , Mar 2 1:08 PM
                    Hi,

                    Am 02.03.2012 22:02, schrieb Charles Marcus:
                    > What is your concern?

                    to get flagged as spam without no other reason ;)?

                    Best regards,
                    Karol Babioch
                  • Noel Jones
                    ... Any anti-spam system that flags mail only because the sending hostname doesn t match the email sender domain name is *badly* broken. -- Noel Jones
                    Message 9 of 19 , Mar 2 1:19 PM
                      On 3/2/2012 3:08 PM, Karol Babioch wrote:
                      > Hi,
                      >
                      > Am 02.03.2012 22:02, schrieb Charles Marcus:
                      >> What is your concern?
                      >
                      > to get flagged as spam without no other reason ;)?
                      >
                      > Best regards,
                      > Karol Babioch
                      >

                      Any anti-spam system that flags mail only because the sending
                      hostname doesn't match the email sender domain name is *badly* broken.



                      -- Noel Jones
                    • Charles Marcus
                      ... Translation: you are worrying about a non-issue... -- Best regards, Charles
                      Message 10 of 19 , Mar 2 1:24 PM
                        On 2012-03-02 4:19 PM, Noel Jones <njones@...> wrote:
                        > On 3/2/2012 3:08 PM, Karol Babioch wrote:
                        >> Am 02.03.2012 22:02, schrieb Charles Marcus:
                        >>> What is your concern?
                        >>
                        >> to get flagged as spam without no other reason ;)?

                        > Any anti-spam system that flags mail only because the sending
                        > hostname doesn't match the email sender domain name is *badly* broken.

                        Translation: you are worrying about a non-issue...

                        --

                        Best regards,

                        Charles
                      • Reindl Harald
                        ... to make it clear: this is even not possible in the real world having a server with 500 domains how could the hostname match all this domains? theonly thing
                        Message 11 of 19 , Mar 2 1:33 PM
                          Am 02.03.2012 22:19, schrieb Noel Jones:
                          > On 3/2/2012 3:08 PM, Karol Babioch wrote:
                          >> Hi,
                          >>
                          >> Am 02.03.2012 22:02, schrieb Charles Marcus:
                          >>> What is your concern?
                          >>
                          >> to get flagged as spam without no other reason ;)?
                          >>
                          >> Best regards,
                          >> Karol Babioch
                          >>
                          >
                          > Any anti-spam system that flags mail only because the sending
                          > hostname doesn't match the email sender domain name is *badly* broken.

                          to make it clear:

                          this is even not possible in the real world

                          having a server with 500 domains
                          how could the hostname match all this domains?

                          theonly thing what is stronlgy recommended to match
                          is A-Record and PTR of the machine
                        • Karol Babioch
                          Hi, ... Ok, maybe I ve mixed something up here :). Thanks for your replies. I ve got it running now. However I ve now got the problem that my alias_maps
                          Message 12 of 19 , Mar 2 2:26 PM
                            Hi,

                            Am 02.03.2012 22:33, schrieb Reindl Harald:
                            > theonly thing what is stronlgy recommended to match
                            > is A-Record and PTR of the machine

                            Ok, maybe I've mixed something up here :). Thanks for your replies.

                            I've got it running now. However I've now got the problem that my
                            alias_maps doesn't get respected. My /etc/aliases looks something like this:

                            ==
                            postmaster: root
                            abuse: root
                            root: me@...
                            ==

                            My main.cf contains the following:

                            ==
                            local_recipient_maps = $alias_maps
                            ==

                            But sending a mail to postmaster@... fails with an unknown user
                            error. I can of course define such aliases within my
                            virtual_domains_maps, but somehow I would like to have some common
                            aliases automatically attached to each domain. Is this possible?

