Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

classic Classic list List threaded Threaded
37 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Craig R. Skinner

I'm setting up Postfix for a domain that hosts Dovecot IMAP mail dirs
for real Unix accounts. Postfix needs to accept mail for users' public
aliases, but not their Unix login, and reject mail for daemon accounts.
e.g:


[hidden email] --> jb4356
[hidden email] --> jb8921
[hidden email] --> postmaster
[hidden email] --> postmaster
[hidden email] --> hostmaster


The above are in /etc/passwd:
[hidden email] --> postmaster
[hidden email] --> hostmaster
[hidden email] --> reject as unknown
[hidden email] --> reject as unknown
[hidden email] --> reject as unknown
[hidden email] --> reject as unknown
[hidden email] --> reject as unknown
[hidden email] --> reject as unknown
[hidden email] --> reject as unknown

[hidden email] --> reject as unknown
[hidden email] --> reject as unknown
...
...


main.cf [part]:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myorigin = $mydomain
mail_spool_directory = /var/mail/
mailbox_transport = lmtp:unix:private/dovecot-lmtp
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
alias_maps = btree:$config_directory/aliases
alias_database = btree:$config_directory/aliases
local_transport = local:$myhostname
canonical_maps = btree:$config_directory/canonical.map
virtual_alias_domains =
btree:$config_directory/virtual_alias_domains.map
virtual_alias_maps = btree:$config_directory/virtual_alias_maps.map


$ cat virtual_alias_domains.map
example.com virtual


$ head virtual_alias_maps.map
postmaster postmaster
abuse postmaster
hostmaster hostmaster
[hidden email] jb4356
[hidden email] jb8921


$ head canonical.map
hostmaster [hidden email]
postmaster [hidden email]
jb4356 [hidden email]
jb8921 [hidden email]


I've experimented with various settings and found that it works if I
list the valid public address mappings as virtual aliases, but Postfix
complains with:
postfix/trivial-rewrite[3585]: warning: do not list domain example.com in BOTH mydestination and virtual_alias_domains.

I've thumbed through 'The Book of Postfix' & the packaged HTML *READMEs.
The examples appear to be for either fully virtual accounts, or Unix
accounts where joe@ has a Unix account of 'joe'.

There's probably something simple I'm not understanding here.

Help appreciated,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Stan Hoeppner
On 6/19/2013 6:11 AM, Craig R. Skinner wrote:

>
> I'm setting up Postfix for a domain that hosts Dovecot IMAP mail dirs
> for real Unix accounts. Postfix needs to accept mail for users' public
> aliases, but not their Unix login, and reject mail for daemon accounts.
> e.g:
>
>
> [hidden email] --> jb4356
> [hidden email] --> jb8921
> [hidden email] --> postmaster
> [hidden email] --> postmaster
> [hidden email] --> hostmaster
>
>
> The above are in /etc/passwd:
> [hidden email] --> postmaster
> [hidden email] --> hostmaster
> [hidden email] --> reject as unknown
> [hidden email] --> reject as unknown
> [hidden email] --> reject as unknown
> [hidden email] --> reject as unknown
> [hidden email] --> reject as unknown
> [hidden email] --> reject as unknown
> [hidden email] --> reject as unknown
>
> [hidden email] --> reject as unknown
> [hidden email] --> reject as unknown
> ...
> ...
>
>
> main.cf [part]:
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> myorigin = $mydomain
> mail_spool_directory = /var/mail/
> mailbox_transport = lmtp:unix:private/dovecot-lmtp
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
> alias_maps = btree:$config_directory/aliases
> alias_database = btree:$config_directory/aliases
> local_transport = local:$myhostname
> canonical_maps = btree:$config_directory/canonical.map
> virtual_alias_domains =
> btree:$config_directory/virtual_alias_domains.map
> virtual_alias_maps = btree:$config_directory/virtual_alias_maps.map
>
>
> $ cat virtual_alias_domains.map
> example.com virtual
>
>
> $ head virtual_alias_maps.map
> postmaster postmaster
> abuse postmaster
> hostmaster hostmaster
> [hidden email] jb4356
> [hidden email] jb8921
>
>
> $ head canonical.map
> hostmaster [hidden email]
> postmaster [hidden email]
> jb4356 [hidden email]
> jb8921 [hidden email]
>
>
> I've experimented with various settings and found that it works if I
> list the valid public address mappings as virtual aliases, but Postfix
> complains with:
> postfix/trivial-rewrite[3585]: warning: do not list domain example.com in BOTH mydestination and virtual_alias_domains.

What happens when you try

mydestination =

> I've thumbed through 'The Book of Postfix' & the packaged HTML *READMEs.
> The examples appear to be for either fully virtual accounts, or Unix
> accounts where joe@ has a Unix account of 'joe'.
>
> There's probably something simple I'm not understanding here.

Has happened to me on more than one occasion. ;)

--
Stan


Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Craig R. Skinner
On 2013-06-19 Wed 06:51 AM |, Stan Hoeppner wrote:
> On 6/19/2013 6:11 AM, Craig R. Skinner wrote:
>
> What happens when you try
>
> mydestination =
>

That's something I didn't think of trying.

Either blank, or with localhost:

 status=bounced (User unknown in virtual alias table)

Which is wierd as as postmap query finds it:

postmap -q [hidden email] virtual_alias_maps.map
hostmaster

Maybe with no destination, it doesn't know what to do with mail for
'user_name'

Cheers,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Wietse Venema
Craig R. Skinner:

> On 2013-06-19 Wed 06:51 AM |, Stan Hoeppner wrote:
> > On 6/19/2013 6:11 AM, Craig R. Skinner wrote:
> >
> > What happens when you try
> >
> > mydestination =
> >
>
> That's something I didn't think of trying.
>
> Either blank, or with localhost:
>
>  status=bounced (User unknown in virtual alias table)

This suggests that you had the domain name listed in both mydestination
and in virtual_alias_domains. Now you also need to remove the domain
name from virtual_alias_domains, in order to make that error go away.

