On Thu, Apr 18, 2019 at 03:49:16PM -0700, ecsd wrote:
> I set "mydestination = localhost, localhost.transbay.net" and think
> "localhost.transbay.net" ought to be able to go away,
> though for now it's being used as a key to deliver.
Much depends on your setting of "append_dot_mydomain", which used
to default to "yes", but recently defaults to "no". I prefer the
original setting, which can invalidate post-relay DKIM signatures,
when message headers contain unqualified addresses, so is perhaps
not ideal for machines that manage public mailing lists, but IMHO
the original value is more convenient, otherwise, and I'm not a fan
of SPF, DKIM, DMARC, ... The other reason for "no" is hypothetical
email addreses at top-level domains, user@ai, user@tv, ... I don't
see those expected to work any time soon.
Anyway, if you have "append_dot_mydomain", you need both. Otherwise
just "localhost" should be enough.
> local_recipient_maps =
> hash:/usr/local/etc/postfix/postfix.users
> $alias_maps
> virtual_alias_maps = hash:/usr/local/etc/postfix/virtusers
> alias_maps = hash:/usr/local/etc/postfix/aliases
Good. But you have explained what you're using for "myorigin".
> I merged the machine's userbase (passwd and some aliases) into
> "virtusers" under the virtual mappings for "transbay.net".
The lookup keys (LHS) need to the full email addresses (user@domain)
for each recipient in the now virtual domain.
> I [... ]am proceeding on the assumption that in order for virtusers to
> deliver to a local recipient,
> (a) that recipient must be listed on the RHS as 'username@localhost', and
Yes.
> (b) the RHS destination 'username@localhost' must also be listed in
> 'postfix.users' (even if username@localhost was an alias, i.e. not a real
> user.)
No, that's not necessary. The "local_recipinet_maps" table is only
used to validate the input address in the SMTP command, once mail
is accepted, the table is never used again.
> All the local references are "username@localhost" and not
> "usern...@localhost.transbay.net".
That's what I suggested. But also resolve one-to-many lists to
individual users in virtual aliases, rather than forward the list
to list@localhost, which defeats the point of the exercise. The
only lists that need local processing are the kind that are managed
by majordomo or Gnu mailman. Some people have separate "lists"
sub-domains for those, but virtual aliases also work.
> For the moment I have multiple listings for subdomains, e.g.
>
> usern...@transbay.net username@localhost
> usern...@mail.transbay.net username@localhost
Every valid address in virtual alias domain must be listed, and
rewritten to an underlying domain (such as localhost). Other
addresses may also be rewritten as you see fit.
Domains like "mail.transbay.net", that are (it seems) neither virtual
alias nor local (in mydestination, see ADDRESS_CLASS_README) nor
virtual mailbox nor relay domains will not accept mail from outside,
My advice is to make all domains for external email is accepted be
virtual alias domains, with rewriting to "real" domains behind the
scenes. You could use 'virtual.invalid' as your underlying virtual
mailbox domain to complement "localhost" (localhost.$mydomain) as
your local domain.
> I recall there was a setting to say that postfix would consider
> "mail.transbay.net" to be the same
> as "transbay.net" so the excess mapping can be eliminated.
No, only the "local" address class conflates multiple domains, but
you're moving away from using it directly.
> The system still refuses to deliver to certain recipients, in most cases
> saying they "cannot be found in the virtual aliases table" despite the
> symbol clearly being in > the virtusers file on the LHS
> with a username@localhost destination.
That shows that the "clearly" is not in fact true. Perhaps you
need to rebuild the table with "postmap", or the address form
in the table differs from the recipient address.
> Oh, also, I am using "/dev/null" as the destination on the RHS in
> virtusers in some cases.
That's not valid. Instead:
virtual:
nob...@example.com nobody@discard.invalid
...@example.com ...@discard.invalid
transport:
discard.invalid discard:silently
main.cf:
indexed = ... see previous post ...
transport_maps = $indexed{transport}
There should be "discard" transport in your master.cf file.
It is the most efficient way in Postfix to discard mail
to individual recipients (as opposed to messages based
on content, ...).
--
Viktor.