                            Best regards,
                            Karol Babioch
                          • Wietse Venema
                            ... It s respected only when Postfix is configured to look there. Report the output of: $ postconf mydestination Postfix will not look in alias_maps when the
                            Message 13 of 19 , Mar 2 2:32 PM
                              Karol Babioch:
                              > Hi,
                              >
                              > Am 02.03.2012 22:33, schrieb Reindl Harald:
                              > > theonly thing what is stronlgy recommended to match
                              > > is A-Record and PTR of the machine
                              >
                              > Ok, maybe I've mixed something up here :). Thanks for your replies.
                              >
                              > I've got it running now. However I've now got the problem that my
                              > alias_maps doesn't get respected. My /etc/aliases looks something like this:

                              It's respected only when Postfix is configured to look there.

                              Report the output of:

                              $ postconf mydestination

                              Postfix will not look in alias_maps when the domain is not listed
                              in mydestination.

                              $ postconf alias_maps

                              Postfix will not look in /etc/aliases when that pathname is not
                              listed in alias_maps.

                              $ postmap -q postmaster hash:/etc/aliases

                              (instead of "hash", use the file type as shown in "postconf alias_maps"
                              output).

                              Wietse
                            • Karol Babioch
                              Hi, ... So, when I understand this right, it is not possible to define common aliases for all virtual domains? Because virtual domains won t be listed within
                              Message 14 of 19 , Mar 2 2:48 PM
                                Hi,

                                Am 02.03.2012 23:32, schrieb Wietse Venema:
                                > Postfix will not look in alias_maps when the domain is not listed
                                > in mydestination.

                                So, when I understand this right, it is not possible to define common
                                aliases for all virtual domains? Because virtual domains won't be listed
                                within $mydestination?

                                Best regards,
                                Karol Babioch
                              • /dev/rob0
                                ... This feature is not advertised in the Postfix documentation, therefore it is not available. On the contrary, a point of virtual domains vs. local is this
                                Message 15 of 19 , Mar 2 3:22 PM
                                  On Fri, Mar 02, 2012 at 11:48:09PM +0100, Karol Babioch wrote:
                                  > Am 02.03.2012 23:32, schrieb Wietse Venema:
                                  > > Postfix will not look in alias_maps when the domain is not
                                  > > listed in mydestination.
                                  >
                                  > So, when I understand this right, it is not possible to
                                  > define common aliases for all virtual domains? Because
                                  > virtual domains won't be listed within $mydestination?

                                  This feature is not advertised in the Postfix documentation,
                                  therefore it is not available. On the contrary, a point of virtual
                                  domains vs. local is this namespace separation.

                                  Generally a solution is to list postmaster@... and
                                  abuse@... in virtual_alias_maps pointing to your (the
                                  postmaster's) address.

                                  Lazy solutions are available to users of SQL map types:


                                  main.cf :

                                  [ ... ]
                                  virtual_alias_maps = [ ... ]
                                  sqlite:/etc/postfix/query/map-postmaster.query
                                  virtual_mailbox_domains =
                                  sqlite:/etc/postfix/query/dom-vmbox.query
                                  [ ... ]

                                  query/dom-vmbox.query :

                                  dbpath = /path/to/your/database
                                  query = SELECT name FROM Domain WHERE CLASS>800 AND name='%s'

                                  query/map-postmaster.query :

                                  dbpath = /path/to/your/database
                                  query = SELECT name FROM Domain WHERE CLASS>800 AND name='%d'
                                  AND ('abuse'='%u' OR 'postmaster'='%u')
                                  result_format = you+%U_%D@...

                                  So if
                                  postmap -q example.net sqlite:/etc/postfix/query/dom-vmbox.query
                                  returns "example.net", then:
                                  postmap -q abuse@... sqlite:/etc/postfix/query/map-postmaster.query
                                  will return "you+abuse_example.net@...".

                                  The gist of this being that you do the same test as for your virtual
                                  domain list, test two hardcoded localparts, and return a hardcoded
                                  result which goes to your mailbox.