Until now Postfix will have logged numerous warnings with "do not
list domain X in both mydestination and virtual_alias_maps" to
remind you of a configuration error. Maybe it should just abort
deliveries, that might get people's attention.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Stan Hoeppner
On 6/19/2013 10:16 AM, Wietse Venema wrote:

> Craig R. Skinner:
>> On 2013-06-19 Wed 06:51 AM |, Stan Hoeppner wrote:
>>> On 6/19/2013 6:11 AM, Craig R. Skinner wrote:
>>>
>>> What happens when you try
>>>
>>> mydestination =
>>>
>>
>> That's something I didn't think of trying.
>>
>> Either blank, or with localhost:
>>
>>  status=bounced (User unknown in virtual alias table)
>
> This suggests that you had the domain name listed in both mydestination
> and in virtual_alias_domains. Now you also need to remove the domain
> name from virtual_alias_domains, in order to make that error go away.
>
> Until now Postfix will have logged numerous warnings with "do not
> list domain X in both mydestination and virtual_alias_maps" to
> remind you of a configuration error. Maybe it should just abort
> deliveries, that might get people's attention.
>
> Wietse

I'm anything but an expert in this particular area of Postfix, but I
think the problem is that Craig is trying to use virtual_alias_maps when
he should probably just be using the local aliases file.  His Postfix
hosts a single mail domain IIUC.  He's simply wanting to create alias
addresses presented to the public for each local UNIX mailbox address.
Additionally he wants to reject any inbound mail destined for the actual
local UNIX addresses, as well as system/role accounts.  These last two
are straightforward.  For the first:

/etc/postfix/reject-local-system

[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User

and use

smtpd_recipient_restrictions
    ...
    check_recipient_access hash:/etc/postfix/reject-local-system
    ...

To satisfy the second:

[hidden email] --> reject as unknown
[hidden email] --> reject as unknown

Simply do not put "$myhostname, localhost.$mydomain" in mydestination,
assuming $myhostname is an FQDN equal to "serverX.example.com".  In fact
there's likely no need to have anything in mydestination other than your
domain name.

--
Stan

Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Jeroen Geilman
On 06/19/2013 05:55 PM, Stan Hoeppner wrote:

> On 6/19/2013 10:16 AM, Wietse Venema wrote:
>> Craig R. Skinner:
>>> On 2013-06-19 Wed 06:51 AM |, Stan Hoeppner wrote:
>>>> On 6/19/2013 6:11 AM, Craig R. Skinner wrote:
>>>>
>>>> What happens when you try
>>>>
>>>> mydestination =
>>>>
>>> That's something I didn't think of trying.
>>>
>>> Either blank, or with localhost:
>>>
>>>   status=bounced (User unknown in virtual alias table)
>> This suggests that you had the domain name listed in both mydestination
>> and in virtual_alias_domains. Now you also need to remove the domain
>> name from virtual_alias_domains, in order to make that error go away.
>>
>> Until now Postfix will have logged numerous warnings with "do not
>> list domain X in both mydestination and virtual_alias_maps" to
>> remind you of a configuration error. Maybe it should just abort
>> deliveries, that might get people's attention.
>>
>> Wietse
> I'm anything but an expert in this particular area of Postfix, but I
> think the problem is that Craig is trying to use virtual_alias_maps when
> he should probably just be using the local aliases file.  His Postfix
> hosts a single mail domain IIUC.  He's simply wanting to create alias
> addresses presented to the public for each local UNIX mailbox address.
> Additionally he wants to reject any inbound mail destined for the actual
> local UNIX addresses, as well as system/role accounts.  These last two
> are straightforward.

Indeed they are:

     mydestination = localhost
     virtual_alias_domains = $his_mx_domain(s)

And map every valid recipient to user@localhost.

--
J.

Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Craig R. Skinner
In reply to this post by Stan Hoeppner
On 2013-06-19 Wed 10:55 AM |, Stan Hoeppner wrote:
>
> I'm anything but an expert in this particular area of Postfix, but I
> think the problem is that Craig is trying to use virtual_alias_maps when
> he should probably just be using the local aliases file.  His Postfix
> hosts a single mail domain IIUC.

To start with at least.

> He's simply wanting to create alias
> addresses presented to the public for each local UNIX mailbox address.

Correct.

> Additionally he wants to reject any inbound mail destined for the actual
> local UNIX addresses, as well as system/role accounts.

Correct again.

> These last two are straightforward.  For the first:
>
> /etc/postfix/reject-local-system
>
> [hidden email] reject Unknown User
> [hidden email] reject Unknown User
> [hidden email] reject Unknown User
> [hidden email] reject Unknown User
> [hidden email] reject Unknown User
> [hidden email] reject Unknown User
> [hidden email] reject Unknown User
>
> and use
>
> smtpd_recipient_restrictions
>     ...
>     check_recipient_access hash:/etc/postfix/reject-local-system
>     ...


$ for account in $(cut -d: -f1 /etc/passwd | grep -v master$); \
do \
        print "${account}@example.com reject Unknown User" >> \
                /etc/postfix/reject-local-system.map; \
done

$ postmap ....

$ postmap -q [hidden email] reject-local-system.map
reject Unknown User

main.cf:
smtpd_recipient_restrictions =
        reject_non_fqdn_hostname
        reject_invalid_hostname
        reject_non_fqdn_sender
        ....
        ...
        ...
        check_recipient_access btree:$config_directory/reject-local-system.map
        ...
        ..


