On Wed, Apr 17, 2019 at 09:53:14PM -0700, ecsd wrote:
> The documentation should list the parameter as long as it exists
> (supported by the code, which it is) and say it is deprecated
> and not to be used.
It is an obsolete and mostly equivalent form of reject_unauth_destination,
which only differs from that latter in a fragile and unsupported
manner. You don't need it. You should be using *documented* parameters.
> smtpd_relay_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> permit_auth_destination
If these don't work for you, then your system is misconfigured.
> Apr 17 20:43:24 transbay postfix/smtpd[72940]: /fatal: in parameter
> smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at
> least one working instance of: reject_unauth_destination,
> defer_unauth_destination, reject, defer, defer_if_permit or
> //*check_relay_domains*/
Don't do that. Use reject_unauth_destination, it works better.
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
> reject_unauth_destination permit_auth_destination
> > No, that's not the case, and has nothing to do with "Bcc" as such.
> > What is true is that delivery to local aliases(5) is retried when
> > any local recipient that the alias expands to fails. The solution
> > is to use virtual aliases whenever possible, leaving local aliases
> > for just pipes, and special lists (:include: and lists with owner
> > aliases).
>
> This says I should *not* use the standard system aliases file, on
> FreeBSD that is /etc/mail/aliases.
You should use it sparingly, for 1-to-1 aliases, use for 1-to-many
aliases is fragile, if multiple aliases expand to local mailboxes.
Use virtual_alias_maps.
> I can if needed pull everything from that to put into another file I
> created containing all my local
> users as defined in /etc/passwd so that I did not have to worry whether
> postfix could read /etc/passwd,
Postfix can read /etc/passwd, but it is better to make all incoming
domains virtual, and only resolve selected recipients to the local
mailer via virtual(5) aliases. Or avoid multi-recipient lists in
/etc/aliases, and implement 1-to-many rewritiing in virtual(5).
> I don't see how that can work. "mydestination" is transbay.net because
> that is the server's public name.
On most of my systems, mydestination is *empty*, I only have virtual
alias domains and virtual mailbox domains. It works just fine.
> "myorigin" supplies the domain to be
> appended if there is none. If a domainless sender "fred" from my machine
> sends, he has to be rewritten as "f...@transbay.net", which is what I
> assume "myorigin" does.
Yes, and that domain is ideally virtual, and gets rewritten to
"localhost" for local delivery, or to some virtual mailbox domain.
> So how can it make sense in my case that
> "mydestination" != "myorigin"? What else could "myorigin" be on the
> server "transbay.net"?
Either "$myhostname" or "$mydomain" as you see fit, but mydestination
would be either empty or "localhost" (possibly localhost.$mydomain).
> I hoped I was solving a problem by setting
> "myorigin", do I get better results to leave it blank?
No, myorigin must not be blank.
> I don't see how "myorigin" could differ from what's in "mydestination".
By not listing $myorigin in $mydestination.
> I don't want my plain user "fred" to be rewritten as
> "f...@mail.transbay.net" besides which mail.transbay.net is again in
> "mydestination". It makes no sense to try to use some other domain,
> because that's not true. When fred sends, to reply to him it would be
> "f...@transbay.net" and so that's how his outbound email has to be marked.
>
> Would I get better results just leaving "myorigin" blank?
No:
/etc/postfix/main.cf:
append_dot_mydomain = yes
myorigin = example.com
mydomain = example.com
mydestination = localhost.$mydomain
indexed = ${default_database_type}:${config_directory}/
virtual_alias_maps = ${indexed}virtual
virtual_alias_domains = $mydomain
relay_domains =
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
/etc/postfix/virtual:
us...@example.com user1@localhost
us...@example.com user2@localhost
l...@example.com us...@example.com, us...@example.com
/etc/postfix/aliases:
some-list-owner: user1
some-list: :include:/etc/mail/list.members
some-pipe: "| /some/command"
--
Viktor.
