On 10/15/2012 6:06 AM, Dominique wrote: > Hi list(s), > > A few years ago we setup a simple postfix+Cyrus Mail server in the > office (running on Ubuntu server). Across the years, we configured > it to send and access our mails from various sources (in the office > with tb, on the road though webgui, and recently through > smartphones). All is well in the best of worlds. It is really basic > configuration with its own certificate with a single domain name. >
Ok, pretty standard setup with the local domain listed in mydestination, aliases listed in alias_maps. > Recently, we purchased two new domain names for a new project and > wanted to include them to our mail server. I went on reading the > postfix doc for virtual domains and got lost. Our mail users are > independant from the linux users (virtual users) and I found a > configuration description that looked like what I wanted. It seems > the way to go, especially if we want to continue to add more domains > in the future. You're looking for a virtual mailbox domain. The domain name is listed in virtual_mailbox_domains, valid recipients are listed in virtual_mailbox_maps (which is not necessarily used by cyrus), and aliases are listed in virtual_alias_maps. http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox > However, I am not sure how to convert from our basic > setup to a virtual domain setup, There is no need to convert your current domain from a local domain to a virtual_mailbox_domain unless you just want to; assuming it's working the way you want already. If you want to convert, move the domain from mydestination to virtual_mailbox_domains, list the valid recipients in virtual_mailbox_maps, list any aliases in virtual_alias_maps. Note: use fully-qualified addresses in virtual_alias_maps. u...@example.com ali...@example.com I don't know if changes will be required to the cyrus setup; that's outside the scope of this list. > especially since I cannot find > where and how to configure certificates per domain on a server with > a single public IP. There is no such config. Mail servers use only one certificate and one name regardless of how many domains hosted. This is a different (and far simpler) idea from web servers that may have thousands of names & matching certificates on a single IP. > Postconf -n > > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination, OK. > reject_invalid_hostname, reject_non_fqdn_hostname, > reject_non_fqdn_sender, reject_non_fqdn_recipient, > reject_unknown_sender_domain, reject_unknown_recipient_domain, Using reject_unknown_recipient_domain here is not useful. Since you've already rejected unauth destinations and non-fqdn recipients, the only recipient domains left are your own. At best, this will be a useless extra DNS lookup. At worst, it will reject legit local mail if your local DNS hiccups. > reject_unauth_pipelining, reject_rbl_client bl.spamcop.net, > reject_rbl_client zen.spamhaus.org, reject_rbl_client > blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org, blackholes.easynet.nl has been inactive for several years. Check ALL your RBLs periodically. -- Noel Jones
