On Tue, May 31, 2011 at 03:20:05PM +0200, Thomas Berger wrote: > in our current configuration, we have one postfix system, in front > of some other mailservers. > > We check the recipient address of incoming mails at the first > system, and could reject the mail there, if send to an unknown > user. But if the users mailbox is full, we would send backscatter.
The "right" solution is to have the recipient address checking process also check for the "full mailbox" condition, or better yet, use a check_recipient_access lookup which returns a proper reject message for these full mailboxes. > Now we want to redirect Bounces, send to an external system to one > of our virtual users. This is broken. Although you're rightly thinking about minimizing backscatter, you may be causing loss of real mail. > But, as the virtual address expansion is already done, until we > pass the smtpd_reciepient_restrictions, we get an "user unknown" > error. > > Is there another solution, to redirect mails from <> based on the > recipient address? > > I attached the output of postconf to this mail, Please note that what is needed is "postconf -n". It's possible that I missed something relevant in all of that, which I did not attempt to read. > here are the relevant ports of the logfile: > > May 31 15:16:32 christel postfix/smtpd[3890]: NOQUEUE: redirect: > RCPT from bor-hsc.user.boreus.de[10.114.100.48]: > <t...@euthanasie-webhosting.de>: Recipient address triggers REDIRECT > postmas...@boreus.de; from=<> to=<t...@testdomain.tld> proto=SMTP This seems to be the result of a check_recipient_access lookup. > May 31 15:16:39 christel postfix/virtual[3900]: F2A382AD89: > to=<postmas...@boreus.de>, orig_to=<t...@euthanasie-webhosting.de>, > relay=virtual, delay=17, delays=17/0/0/0, dsn=5.1.1, status=bounced > (unknown user: "postmas...@boreus.de") > > postmas...@boreus.de is a valid virtual address, mapped to mutliple > internal recipients. So I guess you are saying it is a virtual ALIAS. Here it failed to be delivered as a virtual MAILBOX. If you have receive_override_options set with no_address_mappings, you can't deliver to a virtual alias at this point. > As we have only virtual domains on this > mailsystem, there is no way to send to a local user. > receive_override_options = > smtpd_client_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject (This is not suitable for a MX host.) > smtpd_data_restrictions = > smtpd_helo_restrictions = > smtpd_recipient_restrictions = check_sender_access > hash:/etc/postfix/check_bounce_sender, permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sender_restrictions = mysql:/etc/postfix/mysql-sender_restrictions.cf No check_recipient_access lookup exists in the above. > virtual_alias_domains = $virtual_alias_maps > virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf, > mysql:/etc/postfix/mysql-virtual-to-local.cf What you are telling us is that virtual_alias_maps were not checked, but no evidence to that effect was shown. > virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf boreus.de is found here, in virtual_mailbox_domains > virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf postmas...@boreus.de is NOT found here. Go back to the right solution, above. Figure out a way to check for and populate a list of addresses with "full" mailboxes. Then consult that list as a check_recipient_access lookup. http://www.postfix.org/SMTPD_ACCESS_README.html http://www.postfix.org/access.5.html http://www.postfix.org/postconf.5.html#check_recipient_access If further help is needed: http://www.postfix.org/DEBUG_README.html#mail -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
