Loading ...
Sorry, an error occurred while loading the content.

FQDN Problem after Migrating to Virtual Domains

Expand Messages
  • Michael Sloan
    I just upgraded our mail server from a 10-year old Solaris server running sendmail and WU-IMAP to Linux running Postfix 2.9 and Dovecot 2.1 and have
    Message 1 of 3 , Jan 2, 2013
    View Source
    • 0 Attachment
      I just upgraded our mail server from a 10-year old Solaris server
      running sendmail and WU-IMAP to Linux running Postfix 2.9 and Dovecot
      2.1 and have encountered a problem I didn't anticipate and am hoping to
      find some help.

      We're a university department with our own mail server,
      mail.dept.university.edu, and generally everyone has their clients send
      mail to user@... - which works well. As I didn't want to
      create system accounts for everyone here and knowing that I might end up
      hosting mail for another department as well, I decided to use virtual
      domains and defined ours as dept.university.edu.

      One of the users has sent mail with a return address using the FQDN of
      the mail server, namely user@... and now Postfix is
      rejecting this as it believes the user does not exist.

      Currently I have the following defined:

      myhostname = mail.dept.university.edu
      mydestination = $myhostname, localhost.$mydomain
      virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf

      Can I add a local alias for user which redirects to
      user@..., or is there a better way to solve this issue?

      --
      Michael Sloan
      Systems Administrator
      FSU Center for Advanced Power Systems
      sloan@...
    • Reindl Harald
      ... myorigin = dept.university.edu in general i would add reject_non_fqdn_recipient and reject_non_fqdn_sender to smtpd_recipient_restrictions BEFORE
      Message 2 of 3 , Jan 2, 2013
      View Source
      • 0 Attachment
        Am 02.01.2013 23:40, schrieb Michael Sloan:
        > One of the users has sent mail with a return address using the FQDN of the mail server, namely
        > user@... and now Postfix is rejecting this as it believes the user does not exist.
        >
        > Currently I have the following defined:
        >
        > myhostname = mail.dept.university.edu
        > mydestination = $myhostname, localhost.$mydomain
        > virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
        >
        > Can I add a local alias for user which redirects to user@..., or is there a better way to solve
        > this issue?

        myorigin = dept.university.edu

        in general i would add "reject_non_fqdn_recipient" and "reject_non_fqdn_sender"
        to "smtpd_recipient_restrictions" BEFORE "permit_sasl_authenticated" because
        i see no single reason to allow any client to use non FQ sender / RCPT
      • Viktor Dukhovni
        ... If your domain is a virtual mailbox domain, you should probably not even list $myhostname in $mydestination. Rather: main.cf: # Convenience # indexed =
        Message 3 of 3 , Jan 2, 2013
        View Source
        • 0 Attachment
          On Wed, Jan 02, 2013 at 05:40:41PM -0500, Michael Sloan wrote:

          > Currently I have the following defined:
          >
          > myhostname = mail.dept.university.edu
          > mydestination = $myhostname, localhost.$mydomain
          > virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf

          If your domain is a virtual mailbox domain, you should probably
          not even list $myhostname in $mydestination.

          Rather:

          main.cf:
          # Convenience
          #
          indexed = ${default_database_type}:${config_directory}/

          # Envelope recipient 1-to-many rewriting
          #
          virtual_alias_maps = ${indexed}virtual

          # Empty, non-legacy setting.
          #
          parent_domain_matches_subdomains =

          # Mail is only processed via local(8) when explicitly aliased
          # there via virtual(5). Local system accounts are not externally
          # addressable:
          #
          mydestination = local.invalid

          # Sender addresses are @ the domain, not the mailhost.
          #
          myorigin = $mydomain

          # Reject external mail to/from the "invalid" TLD.
          # Add other rules as desired. Consider simplifying
          # via smtpd_relay_restrictions in 2.10.
          #
          smtpd_sender_restrictions =
          check_sender_access ${indexed}access-from,

          smtpd_recipient_restrictions =
          check_recipient_access ${indexed}access-to,
          permit_mynetworks,
          permit_sasl_authenticated,
          reject_unauth_destination
          # ... more rules

          #smtpd_relay_restrictions =
          # permit_mynetworks,
          # permit_sasl_authenticated,
          # reject_unauth_destination


          access-to:
          invalid REJECT 5.1.2 invalid recipient domain
          .invalid REJECT 5.1.2 invalid recipient domain

          access-from:
          invalid REJECT 5.1.2 invalid sender domain
          .invalid REJECT 5.1.2 invalid sender domain


          > Can I add a local alias for user which redirects to
          > user@..., or is there a better way to solve this
          > issue?

          To accept mail for legacy domains, it is best to implement them
          as virtual alias domains.

          main.cf:
          virtual_alias_domains = $myhostname

          virtual:
          # Legacy domain
          user1@... user

          # System account delivery
          user2@... user@...

          Finally browse the appropriate headinds undef BASIC_CONFIGURATION_README
          and STANDARD_CONFIGURATION_README.

          --
          Viktor.
        Your message has been successfully submitted and would be delivered to recipients shortly.