>
> To satisfy the second:
>
> [hidden email] --> reject as unknown
> [hidden email] --> reject as unknown
>
> Simply do not put "$myhostname, localhost.$mydomain" in mydestination,
> assuming $myhostname is an FQDN equal to "serverX.example.com".  In fact
> there's likely no need to have anything in mydestination other than your
> domain name.
>

main.cf:
mydestination = $mydomain
# no virtual_alias_* stuff



restart postfix and then .... system accounts are still getting mail;-

$ uptime | sendmail [hidden email]
Jun 19 19:12:16 server1 postfix/pickup[2654]: 0776A6753: uid=1097 from=<user1>
Jun 19 19:12:16 server1 postfix/cleanup[8207]: 0776A6753: message-id=<[hidden email]>
Jun 19 19:12:16 server1 postfix/qmgr[8538]: 0776A6753: from=<[hidden email]>, size=344, nrcpt=1 (queue active)
Jun 19 19:12:16 server1 dovecot: lmtp(9851): Connect from local Jun 19 19:12:16 server1 dovecot: lmtp(9851, postfix): Error: user
_postfix: Initialization failed: Namespace '': mkdir(/var/mail/postfix) failed: Permission denied (euid=507(postfix) egid=507(postfix) missing +w perm: /var/mail, dir owned by 0:0 mode=0755)
Jun 19 19:12:16 server1 dovecot: lmtp(9851): Disconnect from local: Client quit (in reset)


$ uptime | sendmail [hidden email]
Jun 19 19:12:33 server1 postfix/pickup[2654]: C90DB6765: uid=1097 from=<user1>
Jun 19 19:12:33 server1 postfix/cleanup[8207]: C90DB6765: message-id=<[hidden email]>
Jun 19 19:12:33 server1 postfix/qmgr[8538]: C90DB6765: from=<[hidden email]>, size=344, nrcpt=1 (queue active)
Jun 19 19:12:33 server1 dovecot: lmtp(9851): Connect from local
Jun 19 19:12:33 server1 dovecot: lmtp(9851, user1): w9hyI0r0wVF7JgAANm01jw: sieve: msgid=<[hidden email]>: stored mail into mailbox 'INBOX'


My next thought is to remove /etc/passwd from:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps

Ideas?
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Craig R. Skinner
In reply to this post by Jeroen Geilman
On 2013-06-19 Wed 18:12 PM |, Jeroen Geilman wrote:

> >hosts a single mail domain IIUC.  He's simply wanting to create alias
> >addresses presented to the public for each local UNIX mailbox address.
> >Additionally he wants to reject any inbound mail destined for the actual
> >local UNIX addresses, as well as system/role accounts.  These last two
> >are straightforward.
>
> Indeed they are:
>
>     mydestination = localhost
>     virtual_alias_domains = $his_mx_domain(s)
>
> And map every valid recipient to user@localhost.
>

Looks simple enough, but no joy with:

virtual_alias_maps.map:
[hidden email] user1@localhost

status=bounced (mail for localhost.example.com loops back to myself)


And without the @localhost:
[hidden email]  user1

status=bounced (User unknown in virtual alias table)


I've got this set, which I don't think would cause the above loop:
myorigin = $mydomain

Thanks,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Viktor Dukhovni
On Wed, Jun 19, 2013 at 07:43:16PM +0100, Craig R. Skinner wrote:

> Looks simple enough, but no joy with:
>
> virtual_alias_maps.map:
> [hidden email] user1@localhost
>
> status=bounced (mail for localhost.example.com loops back to myself)

You MUST include localhost.$mydomain in mydestination:

        mydestination = localhost.$mydomain

Using virtual aliases to local accounts is the best approach.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Stan Hoeppner
In reply to this post by Craig R. Skinner
On 6/19/2013 1:37 PM, Craig R. Skinner wrote:

> On 2013-06-19 Wed 10:55 AM |, Stan Hoeppner wrote:
>>
>> I'm anything but an expert in this particular area of Postfix, but I
>> think the problem is that Craig is trying to use virtual_alias_maps when
>> he should probably just be using the local aliases file.  His Postfix
>> hosts a single mail domain IIUC.
>
> To start with at least.
>
>> He's simply wanting to create alias
>> addresses presented to the public for each local UNIX mailbox address.
>
> Correct.
>
>> Additionally he wants to reject any inbound mail destined for the actual
>> local UNIX addresses, as well as system/role accounts.
>
> Correct again.
>
>> These last two are straightforward.  For the first:
>>
>> /etc/postfix/reject-local-system
>>
>> [hidden email] reject Unknown User
>> [hidden email] reject Unknown User
>> [hidden email] reject Unknown User
>> [hidden email] reject Unknown User
>> [hidden email] reject Unknown User
>> [hidden email] reject Unknown User
>> [hidden email] reject Unknown User
>>
>> and use

>> smtpd_recipient_restrictions

Note this is an smptd restriction.

>>     ...
>>     check_recipient_access hash:/etc/postfix/reject-local-system
>>     ...

Thus this only applies to mail arriving via smtpd, not pickup, not pipe,
etc.

> $ for account in $(cut -d: -f1 /etc/passwd | grep -v master$); \
> do \
> print "${account}@example.com reject Unknown User" >> \
> /etc/postfix/reject-local-system.map; \
> done
>
> $ postmap ....
>
> $ postmap -q [hidden email] reject-local-system.map
> reject Unknown User
>
> main.cf:
> smtpd_recipient_restrictions =
> reject_non_fqdn_hostname
> reject_invalid_hostname
> reject_non_fqdn_sender
> ....
> ...
> ...
> check_recipient_access btree:$config_directory/reject-local-system.map
> ...
> ..
>
>
>>
>> To satisfy the second:
>>
>> [hidden email] --> reject as unknown
>> [hidden email] --> reject as unknown
>>
>> Simply do not put "$myhostname, localhost.$mydomain" in mydestination,
>> assuming $myhostname is an FQDN equal to "serverX.example.com".  In fact
>> there's likely no need to have anything in mydestination other than your
>> domain name.
>>
>
> main.cf:
> mydestination = $mydomain
> # no virtual_alias_* stuff
>
>
>
> restart postfix and then .... system accounts are still getting mail;-
>
> $ uptime | sendmail [hidden email]

Note you are injecting the mail in this test with the sendmail
compatibility command, which does not involve the smtpd service.

