Loading ...
Sorry, an error occurred while loading the content.

Re: virtual hosting problem

Expand Messages
  • Ansgar Wiechers
    ... First and foremost: ALWAYS post the output of postconf -n , NEVER the quote the contents of main.cf. Only the former is guaranteed to be your active
    Message 1 of 4 , May 18 2:18 PM
    • 0 Attachment
      On 2013-05-18 doug@... wrote:
      > My problem is a regexp table used to fold domains that should be
      > delivered to the same mailbox stopped working. I solved the problem
      > by adding a hash table with all the extra names. This is a big
      > administrative deal (to us) as it adds several thousand emails to
      > maintain and sync as changes are made.
      >
      > This system is a postfix-cyrus running on FreeBSD 8.2
      >
      > From main.cf:
      >
      > mydestination = $myhostname, localhost.$mydomain, localhost
      > mydomain = safeport.com
      > relay_domains = $mydestination lighthouse.safeport.com mail3.safeport.com
      > allow_untrusted_routing = no
      > virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
      > hash:/usr/local/etc/postfix/virtual1
      > regexp:/usr/local/etc/postfix/virtual.regexp
      > virtual_alias_domains = $virtual_alias_maps
      >
      > virtual1 is the extra table I added to make customer stuff work. I am
      > testing various solutions with our own domains.
      >
      > Sending to a safeport.us address gets:
      > 554 5.7.1 <doug@...>: Relay access denied
      >
      > virtual: doug@... doug
      > virtual.regexp: /^(.*)@safeport\.us$/ $1@...
      > MX record for safeport.us = 10 lighthouse.safeport.com
      >
      > postmap -q doug@... regexp:virtual.regexp
      > doug@...

      First and foremost: ALWAYS post the output of "postconf -n", NEVER the
      quote the contents of main.cf. Only the former is guaranteed to be your
      active configuration.

      That said, what you posted of your configuration does not list the
      domain safeport.us as either a local or a relay domain. That's most
      likely the reason why you get a "relay access denied". Change the line

      virtual_alias_domains = $virtual_alias_maps

      into this:

      virtual_alias_domains = safeport.us

      Furthermore, $mydestination is for local delivery of mail of which your
      server is the final destination. $relay_domains is for relaying mail for
      domains that your server is NOT the final destination of. Do NOT mix the
      two. Remove $mydestination from $relay_domains.

      Restart Postfix after you applied these changes.

      Regards
      Ansgar Wiechers
      --
      "All vulnerabilities deserve a public fear period prior to patches
      becoming available."
      --Jason Coombs on Bugtraq
    • Benny Pedersen
      ... is $mydomain missing in $mydestination ? ... safeport.us missing in $mydestination ? ... doug goes to ? ... you have too many tlds for me to see the all
      Message 2 of 4 , May 19 6:49 AM
      • 0 Attachment
        doug@... skrev den 2013-05-18 20:03:

        > mydestination = $myhostname, localhost.$mydomain, localhost
        > mydomain = safeport.com

        is $mydomain missing in $mydestination ?

        > Sending to a safeport.us address gets:
        > 554 5.7.1 <doug@...>: Relay access denied

        safeport.us missing in $mydestination ?

        > virtual: doug@... doug

        doug goes to ?

        > virtual.regexp: /^(.*)@safeport\.us$/ $1@...
        > MX record for safeport.us = 10 lighthouse.safeport.com
        > postmap -q doug@... regexp:virtual.regexp
        > doug@...

        you have too many tlds for me to see the all errors on remote :)

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      • doug@...
        ... [cut] ... I have done this at the bottom minus the tls/sasl setup ... Your suggestion, which works, actually spawns two questions. My setup with
        Message 3 of 4 , May 19 5:41 PM
        • 0 Attachment
          On Sat, 18 May 2013, Ansgar Wiechers wrote:

          > On 2013-05-18 doug@... wrote:
          >> My problem is a regexp table used to fold domains that should be
          >> delivered to the same mailbox stopped working. I solved the problem
          >> by adding a hash table with all the extra names. This is a big
          >> administrative deal (to us) as it adds several thousand emails to
          >> maintain and sync as changes are made.
          >>
          >> This system is a postfix-cyrus running on FreeBSD 8.2
          >>
          >> From main.cf:
          [cut]
          >
          > First and foremost: ALWAYS post the output of "postconf -n", NEVER the
          > quote the contents of main.cf. Only the former is guaranteed to be your
          > active configuration.

