Viktor Dukhovni via Postfix-users <[email protected]> wrote:
>
> On Tue, Feb 10, 2026 at 09:46:35PM +0100, Michael Grimm via Postfix-users
> wrote:
>> This local domain is a member of virtual_mailbox_domains, only, and the
>> address space is part of mynetworks.
>> I hope that this isn't an issue?
>
> That's a mistake, do not add it it virtual_mailbox_domains, or if you
> do, you need to add explicit access(5) rules to reject incoming mail
> to that domain:
>
> main.cf:
> smtpd_relay_restrictions =
> check_recipient_access inline:{ {ellael.lan = reject},
> {.ellael.lan = reject} },
Interesting solution that I immediately chose before my final solution (see
below)
> But, simpler to not list it in "virtual_mailbox_domains", and just
> use transport table entries to route it via LMTP, while treating
> otherwise as some random external domain for which you don't accept
> mail from strangers.
>>> It would have transport table entries, but these don't imply
>>> access permissions:
>>>
>>> ellael.lan lmtp:...
>>> dbmail.ellael.lan lmtp:...
>>
>> Does that mean:
>>
>> (1) no need for virtual_transport = lmtp:unix:private/dovecot-lmtp in main.cf
>
> That's harmless, and perhaps you have other virtual_mailbox_domains, or
> choose the access(5) route to keep it inaccessible to direct mail from
> strangers.
>
>> (2) both transports in transport_maps instead?
>
> Yes.
Ok, now I understand why I put ellael.lan into virtual_mailbox_domains in the
first place.
My configuration had been incomplete:
main.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp in main.cf
transport_maps
dbmail.ellael.lan dbmail-lmtp:[10.0.3.11]:24
Error:
Feb 11 09:22:59 mail postfix/qmgr[6371]: 4f9rz30nmfzF2N:
from=<[email protected]>, size=226, nrcpt=2 (queue active)
Feb 11 09:22:59 mail postfix/smtp[6383]: 4f9rz30nmfzF2N: to=<[email protected]>,
orig_to=<[email protected]>, relay=none, delay=9.2, delays=9.1/0.12/0.01/0,
dsn=5.4.6, status=bounced (mail for ellael.lan loops back to myself)
Feb 11 09:23:00 mail postfix/lmtp[6384]: 4f9rz30nmfzF2N:
to=<[email protected]>, orig_to=<[email protected]>,
relay=10.0.3.11[10.0.3.11]:24, delay=10, delays=9.1/0.04/0.02/0.91, tls=none,
dsn=2.0.0, status=sent (215 Recipient <[email protected]> OK)
Feb 11 09:23:00 mail postfix/bounce[6385]: 4f9rz30nmfzF2N: sender non-delivery
notification: 4f9rz83c4rzDv6
Feb 11 09:23:00 mail postfix/cleanup[6382]: 4f9rz83c4rzDv6:
message-id=<[email protected]>
Feb 11 09:23:00 mail postfix/qmgr[6371]: 4f9rz83c4rzDv6: from=<>, size=2255,
nrcpt=2 (queue active)
Feb 11 09:23:00 mail postfix/qmgr[6371]: 4f9rz30nmfzF2N: removed
Feb 11 09:23:00 mail postfix/smtp[6383]: 4f9rz83c4rzDv6: to=<[email protected]>,
orig_to=<[email protected]>, relay=none, delay=0.02,
delays=0.01/0/0.01/0, dsn=5.4.6, status=bounced (mail for ellael.lan loops back
to myself)
Feb 11 09:23:01 mail postfix/lmtp[6384]: 4f9rz83c4rzDv6:
to=<[email protected]>, orig_to=<[email protected]>,
relay=10.0.3.11[10.0.3.11]:24, delay=1.3, delays=0.01/0.01/0.01/1.3, tls=none,
dsn=2.0.0, status=sent (215 Recipient <[email protected]> OK)
Feb 11 09:23:01 mail postfix/qmgr[6371]: 4f9rz83c4rzDv6: removed
Feb 11 09:23:29 mail postfix/smtpd[6377]: disconnect from
mail.mwn.ellael.lan[10.0.1.1] helo=1 mail=1 rcpt=1 data=1 quit=1 unknown=0/1
commands=5/6
I failed to realise that I was missing the transport to ellael.lan:
transport_maps:
ellael.lan dbmail-lmtp:[10.0.3.11]:24
dbmail.ellael.lan dbmail-lmtp:[10.0.3.11]:24
Thus I added ellael.lan to virtual_mailbox_domains. Ok this mistake is
corrected, now.
>> Give that *.ellael.lan is member of virtual_mailbox_domains and mynetworks
>> is *not* an issue, thanks.
>
> 1. Either remove from virtual_mailbox_domains, or equally good approach
> add access rules to prevent misuse.
removed
> 2. Do not include domain names in "mynetworks", this should only list
> IP address blocks, or single addresses.
I never had. My wordings were too vage. I meant that the 10.0.0.0/8 subnet is
part of mynetworks, not the domain name.
Thanks again and regards,
Michael
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