> Jun 19 19:12:16 server1 postfix/pickup[2654]: 0776A6753: uid=1097 from=<user1>
> Jun 19 19:12:16 server1 postfix/cleanup[8207]: 0776A6753: message-id=<[hidden email]>
> Jun 19 19:12:16 server1 postfix/qmgr[8538]: 0776A6753: from=<[hidden email]>, size=344, nrcpt=1 (queue active)
> Jun 19 19:12:16 server1 dovecot: lmtp(9851): Connect from local Jun 19 19:12:16 server1 dovecot: lmtp(9851, postfix): Error: user
> _postfix: Initialization failed: Namespace '': mkdir(/var/mail/postfix) failed: Permission denied (euid=507(postfix) egid=507(postfix) missing +w perm: /var/mail, dir owned by 0:0 mode=0755)
> Jun 19 19:12:16 server1 dovecot: lmtp(9851): Disconnect from local: Client quit (in reset)

As you can clearly see in the logging, your test message entered Postfix
via the pickup service, not via smtpd.  You are not testing properly.
Send the msg into smtpd and it will be rejected, as long as
check_recipient_access precedes any other user lookups, such as

reject_unknown_user

> $ uptime | sendmail [hidden email]
> Jun 19 19:12:33 server1 postfix/pickup[2654]: C90DB6765: uid=1097 from=<user1>
> Jun 19 19:12:33 server1 postfix/cleanup[8207]: C90DB6765: message-id=<[hidden email]>
> Jun 19 19:12:33 server1 postfix/qmgr[8538]: C90DB6765: from=<[hidden email]>, size=344, nrcpt=1 (queue active)
> Jun 19 19:12:33 server1 dovecot: lmtp(9851): Connect from local
> Jun 19 19:12:33 server1 dovecot: lmtp(9851, user1): w9hyI0r0wVF7JgAANm01jw: sieve: msgid=<[hidden email]>: stored mail into mailbox 'INBOX'

Same thing.  Improper test using pickup instead of smtpd.

If you really want to restrict locally generated mail messages to such
address formats, we can address that later, but such a thing is probably
not necessary.

> My next thought is to remove /etc/passwd from:
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
>
> Ideas?

First do a proper test of your check_client_access restriction via
smtpd.  Then note Viktor's advice.  He is one of the Postfix developers.

I'm guessing due to your trial and error methodology here that's you've
not read the Address Rewriting document:

http://www.postfix.org/ADDRESS_REWRITING_README.html

I'd read that thoroughly before any more trial/error, paying particular
attention to the virtual aliasing section.  It may give you a better
understanding of this, and help eliminate guesswork.

--
Stan

Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Craig R. Skinner
On 2013-06-20 Thu 04:52 AM |, Stan Hoeppner wrote:

>
> >> smtpd_recipient_restrictions
>
> Note this is an smptd restriction.
> >>     ...
> >>     check_recipient_access hash:/etc/postfix/reject-local-system
> >>     ...
> Thus this only applies to mail arriving via smtpd, not pickup, not pipe,
> etc.
>

Ahhh, yes. Obvious now - thanks.

> >
> > $ uptime | sendmail [hidden email]
>
> Note you are injecting the mail in this test with the sendmail
> compatibility command, which does not involve the smtpd service.
>

Yes, I simply hadn't realised that wouldn't invoke your smtpd
restriction idea. However, users have shell access with mutt,
sendmail, mail, cron,.....

>
> I'm guessing due to your trial and error methodology here that's you've
> not read the Address Rewriting document:
>
> http://www.postfix.org/ADDRESS_REWRITING_README.html
>
> I'd read that thoroughly before any more trial/error, paying particular
> attention to the virtual aliasing section.  It may give you a better
> understanding of this, and help eliminate guesswork.
>

I'd read quite a lot of the READMEs and gotten a bit swamped by it all.

This set up works for a single canonical domain, accepting mail for
pretty addresses & rejecting remote mail for MOST Unix accounts, while
accepting local mail to Unix accounts:

main.cf:
myorigin = $mydomain
mydestination = localhost.$mydomain, localhost, $mydomain
canonical_maps = btree:$config_directory/canonical.map
masquerade_domains = $mydomain
remote_header_rewrite_domain = sender.domain.incomplete
alias_maps = btree:$config_directory/aliases
mail_spool_directory = /var/mail/
mailbox_transport = lmtp:unix:private/dovecot-lmtp

smtpd_recipient_restrictions =
reject_non_fqdn_hostname
reject_invalid_hostname
        ...
        ...
        check_recipient_access btree:$config_directory/reject_system_accounts.map
        ...


canonical.map:
jb4356 [hidden email]
jb8921 [hidden email]


aliases:
root: admin-acct
MAILER-DAEMON: postmaster
# hack to accept mail for postmaster@[ip.add.ress.es]
postmaster: postmaster
abuse: postmaster
bin: root
daemon: root
named: hostmaster
nobody: root
uucp: root
www: root
ftp-bugs: root
postfix: postmaster
manager: root
dumper: root
operator: root

joe.bloggs: jb4356
jane.blossom: jb8921
...
...
sales: acct145
support: acct267
...
..



reject_system_accounts.map:
# Generated by: /home/postmaster/bin/postmap-reject-system-accounts (rev 1.2)
[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User
[hidden email] reject Unknown User
...
...
[hidden email] reject Unknown User
[hidden email] reject Unknown User


/etc/mutt/Muttrc:
set use_from=no

Cheers,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Craig R. Skinner
In reply to this post by Viktor Dukhovni
On 2013-06-19 Wed 21:09 PM |, Viktor Dukhovni wrote:

> >
> > virtual_alias_maps.map:
> > [hidden email] user1@localhost
> >
> > status=bounced (mail for localhost.example.com loops back to myself)
>
> You MUST include localhost.$mydomain in mydestination:
>
> mydestination = localhost.$mydomain
>
> Using virtual aliases to local accounts is the best approach.
>


