On 10/15/2013 4:02 AM, Chad Elliott wrote:
>> Make sure you understand address classes.
>
> We are not a virtual mailbox domain, we are a virtual alias domain
> because we use UNIX accounts for the few mailboxes we have, ...
Noel is correct. You're broken. And you are using
virtual_mailbox_domains. Look at your "postconf -n":
...
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_domains = hash:/etc/postfix/mydomains
If I understand you correctly, you simply want additional aliases for
your users, correct? To do that you use a *standard Postfix config* and
simply add a virtual_alias_maps file. The left side are the virtual
aliases. The right side are the UNIX account addresses (though they can
be any valid email address):
/etc/postfix/virtual
walter_wh...@breakingbad.com mrwh...@breakingbad.com
jessie_pink...@breakingbad.com jes...@breakingbad.com
gustavo_fr...@breakingbad.com g...@breakingbad.com
That's it. It's that simple. Now, if you don't want to accept SMTP
mail to the UNIX acct addresses, only the virtual aliases, simply put
them in an access(5) table and have the following, in this order, in
smtpd_recipient_restrictions
...
check_recipient_access hash:/etc/postfix/shield_acct_names
reject_unlisted_recipient
...
/etc/postfix/shield_acct_names
mrwh...@breakingbad.com
jes...@breakingbad.com
g...@breakingbad.com
As long as your check is before virtual alias expansion this should
work. Postfix should reject any mail to UNIX addresses, and any
addresses not in /etc/aliases or /etc/postfix/virtual
I've been using the first half of this setup for years so I know it
works. I've not tested the 'UNIX address shielding', but it should work
as well.
--
Stan
