Rob, Thank you very much for your help. It looks like the missing virtual_alias_domains was the problem.
Scott ----- Original Message ----- From: /dev/rob0 <r...@gmx.co.uk> To: postfix-users@postfix.org Cc: Sent: Wednesday, August 8, 2012 5:24 PM Subject: Re: postfix thinks mysql managed email address is remote On Wed, Aug 08, 2012 at 07:40:22AM -0700, Scott Brown wrote: > The old virtual domain is resumearrow.com. The new, mysql-managed > domain, is parallelemail.com > > If I run a postmap -q on my email address under both domains, the > results are the same: > [root@miltermatic log]# postmap -q sbr...@resumearrow.com > mysql:/etc/postfix/mysql-virtual.cf > scottwb...@yahoo.com > [root@miltermatic log]# postmap -q sbr...@parallelemail.com > mysql:/etc/postfix/mysql-virtual.cf > scottwb...@yahoo.com This is virtual_alias_maps. You don't show a setting below for virtual_alias_domains, and the default is "$virtual_alias_maps". So try this: postmap -q resumearrow.com mysql:/etc/postfix/mysql-virtual.cf postmap -q parallelemail.com mysql:/etc/postfix/mysql-virtual.cf As I said, the domain lookup is failing. Therefore it is considered an unauthorized destination, and reject_unauth_destination blocks your mail. http://www.postfix.org/ADDRESS_CLASS_README.html#virtual_alias_class http://www.postfix.org/VIRTUAL_README.html#virtual_alias BTW, same-envelope forwarding of mail to domains you do not control (yahoo.com) is likely to be troublesome. When you get and forward spam, they might flag you as a spam source. > Because postfix rejects the session at the RCPT command, I don't > believe any further details of the session are available for the > parallelemail domain: > [root@miltermatic log]# grep "sbr...@parallelemail.com" maillog > Aug 8 10:33:21 miltermatic postfix/smtpd[10117]: NOQUEUE: reject: RCPT from > mail-qc0-f170.google.com[209.85.216.170]: 554 5.7.1 > <sbr...@parallelemail.com>: Relay access denied; from=<sc...@livecareer.com> > to=<sbr...@parallelemail.com> proto=ESMTP helo=<mail-qc0-f170.google.com> > > Postfix did assign a message identifier to the email to > resumearrow.com, so I can provide more, non-verbose, session > details on that: > [root@miltermatic log]# grep "sbr...@resumearrow.com" maillog > Aug 8 10:33:07 miltermatic postfix/smtp[10081]: 971C814A805F: > to=<scottwb...@yahoo.com>, orig_to=<sbr...@resumearrow.com>, > relay=127.0.0.1[127.0.0.1]:10024, delay=5.3, delays=0.58/0/0/4.8, dsn=2.0.0, > status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued > as 6919414A8066) > [root@miltermatic log]# grep "971C814A805F" maillog > Aug 8 10:33:02 miltermatic postfix/smtpd[10119]: 971C814A805F: > client=mail-qa0-f49.google.com[209.85.216.49] > Aug 8 10:33:02 miltermatic postfix/cleanup[10060]: 971C814A805F: > message-id=<cc47f0d4.d260%sc...@livecareer.com> > Aug 8 10:33:02 miltermatic postfix/qmgr[10053]: 971C814A805F: > from=<sc...@livecareer.com>, size=5732, nrcpt=1 (queue active) > Aug 8 10:33:07 miltermatic postfix/smtp[10081]: 971C814A805F: > to=<scottwb...@yahoo.com>, orig_to=<sbr...@resumearrow.com>, > relay=127.0.0.1[127.0.0.1]:10024, delay=5.3, delays=0.58/0/0/4.8, dsn=2.0.0, > status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued > as 6919414A8066) > Aug 8 10:33:07 miltermatic postfix/qmgr[10053]: 971C814A805F: removed > > Here's the postconf -n output: > [root@miltermatic log]# postconf -n > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > body_checks = regexp:$config_directory/usermanaged/body_checks > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = amavisd-new:[127.0.0.1]:10024 > daemon_directory = /usr/libexec/postfix > debug_peer_level = 3 > default_process_limit = 30 > header_checks = regexp:$config_directory/usermanaged/header_checks > html_directory = /usr/share/doc/postfix-2.5.1-documentation/html > inet_interfaces = $myhostname, localhost > mail_owner = postfix > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > mydomain = miltermatic.hiresites.com > myhostname = miltermatic.hiresites.com > mynetworks = 67.22.105.2 67.22.105.3 127.0.0.1 67.22.101.154 10.10.17.56 > myorigin = $myhostname > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme > relayhost = 67.22.105.2 Enclose that in [] to inhibit MX lookup, which obviously won't find anything for "67.22.105.2". Also, having a relayhost in mynetworks might not always be a good idea. If that host thought mail should go back to you for some reason, you'd have a mail loop. > sample_directory = /etc/postfix > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtp_connection_cache_destinations = > smtp_connection_cache_on_demand = no > smtpd_banner = $myhostname ESMTP MilterMatician (0.1) > reject_unknown_recipient_domain > smtpd_sereject_rbl_client relays.mail-abuse.org.org, Looks like a copy-paste error here. "relays.mail-abuse.org.org" does not exist, of course. > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf > > Thanks again - I look forward to your ideas on how to troubleshoot > further > > ----- Original Message ----- > From: /dev/rob0 <r...@gmx.co.uk> > To: postfix-users@postfix.org > Cc: > Sent: Tuesday, August 7, 2012 6:50 PM > Subject: Re: postfix thinks mysql managed email address is remote > > On Tue, Aug 07, 2012 at 03:28:45PM -0700, Scott Brown wrote: > > I recently switched from using flat virtual files to using mysql > > to manage a virtual table. > > http://www.postfix.org/DATABASE_README.html#preparing is worth a > read. > > > Email addresses that were set up prior to the switchover can be > > reached. But emails set up afterwards can't. > > postmap -q new@address mysql:/path/to/your/query > > > I added verbose logging to the smtp processes by adding the -v > > parameter in master.cf > > It looks like you added it to smtpd, not smtp. Probably was not > necessary. > > > With old email addresses set up prior to mysql, the resolve_clnt > > function seems to recognize that the domain is local, even though > > it doesn't initially see the email address in the virtual alias > > table (not sure why) > > Your post should have included "postconf -n" also. This would have > been more useful than verbose logs. > > > With the new email addresses that are managed by mysql, > > resolve_clnt doesn't seem to be looking up the email in the virtual > > table. Instead, it comes back with the host IP address -- this is > > the relayhost value set in main.cf. > > > > Here are the maillog entries for the email set up prior to the > > mysql switch: > > [root@miltermatic log]# grep "sbr...@oldvirtualdomain.com" maillog > > This grep string is going to miss some logging. > > [snip] > > I get "Relay access denied" if I try sending email to that domain > > from gmail. If I try sending email to that domain with a manual > > telnet smtp session to localhost port 25 on the machine postfix is > > running on, it goes through fine: > > Sounds like your domain lookup (virtual_mailbox_domains? Just > guessing, because you did not show us) is failing, but your > permit_mynetworks restriction accepts it locally. > > > Any help would be greatly appreciated! > > Repost including NON-verbose logs and postconf -n, plus the output of > any relevant postmap -q lookups. Lose the grep: show an entire > transaction for one each of working and non-working addresses. Lose > the munging, because that will make mail routing issues hard to > impossible to diagnose. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