Thanks Viktor, this set up works with making the machines domain name
virtual for Postfix, accepting mail for pretty addresses & rejecting
remote mail for MOST Unix accounts, while accepting local mail to Unix
accounts, IF listed as virtual aliases (mutt, sendmail, cron,....):


main.cf:
myorigin = $mydomain
mydestination = localhost.$mydomain
virtual_alias_domains = btree:$config_directory/virtual_alias_domains.map
virtual_alias_maps = btree:$config_directory/virtual_alias_maps.map
sender_canonical_maps = btree:$config_directory/canonical.map
masquerade_domains = $mydomain, $virtual_alias_domains
remote_header_rewrite_domain = sender.domain.incomplete
alias_maps = btree:$config_directory/aliases
mail_spool_directory = /var/mail/
mailbox_transport = lmtp:unix:private/dovecot-lmtp

(smtpd_recipient_restrictions check_recipient_access btree:$config_directory/reject_system_accounts.map not needed)


canonical.map:
jb4356          [hidden email]
jb8921          [hidden email]
...
...


virtual_alias_domains.map:
example.com virtual


virtual_alias_maps.map:
# hack to accept mail for postmaster/abuse@[ip.add.ress.es]
postmaster postmaster@localhost
abuse postmaster@localhost
# example.com:
[hidden email] postmaster@localhost
[hidden email] postmaster@localhost
[hidden email] hostmaster@localhost
[hidden email] admin-acct@localhost
[hidden email] acct145@localhost
[hidden email] acct267@localhost
[hidden email] acct267@localhost
...
...
[hidden email] jb4356@localhost
[hidden email] jb8921@localhost


aliases:
root: admin-acct
MAILER-DAEMON:  postmaster
abuse: postmaster
bin: root
daemon: root
named: hostmaster
nobody: root
uucp: root
www: root
ftp-bugs: root
postfix: postmaster
manager: root
dumper: root
operator: root



It seems the aliases file is not used. I've got root, postmaster,
abuse, hostmaster, etc. in virtual_alias_maps.map. Should the other
traditional aliases of MAILER-DAEMON, bin, dumper, etc. be in there too?

Regards,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Jeroen Geilman
On 06/21/2013 09:57 PM, Craig R. Skinner wrote:

> On 2013-06-19 Wed 21:09 PM |, Viktor Dukhovni wrote:
>>> virtual_alias_maps.map:
>>> [hidden email] user1@localhost
>>>
>>> status=bounced (mail for localhost.example.com loops back to myself)
>> You MUST include localhost.$mydomain in mydestination:
>>
>> mydestination = localhost.$mydomain
>>
>> Using virtual aliases to local accounts is the best approach.
>>
>
> Thanks Viktor, this set up works with making the machines domain name
> virtual for Postfix, accepting mail for pretty addresses & rejecting
> remote mail for MOST Unix accounts, while accepting local mail to Unix
> accounts, IF listed as virtual aliases (mutt, sendmail, cron,....):
>
>
> main.cf:
> myorigin = $mydomain
> mydestination = localhost.$mydomain

No. If the destination you use in virtual_alias_maps is @localhost, then
THAT must be in mydestination.
Postfix is quite literal.

     mydestination = localhost
     append_dot_mydomain = no

Or, if you wish to follow Victor's advice, qualify all aliases with
"@localhost.$mydomain" instead.
But that's just more typing than I need.

> virtual_alias_domains = btree:$config_directory/virtual_alias_domains.map

> virtual_alias_domains.map:
> example.com virtual

Just specify it directly; this just complicates things for no reason.

     virtual_alias_domains = example.com

> virtual_alias_maps.map:
> # hack to accept mail for postmaster/abuse@[ip.add.ress.es]

It's not a hack; it is documented behaviour.
Also, omitting postmaster@* will not cause it to be rejected; this
localpart is hardcoded to accept as per the RFCs.
(You still have to alias it somewhere it can be delivered, of course)

> postmaster postmaster@localhost
> abuse postmaster@localhost
> # example.com:
> [hidden email] postmaster@localhost

Superfluous, see above.

> It seems the aliases file is not used.

Of course it is used, for any destinations in $mydestination.
You did not put "localhost" in $mydestination.

--
J.

Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Craig R. Skinner
On 2013-06-21 Fri 22:08 PM |, Jeroen Geilman wrote:

> >
> >main.cf:
> >myorigin = $mydomain
> >mydestination = localhost.$mydomain
>
> No. If the destination you use in virtual_alias_maps is @localhost,
> then THAT must be in mydestination.
> Postfix is quite literal.
>
>     mydestination = localhost
>     append_dot_mydomain = no
>
> Or, if you wish to follow Victor's advice, qualify all aliases with
> "@localhost.$mydomain" instead.
> But that's just more typing than I need.
>
> >It seems the aliases file is not used.
>
> Of course it is used, for any destinations in $mydestination.
> You did not put "localhost" in $mydestination.
>

Superbly simple config Jeroen, unfortunately it doesn't work for me -
yet.

main.cf:
myorigin = $mydomain
mydestination = localhost
append_dot_mydomain = no
virtual_alias_domains = example.com
virtual_alias_maps = btree:$config_directory/virtual_alias_maps.map
sender_canonical_maps = btree:$config_directory/canonical.map
masquerade_domains = $mydomain, $virtual_alias_domains
remote_header_rewrite_domain = sender.domain.incomplete
alias_maps = btree:$config_directory/aliases
mail_spool_directory = /var/mail/
mailbox_transport = lmtp:unix:private/dovecot-lmtp


canonical.map:
jb4356          [hidden email]
jb8921          [hidden email]
...
...


virtual_alias_maps.map:
# accept mail for postmaster/abuse@[ip.add.ress.es]
postmaster                      postmaster
abuse                           postmaster
# (no effect) hostmaster hostmaster
# example.com:
[hidden email]          hostmaster
[hidden email]               acct145
[hidden email]                acct267
[hidden email]             acct267
...
...
[hidden email]          jb4356
[hidden email]        jb8921



aliases:
root:           admin-acct
MAILER-DAEMON:  postmaster
abuse:          postmaster
bin:            root
daemon:         root
named:          hostmaster
nobody:         root
...
...


