On Tue, Apr 09, 2013 at 04:56:28PM -0700, Quanah Gibson-Mount wrote:
> The main issue right now is that it has:
>
> virtual_transport = error
>
> which I was told makes little sense, so I'm trying to correct our
> configuration.
Actually, it is not always a bad idea. If you have a virtual_mailbox
domain, solely for the purpose of recipient validation:
indexed = ${default_database_type}:${config_directory}/
virtual_mailbox_domains = example.com
virtual_mailbox_maps = ${indexed}vmbox
and if delivery to real users in example.com is always via LMTP or
some other transport that requires an explicit user mapping (say
to a specific IMAP server, ...) then it may make sense to set:
virtual_transport = error:5.1.1 User unknown
transport_maps = ${indexed}transport
with:
/etc/postfix/vmbox:
lu...@example.com ok
/etc/postfix/transport:
lu...@example.com lmtp:inet:imap.example.com:24
with the result that mail to <lu...@example.com> is delivered to
the virtual mailbox, while mail for <bo...@example.com> is not
only rejected by smtpd(8) (since bogus is not in virtual_mailbox_maps),
but also bounces if generated locally, since it resolves to the
error transport without the need to contact the LMTP server (which
may in some cases be configured to create mailboxes on the fly).
This said, I would take a different approach:
main.cf:
# Use virtual alias domains for mail routing, not per-user
# transport entries.
#
indexed = ${default_database_type}:${config_directory}/
virtual_alias_domains = example.com
virtual_alias_maps = ${indexed}valias
virtual_mailbox_domains = ${indexed}vmdomains
transport_maps = ${indexed}transport
# Optional, undo virtual(5) rewrites.
smtp_generic_maps = ${indexed}generic
# Refuse mail to user@invalid or user@subdomain.invalid
smtpd_relay_restrictions =
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_recipient_restrictions =
check_recipient_access ${indexed}rcpt-access
/etc/postfix/rcpt-access
# Don't allow explicit addressing of ".invalid" namespace.
invalid REJECT 5.1.2 invalid destination domain
.invalid REJECT 5.1.2 invalid destination domain
/etc/postfix/valias:
# One entry per valid user
lu...@example.com luser@lmtp1.virtual.invalid
lus...@example.com luser@lmtp2.virtual.invalid
...
/etc/postfix/generic:
# Optional, needed if the LMTP servers don't like
# luser@lmtp<N>.virtual.invalid and need the original
# external address.
luser@lmtp1.virtual.invalid lu...@example.com
/etc/postfix/transport:
# One entry per LMTP server
lmtp1.virtual.invalid lmtp:inet:server1.example.com:24
lmtp2.virtual.invalid lmtp:inet:server1.example.com:24
...
/etc/postfix/vmdomains:
# One entry per LMTP server
lmtp1.virtual.invalid virtual
lmtp2.virtual.invalid virtual
...
--
Viktor.
