Nikita Kipriyanov a écrit :
> We run a mail server with virtual domains (mainly there are mailbox
> domains).
>
> For a certain things same aliases needed in the each and every virtual
> domain in the system. For example, all these domains maintained by same
> people, so it is good thing to have each domain's postmaster mapped to
> the same internal distribution list. There are also other common aliases.
>
> To simplify things, I added a regexp table
> (/etc/postfix/virtual_alias_maps-special):
>
> /^postmaster@/ postmaster
>
> This table is referenced in the main.cf this way:
> virtual_alias_maps = regexp:/etc/postfix/virtual_alias_maps-special
> mysql:/etc/postfix/virtual_alias_maps.cf
>
> There is no address rewriting, masqerading and other things that change
> destination or source address. We're using only local aliases and
> virtual aliases. There is also no per-recipient transports and
> relayhost, any mail is delivered directly to recipient's MX servers.
>
> The local alias table redirects postmaster's mail further.
>
> Of course, this catches all mail for each domain's postmaster. But, now
> I'm not able to send any mail to any external postmaster
> (postmas...@some.domain, some.domain isn't a virtual, relay or canonical
> domain) with this server. If I try to send mail, for example, to
> postmas...@postfix.org, it's getting catched and delivered to my
> postmaster list.
virtual_alias_maps apply to _all_ domains. you should only setup these
aliases for your own domains. since you are using mysql, let mysql do it
for you:
virtual_alias_maps =
mysql:/etc/postfix/virtual_alias_maps.cf
mysql:/etc/postfix/standard_aliases.cf
and in the latter, use something like:
query = select 'postmas...@example.com'
from YourDomainTable
where
'%u' = 'postmaster'
AND
'%d' = domain
(Note: the query only returns a result if the domain part is listed in
your domains table).
now, once you do this, you could build a table for the "standard"
aliases instead of hardcoding 'postmaster'...
> Still, if I try to deliver mail to postmas...@postfix.org through this
> server from external systems without SMTP authentication, it rejects
> with "Relay access denied".
>
relay access control and delivery (including alias expansion) are two
different things.
> Why Postfix behaves like this? How to catch only 'incoming' mail, and to
> send it away it if recipiend domain isn't listed in the virtual, local,
> and relay domain tables?
all mail is "incoming" when it is received and becomes "outgoing" when
it is forwarded. an MTA is not a mail user agent.
note that you can't simply separate reception and submission
functionalities (by using different instances or different
smtpd+cleanup... etc), because even an "inbound only" MTA needs to reach
the sender in some cases (bounce, DSN, ...).