NO mail is accepted UNLESS it is virtually aliased with @localhost:
*) the aliases file is totally ignored
*) without the virtual @localhost, it is:
        status=bounced (User unknown in virtual alias table)


$ uptime | mail -s uptime hostmaster (<--- this is a unix account)
Jun 22 11:15:21 server1 postfix/pickup[6298]: 12A1F6764: uid=7432 from=<admin-acct>
Jun 22 11:15:21 server1 postfix/cleanup[8557]: 12A1F6764: message-id=<[hidden email]>
Jun 22 11:15:21 server1 postfix/qmgr[13148]: 12A1F6764: from=<[hidden email]>, size=393, nrcpt=1 (queue active)
Jun 22 11:15:21 server1 postfix/error[20137]: 12A1F6764: to=<[hidden email]>, orig_to=<hostmaster>, relay=none, delay=0.03, delays=0.02/0/0/0.01, dsn=5.0.0, status=bounced (User unknown in virtual alias table)


$ uptime | mail -s uptime [hidden email]
Jun 22 11:16:21 server1 postfix/pickup[6298]: 873CF6764: uid=7432 from=<admin-acct>
Jun 22 11:16:21 server1 postfix/cleanup[8557]: 873CF6764: message-id=<[hidden email]>
Jun 22 11:16:21 server1 postfix/qmgr[13148]: 873CF6764: from=<[hidden email]>, size=393, nrcpt=1 (queue active)
Jun 22 11:16:21 server1 postfix/error[20137]: 873CF6764: to=<[hidden email]>, relay=none, delay=0.03, delays=0.02/0/0/0.01, dsn=5.0.0, status=bounced (User unknown in virtual alias table)


$ uptime | mail -s uptime daemon (<--- this is in aliases, for root)
Jun 22 11:54:13 server1 postfix/pickup[24295]: 1EC8F67DC: uid=7432 from=<admin-acct>
Jun 22 11:54:13 server1 postfix/cleanup[15996]: 1EC8F67DC: message-id=<[hidden email]>
Jun 22 11:54:13 server1 postfix/qmgr[7561]: 1EC8F67DC: from=<[hidden email]>, size=389, nrcpt=1 (queue active)
Jun 22 11:54:13 server1 postfix/error[23896]: 1EC8F67DC: to=<[hidden email]>, orig_to=<daemon>, relay=none, delay=0.26, delays=0.14/0.06/0/0.06, dsn=5.0.0, status=bounced (User unknown in virtual alias table)



It seems that if the machine's own domain is virtual
(with or without @localhost virtual aliases), aliases is ignored.

Therefore, for the machine's domain name to be virtual, everything in
alaises must be moved to the virtual alias map & appended with
unix-account@localhost. I don't want 'root, daemon, nobody,...' items
to be publicly route-able.

Stan's idea of a plain canonical domain & rejecting specific Unix
accounts via smtpd_recipient_restrictions check_recipient_access
reject_system_accounts.map works.

Thoughts welcome,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Stan Hoeppner
On 6/22/2013 6:13 AM, Craig R. Skinner wrote:
...
> Stan's idea of a plain canonical domain & rejecting specific Unix
> accounts via smtpd_recipient_restrictions check_recipient_access
> reject_system_accounts.map works.

Everyone whose replied in this thread knows and understands aliasing
much better than I do.  The only thing of value I think I can add at
this point is that using a recipient restriction gives you some
flexibility, maybe a greater degree of control.  For one you can tailor
the reject code and reason text on a per address basis in the map file.
 You can also use the same map to arbitrarily reject mail for any
address in the future, should the need arise, though the latter is
pretty quick to fix up in a pinch.  Having the map in place simply makes
it a little quicker.  But the key is really that you're directly
specifying which addresses for which you will reject inbound mail via
smtp.  There's no guesswork no matter what's going on in the back end
WRT aliasing.

--
Stan



Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Viktor Dukhovni
In reply to this post by Craig R. Skinner
On Sat, Jun 22, 2013 at 12:13:16PM +0100, Craig R. Skinner wrote:

> > >main.cf:
> > >myorigin = $mydomain
> > >mydestination = localhost.$mydomain

Notice the exact form of the above (IIRC that was my suggestion).

> > No. If the destination you use in virtual_alias_maps is @localhost,
> > then THAT must be in mydestination.
> > Postfix is quite literal.
> >
> >     mydestination = localhost
> >     append_dot_mydomain = no

Whoever said that does not know what they are talking about.  With
the default of "append_dot_mydomain = yes", Postfix will replace
"user@localhost" with "user@localhost.$mydomain" before performing
recursive lookups with virtual_alias_maps.

> > Or, if you wish to follow Victor's advice, qualify all aliases with
> > "@localhost.$mydomain" instead.

No, that can't be done literally, one would have to replace
"$mydomain" with the actual value.  To quote Dr. Seuss: I meant
what I said and I said what I meant.

> Superbly simple config Jeroen, unfortunately it doesn't work for me -
> yet.
>
> main.cf:
> myorigin = $mydomain
> mydestination = localhost

        mydestination = localhost.$mydomain

> append_dot_mydomain = no

        append_dot_mydomain = yes

> remote_header_rewrite_domain = sender.domain.incomplete

        remote_header_rewrite_domain = address.invalid

The ".invalid" TLD is IANA reserved for invalid domain names.

If these aliases are to be effective the RHS needs to be in a valid
domain, your choices are "localhost" or "example.com".  The former
will perform local(8) delivery directly without generating a new
queued message with the expanded recipients.  The latter will do
indirect (new queue file) delivery because example.com is not in
mydestination.

