Re: Rewrite user xxx in a specific local domain

[Simon Wilson]

----- Message from Viktor Dukhovni <postfix-us...@dukhovni.org> ---------
    Date: Mon, 22 Mar 2021 20:25:01 -0400
    From: Viktor Dukhovni <postfix-us...@dukhovni.org>
Reply-To: postfix-users@postfix.org
 Subject: Re: Rewrite user xxx in a specific local domain
      To: postfix-users@postfix.org

On Tue, Mar 23, 2021 at 10:16:31AM +1000, Simon Wilson wrote:

I run multiple local domains, and for the first time need to have the
same username in two of them go to different local accounts.

I.e. my son has a local (LDAP) account "dom". Mail sent to
dom@his-personal-domain reaches that mailbox fine. He now has a
business domain, and I have setup a LDAP account dom.w, so
dom.w@his-business-domain works fine. What I want to be able to do is
rewrite dom@his-business-domain when it is received so it delivers to
dom.w@his-business-domain.

From what I read at http://www.postfix.org/aliases.5.html I don't
think I can do this with aliases directly, as the "name" component of
the alias line is a local address with no domain part. What I need to
have happen (written in alias-style format) is this:

dom@his-personal-domain:    dom     # this works fine already
dom.w@his-business-domain:  dom.w   # this works fine already
dom@his-business-domain:    dom.w   # this is the bit I want to add

How do I achieve this with rewriting or aliasing, i.e. without having
to move to virtual domains?

You don't have to move to "virtual domains".  The virtual(5) aliases
table applies to all recipient addresses, regardless of "address class".

In fact you should avoid local aliases(5) for address to address
rewriting, and do all such rewriting in virtual(5) instead, using
the aliases(5) file only for "|command", "/some/file" or ":include:"
aliases.

That said, I recommend making *all* you real domains be virtual alias
domains, and using only "localhost.localdomain" or similar as the only
domain in mydestination, with all addresses intended for local delivery
rewritten into that domain as appropriate.

In some cases I go further and add access(5) rules that block direct
remote addressing of that domain, so that all inbound mail has to
come through one of the virtual alias domains.

So you can certainly migrate to virtual alias domains, which is a
better model.


----- End message from Viktor Dukhovni <postfix-us...@dukhovni.org> -----

Thanks Viktor and Noel.

Reading http://www.postfix.org/VIRTUAL_README.html, what I currently  
have is "As simple as can be: shared domains, UNIX system accounts":
 /etc/postfix/main.cf:
    mydestination = $myhostname, localhost.$mydomain ...  
simonandkate.net,... etc
...with any required aliases in /etc/aliases, e.g.:
    root: si...@simonandkate.net
    si:  si...@simonandkate.net
    etc.

Noel's response is the 'quickest way to achieve what I want':

- insert "dom@business-domain   dom.w@business-domain" into  
/etc/postfix/virtual
- postmap /etc/postfix/virtual & postfix reload
- I assume this works because of:
    [root@emp87 postfix]# postconf -n | grep virtual_transport
    [root@emp87 postfix]# postconf -d | grep virtual_transport
    ...
    virtual_transport = virtual
- This keeps me on "As simple as can be: shared domains, UNIX system  
accounts", but uses the virtual transport to resolve my requirement  
for this one address only.

I read Viktor's response as a step further, taking me to "Postfix  
virtual ALIAS example: separate domains, UNIX system accounts"  
(http://www.postfix.org/VIRTUAL_README.html):

- mydestination = $myhostname, localhost.$mydomain  # no hosted  
domains in here
- virtual_alias_domains = simonandkate.net, ...     # all hosted domains here
- virtual_alias_maps    = hash:/etc/postfix/virtual
- have all hosted email addresses mapped to locals in /etc/postfix/virtual:
    si...@simonandkate.net  simon
    s...@simonandkate.net     simon
    dom@personal-domain     dom
    dom@business-domain     dom.w
    etc.

Questions on 'virtual':
1. leave local aliases in /etc/aliases? e.g. postmaster: root;  
virusalert: root; root: si...@simonandkate.net, etc.?
2. looks like virtual multiple recipients works per aliases, e.g.  
"voicem...@simonandkate.net si...@simonandkate.net,  
us...@simonandkate.net"?
3. http://www.postfix.org/virtual.5.html says that each virtual alias  
domain needs a line with no addresses:

       /etc/postfix/virtual:
           virtual-alias.domain    anything (right-hand content does  
not matter)   <----- this line -----
           postmaster@virtual-alias.domain postmaster
           user1@virtual-alias.domain      address1
           user2@virtual-alias.domain      address2, address3
       The virtual-alias.domain anything entry is required for a  
virtual alias domain. Without  this  entry,  mail  is  rejected  with   
"relay access denied", or bounces with "mail loops back to myself".

...yet this requirement for "virtual-alias.domain    anything  
(right-hand content does not matter)" is not stated in  
http://www.postfix.org/VIRTUAL_README.html. If it is required, should  
http://www.postfix.org/VIRTUAL_README.html not reflect that? Or am I  
misreading one or the other?

Thanks
Simon

--
Simon Wilson
M: 0400 12 11 16