Rene Bartsch wrote: > Hi, > > I'm running the combination of Postfix, Postfix-GLD (Greylisting) and > DBMail(MDA) as a stand-alone > Internet host on a Ubuntu-9.04 system. The file 'sql-recipients.cf' provides > the MySQL access > information for the list of mail-aliases in DBMail and 'sql-domains.cf' > provides the list of > virtual domains extracted from the mail-aliases. >
According to your config below, you are trying to use local as virtual. Don't do this. Before making any changes, read and understand http://www.postfix.org/VIRTUAL_README.html#in_virtual_other > What Postfix shall do: > > - listen on all public and private IPs for incoming SMTP-connections > > - relay mail from the internet to DBmail via LMTP on loopback device if the > recipient address > matches a mail-alias and the recipient restrictions are met (FQDN, GLD, SPF, > etc.) > > - relay mail from private networks to DBMail via LMTP on loopback device if > the recipient address > matches a mail-alias an the sender domain matches a virtual domain. No other > restrictions > > - relay from private networks to the internet if the sender domain matches a > virtual domain. No > other restrictions > > - Do NOT relay anything from internet to internet (avoid open relay) > > - use only public IP xxx.xxx.xxx.xxx for relaying mail to the internet > > - Use TLS-encryption and -authentification whenever possible on internet > connections (does it make > sense to force TLS or are there too many non-TLS mail servers out there?) but > don't use it with > private networks > > > > What Postfix currently doesn't do: > > - it relays mail to the internet but only accepts mail for 'mydomain' > ('mydestination' commented out) > - it accepts mail for all virtual domains but does not relay to the internet > (Message not sent. Server replied: > > Action not performed: mailbox not available > 550 5.1.1 <x...@xxxxx.org>: Recipient address rejected: User unknown > in local recipient table) > ('mydestination' NOT commented out) > > - it uses TLS on any connection and does not allow unecrypted and > unauthenticated access to > private networks > > Thanx for any hint, > > Renne > > > main.cf: > We prefer 'postconf -n' as stated in the link from the welcome message to the list. > > ------------------------------------ snip > ------------------------------------------------------- > > mydomain = <mydomain> > myhostname = $mydomain > myorigin = $mydomain > mynetworks = 10.214.224.0/24 10.214.234.0/24 127.0.0.0/8 > mydestination = mysql:/etc/postfix/sql-domains.cf > This should be "virtual_mailbox_domains = mysql:/etc/postfix/sql-domains.cf" if they are truly virtual. ONLY set domains that will be delivered using *nix accounts in mydestination. > mailbox_transport = dbmail-lmtp:127.0.0.1:24 > virtual_transport = dbmail-lmtp:127.0.0.1:24 > local_recipient_maps = mysql:/etc/postfix/sql-recipients.cf > This breaks a lot of things. Change local_recipient_maps to virtual_mailbox_maps > smtpd_tls_security_level = encrypt > Choose "may" over "encrypt" or you will lose a lot of internet mail. As noted in the commented master.cf, it is acceptable to add "-o smtpd_tls_security_level=encrypt" in master.cf on the submission transport.
