RE: Virtual Alias Domains

Mon, 30 Sep 2019 06:01:10 -0700 

Hello Viktor,

First, thanks for all your explanations.
Indeed if i remove the IP address from "mynetworks", I got a "relay access 
denied"

The behavior is strange because :
- the MX of the domain is not this server itself.
- the domain is * not * in virtual_alias_domain
- the email is * still * in virtual file.

If I understand you correctly, if the IP address is in my network, Postfix 
didn't 
check the MX of the domain if an email related  to this domain is in virtual 
file.


-----Message d'origine-----
De : owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> De la 
part de Viktor Dukhovni
Envoyé : samedi 28 septembre 2019 18:18
À : postfix-users@postfix.org
Objet : Re: Virtual Alias Domains

On Sat, Sep 28, 2019 at 03:55:04PM +0000, Nicolas Breuer wrote:

> I'm not sure you understand the issue.

Sadly, you've got the wrong end of the stick.  Your logs start with:

    Sep 28 11:12:35 ns2 postfix/smtpd[16268]: generic_checks: 
name=permit_mynetworks status=1
    Sep 28 11:12:35 ns2 postfix/smtpd[16268]: >>> END Recipient address 
RESTRICTIONS <<<

The client is trusted, and so allowed to send to *any* (potentially
remote) address.  THe logs then continue with:

    Sep 28 11:12:35 ns2 postfix/smtpd[16268]: >>> CHECKING Recipient address 
VALIDATION MAPS <<<

but since the recipient is NOT listed in any relay or final domain,
recipient validation does not apply.

> If the domain is not present in domain file, should be rejected with (MX 
> loops back to me)

No.

> If the email is not in virtual, should be rejected with (user unknown)

No, that only happens when the recipient domain is in
virtual_alias_domains, which was not the case, and the address is
not found in virtual_alias_maps (also not the case).

    Sep 28 11:12:35 ns2 postfix/smtpd[16268]: maps_find: virtual_alias_maps: 
... = root

To reproduce recipient rejection try either:

    - Send from a client *not* listed in mynetworks, and
      the recipient domain not in virtual_alias_domains,
      relay_domains, ...

OR

    - Add the recipient domain to virtual_alias_domains,
      and make sure the recipient address is not listed
      in virtual_alias_maps, canonical_maps, ...

-- 
        Viktor.

Reply via email to