          I have done this at the bottom minus the tls/sasl setup

          > That said, what you posted of your configuration does not list the
          > domain safeport.us as either a local or a relay domain. That's most
          > likely the reason why you get a "relay access denied". Change the line
          >
          > virtual_alias_domains = $virtual_alias_maps
          >
          > into this:
          >
          > virtual_alias_domains = safeport.us
          >
          > Furthermore, $mydestination is for local delivery of mail of which your
          > server is the final destination. $relay_domains is for relaying mail for
          > domains that your server is NOT the final destination of. Do NOT mix the
          > two. Remove $mydestination from $relay_domains.

          Your suggestion, which works, actually spawns two questions. My setup with
          relay_domains = $mydestination worked for 6+ months. The problem arose when I
          upgraded our name servers to FreeBSD 9.1 and/or added another entry to the
          regexp table virtual.regexp. This is a timing only observation, I do not
          attribute the problem to either change. My FreeBSD mentor runs exactly the same
          configuration. The only difference being his system is FreeBSD-cyrus-kerberos,
          we do not use kerberos.

          When I first installed postfix-cyrus I simply hacked a working configuration. As
          I learned more about postfix, I assumed the relay_domains setting was required
          to relay email addressed to acct@... or to domains in the
          virtual table. Following your suggestion, I see this is not the case. It does
          not however cause a problem. I originally had only relay_domains =
          $mydestination, adding the other values trying to get the regexp table back in
          play.

          When my original configuration was working, it had to be the case that the
          translation done by virtual.regexp happened before a delivery decision was made.
          So I did something to cause postfix to attempt to deliver those addresses before
          translation is done. I have high hopes relay_domains = virtual.regexp will
          work. If not, adding another hash table should.

          Email comes addressed to acct@..., to an address in virtual,
          or to an address whose domain is translated by virtual.regexp to an address in
          virtual. Messages are delivered to a cyrus mailbox (e.g. doug) or forwarded on
          to an external address.

          While I would love to know what happened, I thank you for a solution

          Doug

          _______________
          postconf -n

          allow_untrusted_routing = no
          broken_sasl_auth_clients = yes
          command_directory = /usr/local/sbin
          config_directory = /usr/local/etc/postfix
          daemon_directory = /usr/local/libexec/postfix
          data_directory = /var/db/postfix
          debug_peer_level = 2
          html_directory = /usr/local/share/doc/postfix
          local_recipient_maps =
          mail_owner = postfix
          mailbox_size_limit = 200000000
          mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
          mailq_path = /usr/local/bin/mailq
          manpage_directory = /usr/local/man
          message_size_limit = 100000000
          mynetworks_style = subnet
          myorigin = $myhostname
          newaliases_path = /usr/local/bin/newaliases
          queue_directory = /var/spool/postfix
          readme_directory = /usr/local/share/doc/postfix
          recipient_delimiter = +
          relay_domains = safeport.us
          sample_directory = /usr/local/etc/postfix
          sendmail_path = /usr/local/sbin/sendmail
          setgid_group = maildrop
          smtpd_enforce_tls = no
          smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
          reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient,
          reject_unknown_recipient_domain, eject_unknown_sender_domain,
          reject_unauth_destination, check_client_access
          hash:/usr/local/etc/postfix/access, reject_unauth_pipelining,
          check_policy_service inet:127.0.0.1:10023, reject_rbl_client bl.spamcop.net
          smtpd_use_tls = yes
          unknown_local_recipient_reject_code = 450
          virtual_alias_domains = $virtual_alias_maps
          virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
          hash:/usr/local/etc/postfix/virtual1
          regexp:/usr/local/etc/postfix/virtual.regexp

          _____
          Douglas Denault
          http://www.safeport.com
          doug@...
          Voice: 301-217-9220
          Fax: 301-217-9277
        Your message has been successfully submitted and would be delivered to recipients shortly.