Hello list,
I have a nicely running Postfix installation which uses both virtual and
local users.
To prevent local mail being delivered to spool files, I have to alias
(via /etc/aliases) the relevant users to a virtual user, which is not
very elegant.
What I want to do is forward all mail, that _would_ be delivered locally
to a single virtual account, without aliasing every single UNIX user.
I tried using "luser_relay", but for that to work,
"local_recipient_maps" must be empty. But that would prevent local
aliases in /etc/aliases to work.
What I have:
- virtual delivery for all my domains (as configured via MySQL)
- all virtual mail is aliased to some_u...@virtual.local
- all mail for @virtual.local is delivered via dovecot
- mail for local users is aliased using /etc/aliases
- some local users are aliased to virtual addresses
- existing UNIX users not being aliased are delivered via local
transport to spool files
What I want:
- forward all mail for existing UNIX users, that are not aliased, to
some virtual address
- mail for nonexisting UNIX users should be rejected
- aliasing for local users is important, because regular UNIX users
should get forwarded separately
What I configured as workaround:
- I set mailbox_command to invoke sendmail to forward mail to a set
address, instead of being saved to a spool file
- this workaround looks rather nasty, in fact, mail is processed (and
filtered, etc.) twice before being delivered
Is there a better way to forward these mails? Perhaps via mailbox_transport?
Thanks in advance for all answers.
Markus
/etc/aliases:
root: user1
postmaster: root
abuse: postmaster
user1: us...@virtual.local
postconf -n:
alias_maps = $alias_database
biff = no
config_directory = /etc/postfix
content_filter = filter:[127.0.0.1]:10025
header_checks = pcre:/etc/postfix/header_checks
inet_protocols = all
mailbox_command = /usr/sbin/sendmail root+${LOCAL}
mydestination = $myhostname localhost.$mydomain localhost
myhostname = hostname
recipient_delimiter = +
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_helo_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_client_hostname
check_sender_access hash:/etc/postfix/sender_access
check_policy_service unix:external/postgrey
smtpd_sasl_path = external/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/hostname.crt.pem
smtpd_tls_key_file = /etc/ssl/private/hostname.key.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist = HIGH:!ADH:!MD5:!SSLv2:@STRENGTH
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_gid_maps = static:500
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:500
master.cf:
smtp inet n - - - - smtpd
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
dovecot unix - n n - - pipe
flags=ODRhu user=vmail argv=/usr/lib/dovecot/deliver -s -f ${sender}
-d ${us...@${domain}
filter unix - - - - 2 lmtp
-o lmtp_send_xforward_command=yes
127.0.0.1:10024 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_delay_reject=no
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_milters=unix:external/dkim-filter
-o mynetworks=127.0.0.0/8
-o local_header_rewrite_clients=
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks
