On Mar 13, 2013, at 10:47, Gerald Vogt <v...@spamcop.net> wrote: > Hi! > > I am trying to set up mail relays for our domain. Basically, the relays > should only "route" e-mails to their destination. They are not supposed > to deliver any e-mails locally. Relays are also supposed to masquerade > server names. All mail accounts for our domain reside on a central > mailbox server. > > For example, if example.com is our domain: > > u...@example.com > u...@server.example.com > > should go to mailbox server mailbox.example.com (i.e. > u...@mailbox.example.com) > > All other domains are routed as usual via MX records to the internet. > > Of course, I want the server to refuse non-existing mail accounts, thus > I have a virtual_alias_map which contains mappings for all existing > accounts. > > My problem now is that this works fine for e-mails sent from the relay > itself. The relay will accept mails for u...@example.com and > u...@server.example.com and will correctly forward it to the mailbox. It > will also refuse to accept mails to non-existing addresses, e.g. > t...@example.com and t...@server.example.com > > However, for e-mails arriving from outside of our network the relays > won't accept e-mails going to any address containing the server name > because it's not listed in the virtual_alias_map. > > It will accept u...@example.com but deny u...@server.example.com with an > 554 relay access denied. > > So it seems postfix does the relay checks first and will only do > masquerading after that. I have tried many things but to no avail. There > seems to be no way around this. > > Anyone has a suggestion how to handle this? > > Thanks, > > Gerald > > postconf -n of a test relay with a minimal config: > > alias_database = > alias_maps = > canonical_maps = hash:/etc/postfix/canonical > config_directory = /etc/postfix > local_header_rewrite_clients = static:all > masquerade_classes = envelope_recipient > masquerade_domains = example.com > mydestination = > mynetworks = 127.0.0.0/8 > relayhost = > virtual_alias_domains = example.com > virtual_alias_maps = hash:/etc/postfix/virtual > > /etc/postfix/virtual: > > u...@example.com u...@mailbox.example.com > first.l...@example.com u...@mailbox.example.com
Masquerading is intended for outgoing only, AFAIK, see; http://www.postfix.org/postconf.5.html#masquerade_domains Why not use 'transport_maps', if you are not delivering any mail locally? example.com relay:[mailbox.example.com] You can relay the server name addresses in a similar fashion; server.example.com relay:[mailbox.example.com] Or use 'recipient_canonical_maps' to rewrite; @server.example.com @example.com Which will then be routed to 'mailbox.example.com' using the transport maps. The latter means that the backend server does not need to know about 'server.example.com'. When combined with address verification this also removes the need to maintain a list of valid accounts on the relay server itself, since it will check if an account exists before accepting mail for it. Cya, Jona