> virtual_alias_maps.map:
> # accept mail for postmaster/abuse@[ip.add.ress.es]
> postmaster                      postmaster

Never leave RHS domain unset in virtual_alias_maps.  Replace the
RHS with postmaster@localhost (which punts the mail to local(8)
for aliases(5) expansion) or with the full addresses of users
receiving postmaster mail.  The LHS can only be left unqualified
if the virtual alias domain is equal to $myorigin.  Otherwise,
it too MUST be an FQDN.

Thus, either:

    # Actual expansion in local(8) aliases(5).  Not recommended.
    #
    [hidden email]        postmaster@localhost

or:

    # Actual expansion in local(8) aliases(5).  Preferred:
    #
    [hidden email]        [hidden email], [hidden email], ...

> abuse                           postmaster

Here:

    [hidden email]             [hidden email]


> [hidden email]          hostmaster

    Same as postmaster!

> [hidden email]               acct145

    [hidden email]               [hidden email]
       
> [hidden email]          jb4356

    [hidden email]          jb4356@localhost

> [hidden email]        jb8921

    [hidden email]        jb8921@localhost

Use virtual(5) for ALL address -> address mappings, with only
addresses that represent final mailboxes listed as account@localhost.

Use aliases(5) sparingly, only for "|command" aliases (try to avoid
these anyway) or ":include:" lists.

The aliases(5) file is a Sendmail compatibility feature, whose
features are best remapped onto virtual(5) (address to address
mappings controlled by the administrator) and .forward files (own
address to address or command mappings possibly controlled by shell
users).

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Wietse Venema
I agree with Viktor's description:

/etc/postfix/main.cf:
    # The domain that users are aliased to:
    mydestination = localhost localhost.$mydomain

    # The domain in DNS that you receive mail for:
    vitual_alias_maps = example.com

    # The alias mapping from "DNS" domain name to UNIX system accounts:
    virtual_alias_maps = hash:/etc/postfix/virtual

/etc/postfix/virtual:
    # All right-hand addresses have @localhost
    [hidden email] postmaster@localhost
    [hidden email] unix-user1@localhost
    [hidden email] unix-user2@localhost

# Legacy sendmail-style aliases:
/etc/aliases:
    # Here, no @domain in LHS or RHS.
    postmaster: unixaccount
    abuse: unixaccount

There is no need for this thread to drag on for so much time.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Stan Hoeppner
On 6/22/2013 4:10 PM, Wietse Venema wrote:
> I agree with Viktor's description:
>
> /etc/postfix/main.cf:
>     # The domain that users are aliased to:
>     mydestination = localhost localhost.$mydomain
>
>     # The domain in DNS that you receive mail for:
>     vitual_alias_maps = example.com

Shouldn't this be virtual_alias_domains here?

>     # The alias mapping from "DNS" domain name to UNIX system accounts:
>     virtual_alias_maps = hash:/etc/postfix/virtual
>
> /etc/postfix/virtual:
>     # All right-hand addresses have @localhost
>     [hidden email] postmaster@localhost
>     [hidden email] unix-user1@localhost
>     [hidden email] unix-user2@localhost
>
> # Legacy sendmail-style aliases:
> /etc/aliases:
>     # Here, no @domain in LHS or RHS.
>     postmaster: unixaccount
>     abuse: unixaccount
>
> There is no need for this thread to drag on for so much time.

Sorry for dragging it out a bit further Wietse.  Just wanna make sure
this is squared away for those searching the list archives, as folks
read your posts as gospel.

--
Stan


Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Wietse Venema
Stan Hoeppner:

> On 6/22/2013 4:10 PM, Wietse Venema wrote:
> > I agree with Viktor's description:
> >
> > /etc/postfix/main.cf:
> >     # The domain that users are aliased to:
> >     mydestination = localhost localhost.$mydomain
> >
> >     # The domain in DNS that you receive mail for:
> >     vitual_alias_maps = example.com
>
> Shouldn't this be virtual_alias_domains here?

Yes.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Craig R. Skinner
In reply to this post by Viktor Dukhovni
On 2013-06-22 Sat 16:26 PM |, Viktor Dukhovni wrote:

>
> Use virtual(5) for ALL address -> address mappings, with only
> addresses that represent final mailboxes listed as account@localhost.
>
> The aliases(5) file is a Sendmail compatibility feature, whose
> features are best remapped onto virtual(5) (address to address
> mappings controlled by the administrator) and .forward files (own
> address to address or command mappings possibly controlled by shell
> users).
>

Thanks winning team (& Dr. Seuss too) for the quality education.

I'm about getting it now.

This set up works:-

$ uname -a
OpenBSD server1.example.com 5.3 GENERIC#50 i386
$ pkg_info | fgrep postfix
postfix-2.9.6       fast, secure sendmail replacement


main.cf:
myorigin = $mydomain # example.com
mydestination = localhost, localhost.$mydomain
virtual_alias_domains = example.com
virtual_alias_maps = btree:$config_directory/virtual_alias_maps.map
sender_canonical_maps = btree:$config_directory/canonical.map
masquerade_domains = $virtual_alias_domains
remote_header_rewrite_domain = address.invalid
alias_database = btree:$config_directory/aliases
alias_maps = $alias_database
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_spool_directory = /var/mail/
mailbox_transport = lmtp:unix:private/dovecot-lmtp
....
...

canonical.map:
jb4356 [hidden email]
jb8921 [hidden email]
...
...

aliases:
[empty]

virtual_alias_maps.map:
# example.com: ($myorigin)
# Re-mapped from aliases(5): # Are they all needed these days???
postmaster postmaster@localhost
abuse [hidden email]
root admin-acct@localhost
MAILER-DAEMON [hidden email]
bin [hidden email]
daemon [hidden email]
named [hidden email]
nobody [hidden email]
uucp [hidden email]
www [hidden email]
ftp-bugs [hidden email]
_postfix [hidden email]
manager [hidden email]
dumper [hidden email]
operator [hidden email]
decode [hidden email]
# Domain generic aliases:
hostmaster hostmaster@localhost
webmaster [hidden email]
sales acct145@localhost
info [hidden email]
support acct267@localhost
...
...
# People:
[hidden email] jb4356@localhost
[hidden email] jb8921@localhost


>
> Use aliases(5) sparingly, only for "|command" aliases (try to avoid
> these anyway) or ":include:" lists.
>

However, aliases seems to be totally ignored.

