Re: Setting up virtual domains correctly

Tue, 09 Apr 2013 18:03:08 -0700 

--On Tuesday, April 09, 2013 8:18 PM -0400 b...@bitrate.net wrote:


On Apr 9, 2013, at 19.56, Quanah Gibson-Mount <qua...@zimbra.com> wrote:


I'm trying to fix my virtual domain configuration with postfix, which as
noted in a prior discussion was done incorrectly by some unknown to me
person in the past.

The main issue right now is that it has:

virtual_transport = error

which I was told makes little sense, so I'm trying to correct our
configuration.

First, all of our data is stored in LDAP (domains, users, etc).  For my
test setup, the "real" domain is zre-ldap002.eng.vmware.com.  I've
created a virtual (alias) domain "example.com".

With my default configuration, if I send mail to u...@example.com AND
the user exists as u...@zre-ldap002.eng.vmware.com, mail delivery occurs.


likely, the reason this "works" is because virtual_transport is never
being used, if actual delivery for every recipient is passed off
somewhere else via lmtp as you seem to perhaps indicate below.
Yes, delivery is to the server that actually hosts the mailbox for the user, via LMTP. 


postmap on my base transport works for this:
zimbra@zre-ldap002:~$ postmap -q u...@zre-ldap002.eng.vmware.com
ldap:/opt/zimbra/conf/ldap-transport.cf
lmtp:zre-ldap002.eng.vmware.com:7025


please supply postconf -nf and postconf -Mf, or if an older version,
postconf -n and master.cf with comments removed.


postconf -nf:
alias_maps = hash:/etc/aliases
always_add_missing_headers = yes
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
broken_sasl_auth_clients = yes
command_directory = /opt/zimbra/postfix/sbin
config_directory = /opt/zimbra/postfix-2.10.0.2z/conf
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /opt/zimbra/postfix/libexec
delay_warning_time = 0h
disable_dns_lookups = no
header_checks =
import_environment =
in_flow_delay = 1s
inet_protocols = ipv4
lmtp_connection_cache_destinations =
lmtp_connection_cache_time_limit = 4s
lmtp_host_lookup = dns
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /opt/zimbra/postfix/sbin/mailq
manpage_directory = /opt/zimbra/postfix/man
maximal_backoff_time = 4000s
message_size_limit = 10240000
minimal_backoff_time = 300s
mydestination = localhost
myhostname = zre-ldap002.eng.vmware.com
mynetworks = 127.0.0.0/8 10.137.242.0/24 [::1]/128 [fc00:10:137:242::]/64
   [fe80::]/64
newaliases_path = /opt/zimbra/postfix/sbin/newaliases
non_smtpd_milters =
notify_classes = resource,software
propagate_unmatched_extensions = canonical
queue_directory = /opt/zimbra/data/postfix/spool
queue_run_delay = 300s
recipient_delimiter =
relayhost =
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
sendmail_path = /opt/zimbra/postfix/sbin/sendmail
setgid_group = postdrop
smtp_cname_overrides_servername = no
smtp_fallback_relay =
smtp_helo_name = $myhostname
smtp_sasl_auth_enable = no
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_security_options = noplaintext,noanonymous
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions =
smtpd_helo_required = yes
smtpd_milters =
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
   reject_unlisted_recipient, reject_invalid_helo_hostname,
   reject_non_fqdn_sender, permit
smtpd_reject_unlisted_recipient = no
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks,
   reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sender_restrictions = check_sender_access
regexp:/opt/zimbra/postfix/conf/tag_as_originating.re, permit_mynetworks, 
   permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access
   regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
virtual_alias_expansion_limit = 10000
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
virtual_transport = proxy:ldap:/opt/zimbra/conf/ldap-vtransport.cf



postconf -Mf
smtp       inet  n       -       n       -       -       smtpd
   -o content_filter=scan:[127.0.0.1]:10030
465        inet  n       -       n       -       -       smtpd
   -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=
   -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions=
   -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
   -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
submission inet  n       -       n       -       -       smtpd
-o content_filter=scan:[127.0.0.1]:10030 -o smtpd_etrn_restrictions=reject 
   -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions=
   -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submission -o milter_macro_daemon_name=ORIGINATING 
scan       unix  -       -       n       -       10      smtp
   -o smtp_send_xforward_command=yes -o disable_mime_output_conversion=yes
   -o smtp_generic_maps=
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
maildrop   unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus  unix  -       n       n       -       -       pipe
   flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus      unix  -       n       n       -       -       pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} 
uucp       unix  -       n       n       -       -       pipe
   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
   ($recipient)
ifmail     unix  -       n       n       -       -       pipe
   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe
   flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
   $recipient
smtp-amavis unix -       -       n       -       10      smtp
   -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes -o max_use=20
[127.0.0.1]:10025 inet n -       n       -       -       smtpd
   -o content_filter= -o local_recipient_maps= -o virtual_mailbox_maps=
   -o virtual_alias_maps= -o relay_recipient_maps=
   -o smtpd_restriction_classes= -o smtpd_delay_reject=no
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions=
-o smtpd_helo_restrictions= -o smtpd_milters= -o smtpd_sender_restrictions= 
   -o smtpd_reject_unlisted_sender=no -o smtpd_relay_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks_style=host -o mynetworks=127.0.0.0/8,[::1]/128
   -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings 
   -o local_header_rewrite_clients= -o syslog_name=postfix/amavisd
[127.0.0.1]:10030 inet n -       n       -       -       smtpd
   -o local_recipient_maps= -o virtual_mailbox_maps= -o virtual_alias_maps=
   -o relay_recipient_maps= -o smtpd_restriction_classes=
   -o smtpd_delay_reject=no -o smtpd_milters=inet:localhost:8465
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o smtpd_sender_restrictions= -o smtpd_helo_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_reject_unlisted_sender=no -o smtpd_relay_restrictions=
   -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions=
   -o syslog_name=postfix/dkimmilter
   -o content_filter=smtp-amavis:[127.0.0.1]:10032

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Reply via email to