Greetings, all.
I'm having a couple of problems I hope someone here can help me with.
First, a problem with sender restrictions. Specifically I am being
told that I cannot send on behalf of my domain name. I am sending
mail to my wife's address at mac.com, through my mail server. The
route the mail takes is:
- my mail server (Postfix on Linux)
- relay through my ISP (because my ISP blocks outbound SMTP)
- Apple's .mac service (a couple of hops)
- forward from .mac back to our ISP (for additional spam filtering)
- forward from ISP back to my Linux box (this is where all of her
email ends up)
My guess is that the final hop (ISP to my Linux box) generates the
error message, but the headers seem to imply otherwise...I'm not
really sure. The returned error message is copied here:
--- 8< --- clip'n'save --- >8 ---
This message was created automatically by mail delivery software (Exim).
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
wife's-local-addr...@example.net
SMTP error from remote mailer after RCPT TO:<wife's-local-addr...@example.net
>:
host hostname.is-a-geek.com [1.2.3.4]: 554 5.7.1 <my-addr...@example.net
>:
Sender address rejected: you cannot send on behalf of example.net
--- 8< --- clip'n'save --- >8 ---
hostname.is-a-geek.com is my local Linux box, and the address given
(shown as 1.2.3.4) is my cable router's external address.
Is it possible to do this sort of thing? I guess I could add my ISP's
servers to mynetworks, but I'd rather not have to keep up with that,
and I'm not sure that would solve the problem.
Another problem I'm having, which I mentioned recently but for which I
did not get a response, is canonical/virtual resolution. I might not
have gotten a response because of thread hijacking, which I now know
to be taboo here. (I had changed the subject line and had denoted
that in the subject line, but that probably wasn't enough.)
Most of the domains in mydestination are virtual alias domains, so I'm
guessing that those should be moved to virtual_alias_domains, and that
mydestination should be "$myhostname, localhost.$mydomain, localhost,
$mydomain" only. The others are FQDNs that point to my hostname but
are not used in email addresses.
In my config, you'll notice that I'm using SSL; these are self-signed
certificates that I pretty much only use for my personal mail delivery
(my MacBook Pro has the cert loaded, so I can send SSL email from my
laptop to my server); I don't think remote SMTP servers like those
certs, but mail always gets through so I'm not very concerned about it
just now. Also, you'll note that I'm using my ISP's mail server as a
relay; this is because my server runs in a dynamic pool, and I don't
want my legitimate outbound mail blocked because I'm running a server
on a dynamic range. Using this relay requires an ISP username &
password, which is in /etc/postfix/sasl_password.
The only thing that isn't working the way I need it to work is some
combination of canonical, generic, & virtual maps. I have a GroupWise
account at work, with that email forwarded to my Postfix server. It
appears that GroupWise mail forwarding is broken, because GroupWise
changes the recipient to be the address on my Postfix server, instead
of leaving it to be the GroupWise address and simply forwarding the
email. I have the following mappings set, but they don't correct that
email address:
canonical:
f...@example.net daniel_lhommed...@example.edu
generic:
foo daniel_lhommed...@example.edu
virtual:
daniel_lhommed...@example.edu f...@example.net
dclho...@example.edu f...@example.net
dclho...@gw.example.edu f...@example.net
dclho...@abc.example.edu f...@example.net
Email addressed to dclho...@example.edu and dclho...@abc.example.edu
works fine, but the two GroupWise addresses (daniel_lhommed...@example.edu
and dclho...@gw.example.edu) do not properly correct. Any pointers
on what I might be doing wrong here?
Thanks so much.
Daniel
postconf -n output:
--- 8< --- clip'n'save --- >8 ---
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost,
$mydomain, hostname.example.com, www.example.com, mail.example.com,
example.com, hostname.dyndns.org, hostname.gotdns.com, hostname.is-a-
geek.com, example.com
mynetworks = 10.0.1.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = +
relayhost = relayhost.example.net
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination,
check_sender_access hash:/etc/postfix/mydomain,
reject_invalid_hostname, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/virtual