When I move these from virtual_alias_maps back to aliases,
mail to those convential aliases bounces:

aliases:
root: admin-acct
MAILER-DAEMON: postmaster
bin: root
daemon: root
named: hostmaster
nobody: root
uucp: root
www: root
ftp-bugs: root
_postfix: postmaster
manager: root
dumper: root
operator: root


$ uptime | mail -s uptime root
Jun 24 14:37:25 server1 postfix/pickup[29745]: C15E367DC: uid=7432 from=<admin-acct>
Jun 24 14:37:25 server1 postfix/cleanup[20891]: C15E367DC: message-id=<[hidden email]>
Jun 24 14:37:25 server1 postfix/qmgr[32379]: C15E367DC: from=<[hidden email]>, size=389, nrcpt=1 (queue active)
Jun 24 14:37:25 server1 postfix/error[22953]: C15E367DC: to=<[hidden email]>, orig_to=<root>, relay=none, delay=0.26, delays=0.14/0.06/0/0.06, dsn=5.0.0, status=bounced (User unknown in virtual alias table)


$ uptime | mail -s uptime daemon
Jun 24 14:39:16 server1 postfix/pickup[29745]: 19E5467B3: uid=7432 from=<admin-acct>
Jun 24 14:39:16 server1 postfix/cleanup[19700]: 19E5467B3: message-id=<[hidden email]>
Jun 24 14:39:16 server1 postfix/qmgr[32379]: 19E5467B3: from=<[hidden email]>, size=391, nrcpt=1 (queue active)
Jun 24 14:39:16 server1 postfix/error[8530]: 19E5467B3: to=<[hidden email]>, orig_to=<daemon>, relay=none, delay=0.2, delays=0.09/0.06/0/0.06, dsn=5.0.0, status=bounced (User unknown in virtual alias table)


$ uptime | mail -s uptime MAILER-DAEMON
Jun 24 14:40:24 server1 postfix/pickup[29745]: 7742967B3: uid=7432 from=<admin-acct>
Jun 24 14:40:24 server1 postfix/cleanup[19700]: 7742967B3: message-id=<[hidden email]>
Jun 24 14:40:24 server1 postfix/qmgr[32379]: 7742967B3: from=<[hidden email]>, size=398, nrcpt=1 (queue active)
Jun 24 14:40:24 server1 postfix/error[8530]: 7742967B3: to=<[hidden email]>, orig_to=<MAILER-DAEMON>, relay=none, delay=0.03, delays=0.02/0/0/0.01, dsn=5.0.0, status=bounced (User unknown in virtual alias table)


$ uptime | mail -s uptime operator
Jun 24 14:41:41 server1 postfix/pickup[29745]: 4A05A67B3: uid=7432 from=<admin-acct>
Jun 24 14:41:41 server1 postfix/cleanup[19700]: 4A05A67B3: message-id=<[hidden email]>
Jun 24 14:41:41 server1 postfix/qmgr[32379]: 4A05A67B3: from=<[hidden email]>, size=393, nrcpt=1 (queue active)
Jun 24 14:41:41 server1 postfix/error[8530]: 4A05A67B3: to=<[hidden email]>, orig_to=<operator>, relay=none, delay=0.03, delays=0.02/0/0/0.01, dsn=5.0.0, status=bounced (User unknown in virtual alias table)


$ uptime | mail -s uptime _postfix
Jun 24 14:43:27 server1 postfix/pickup[29745]: 826A667B3: uid=7432 from=<admin-acct>
Jun 24 14:43:27 server1 postfix/cleanup[30977]: 826A667B3: message-id=<[hidden email]>
Jun 24 14:43:27 server1 postfix/qmgr[32379]: 826A667B3: from=<[hidden email]>, size=393, nrcpt=1 (queue active)
Jun 24 14:43:27 server1 postfix/error[16641]: 826A667B3: to=<[hidden email]>, orig_to=<_postfix>, relay=none, delay=0.26, delays=0.14/0.06/0/0.06, dsn=5.0.0, status=bounced (User unknown in virtual alias table)


Compared to successful delivery for virtually alias mapped unix accounts:

$ uptime | mail -s uptime hostmaster
Jun 24 14:53:27 server1 postfix/pickup[14701]: BF21667DC: uid=7432 from=<admin-acct>
Jun 24 14:53:27 server1 postfix/cleanup[11746]: BF21667DC: message-id=<[hidden email]>
Jun 24 14:53:27 server1 postfix/qmgr[26563]: BF21667DC: from=<[hidden email]>, size=395, nrcpt=1 (queue active)
Jun 24 14:53:28 server1 dovecot: lmtp(14149): Connect from local
Jun 24 14:53:28 server1 dovecot: lmtp(14149, hostmaster): Uv/0AVhPyFFFNwAANm01jw: msgid=<[hidden email]>: saved mail to INBOX
Jun 24 14:53:28 server1 postfix/lmtp[30842]: BF21667DC: to=<[hidden email]>, orig_to=<hostmaster>, relay=server1.example.com[private/dovecot-lmtp], delay=0.46, delays=0.15/0.06/0.12/0.12, dsn=2.0.0, status=sent (250 2.0.0 <[hidden email]> Uv/0AVhPyFFFNwAANm01jw Saved)
Jun 24 14:53:28 server1 dovecot: lmtp(14149): Disconnect from local: Client quit (in reset)
Jun 24 14:53:28 server1 postfix/qmgr[26563]: BF21667DC: removed


From what I'm still seeing, aliases is not referenced when the machine's
domain name is virtual. Is this significant?


Cheers men,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
12