Hi,
I've set up a fedora14 box with postfix v2.7.3, and have configured a
few virtual domains using virtual_alias_maps. I've also set up client
restrictions to list all users in the domain authorized to receive
mail. The box is receiving mail for users in that domain, but I cannot
send mail as one of those users to an external user. It fails with
"relay access denied".
I've read the virtual README, virtual man page, and other docs, but
not sure what I'm missing. I've set mynetworks properly, and have not
listed the virtual domains in the relay_domains parameter.
Below is my postconf.
alias_maps = hash:/etc/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = no
mail_owner = postfix
mailbox_size_limit = 2000000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 5d
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain
mydomain = example.com
myhostname = mail02t.example.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.6.0/24, 68.195.XXX.0/24
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix-2.7.3/README_FILES
relay_domains = $mydestination, $transport_maps
sample_directory = /usr/share/doc/postfix-2.7.3/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_CAfile = /etc/pki/tls/cacert.pem
smtpd_recipient_restrictions =
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
reject_unauth_destination, permit_mynetworks,
check_recipient_access pcre:/etc/postfix/relay_recips_access,
check_recipient_access
pcre:/etc/postfix/relay_recips_maillistusers, check_client_access
hash:/etc/postfix/client_checks, reject_rbl_client
zen.spamhaus.org reject_invalid_hostname,
reject_non_fqdn_hostname, check_helo_access
hash:/etc/postfix/helo_checks, check_sender_access
hash:/etc/postfix/sender_checks, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname, mail02t.example.com
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_sender_login_mismatch
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
Here is the contents of the virtual map file:
example.com VIRTUALDOMAIN
j...@example.com joe
j...@example.com jen
Both users are listed in the relay_recips_access map:
/^j...@example.com$/ DUNNO
/^j...@example.com$/ DUNNO
/^.*@example.com$/ REJECT
Ideas greatly appreciated.
Thanks,
Alex