                                  Note: I don't use this; I manually create postmaster and abuse
                                  aliases. It's untested. Test it before you commit. :)
                                  --
                                  http://rob0.nodns4.us/ -- system administration and consulting
                                  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
                                • Wietse Venema
                                  ... Only the local address class (defined by the list of domain names in mydestination) has a shared user name space, and that is only because of
                                  Message 16 of 19 , Mar 2 4:33 PM
                                    Karol Babioch:
                                    > Hi,
                                    >
                                    > Am 02.03.2012 23:32, schrieb Wietse Venema:
                                    > > Postfix will not look in alias_maps when the domain is not listed
                                    > > in mydestination.
                                    >
                                    > So, when I understand this right, it is not possible to define common
                                    > aliases for all virtual domains? Because virtual domains won't be listed
                                    > within $mydestination?

                                    Only the local address class (defined by the list of domain names
                                    in mydestination) has a shared "user" name space, and that is only
                                    because of compatibility with historical UNIX mail implementations.

                                    There is nothing mysterical about Postfix; all this is documented.

                                    Wietse
                                  • Nikolaos Milas
                                    ... You may also want to read this thread: http://tech.groups.yahoo.com/group/postfix-users/message/267828 Regards, Nick
                                    Message 17 of 19 , Mar 3 12:38 AM
                                      On 3/3/2012 12:48 πμ, Karol Babioch wrote:

                                      > So, when I understand this right, it is not possible to define common
                                      > aliases for all virtual domains?

                                      You may also want to read this thread:
                                      http://tech.groups.yahoo.com/group/postfix-users/message/267828

                                      Regards,
                                      Nick
                                    • mouss
                                      ... no. you can use virtual mailbox domains for whatever domain you like. there s no concept of additional domains.
                                      Message 18 of 19 , Mar 4 6:34 PM
                                        Le 02/03/2012 04:24, Karol Babioch a écrit :
                                        > Hi,
                                        >
                                        > I'm pretty sure that this was asked for already, but I couldn't
                                        > find anything useful with the keywords I was using. I've tried to
                                        > play with some configurations, but couldn't find a reliable
                                        > solution so far.
                                        >
                                        > I will explain what I'm trying to do with two example domains:
                                        >
                                        > I've got a server, which can be found at the domain "example.com"
                                        > (including a PTR record for reverse DNS lookups).
                                        >
                                        > Now I want to run a mailserver for "example.com", but I don't want
                                        > to create local users, but instead use virtual mailboxing.
                                        >
                                        > Furthermore I've got the domain "example.net" which I want to be a
                                        > mail host for - once again using virtual mailboxing.
                                        >
                                        > Emails to "info@..." should be stored (using dovecot) in
                                        > "/var/spool/mail/example.com/info". The emails for the
                                        > "example.net" domain should be treated the same way (e.g.
                                        > "/var/spool/mail/example.net/info").
                                        >
                                        > Now what would be the best way to deal with these kind of problem?
                                        > From my understanding the documentation seems to assume that
                                        > virtual mailboxing is only used for "additional" domains, but not
                                        > for the "main" one.

                                        no. you can use virtual mailbox domains for whatever domain you like.
                                        there's no concept of "additional" domains.

                                        http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
                                        shows an example with relay_domains. you can do the same with
                                        virtual_mailbox_domains. or you can do


                                        mydestination = localhost
                                        virtual_mailbox_domains = ...

                                        and use localhost (via virtual_alias_maps) when you need to execute
                                        scripts or use the "include" feature (because virtual does not allow
                                        you to do that).

                                        >
                                        > So my question, I guess, comes down to this: What would be the best
                                        > way to have a single "main" domain virtual mailboxed, so that I
                                        > don't have to create system users for each account? Is this even
                                        > possible in a clean way?
                                        >
                                        > Best regards, Karol Babioch
                                        >
                                      Your message has been successfully submitted and would be delivered to recipients shortly.