Multiple Virtual Domains

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Multiple Virtual Domains

Ruben Safir Secretary NYLXS
Hello

I have a new domain on my server and I want certain accounts to
be sent out with the new domain, rather than the default.  I have it
set up at the moment so that any domain that you try to send though
get rewritten to the default, mrbrklyn.com.  But I'd like this new
domain to be allowed through.

I'm sure this has been asked a few times.  It just seems this mailing
list in not well listed by search engines any longer.

Ruben

--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

Reply | Threaded
Open this post in threaded view
|

Re: Multiple Virtual Domains

Wietse Venema
Ruben Safir:
> Hello
>
> I have a new domain on my server and I want certain accounts to
> be sent out with the new domain, rather than the default.  I have it
> set up at the moment so that any domain that you try to send though
> get rewritten to the default, mrbrklyn.com.  But I'd like this new
> domain to be allowed through.

What you ask for is Postfix default behavior: don't rewrite addresses
when forwarding email. So whatever you did to force Postfix to
always rewrite, you'd have to make an exception. The details of
making that exception depend on what you are doing now.

> I'm sure this has been asked a few times.  It just seems this mailing
> list in not well listed by search engines any longer.

Not related to my job, but I find that over half of the effort goes
into figuring out what question to ask.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Multiple Virtual Domains

Ruben Safir Secretary NYLXS
On Wed, Jun 20, 2018 at 09:54:54AM -0400, Wietse Venema wrote:

> Ruben Safir:
> > Hello
> >
> > I have a new domain on my server and I want certain accounts to
> > be sent out with the new domain, rather than the default.  I have it
> > set up at the moment so that any domain that you try to send though
> > get rewritten to the default, mrbrklyn.com.  But I'd like this new
> > domain to be allowed through.
>
> What you ask for is Postfix default behavior: don't rewrite addresses
> when forwarding email. So whatever you did to force Postfix to
> always rewrite, you'd have to make an exception. The details of
> making that exception depend on what you are doing now.
>

Well, there are two parts to this

The first part is for incoming email.  If I get email to a specific
user, [hidden email] , it should be accepted and the MTA should relay
it a user ceo or an alias mysuer.  It should reject anything other than
newcorp.com or mrbrklyn.com on the incoming mail

On the outgoing mail, I want it to continue to default all outgoing mail
to be from mrbrklyn.com regardless of the host it comes from within the
network.  But I want certain accounts to turn over to newcorp.com (again
regardless of the host from within the network it is sent from).  No
other domains should go through other than mrbrklyn.com or newcorp.com

and obviously it shouldn't relay email.

relavent settings in main.cf that I have I think are

mydomain = mrbrklyn.com
unknown_local_recipient_reject_code = 550
local_recipient_maps = unix:passwd.byname $alias_maps


masquerade_domains = mrbrklyn.com, mrbrklyn.com
masquerade_exceptions = root
mydestination = www.mrbrklyn.com, www2.mrbrklyn.com, home.mrbrklyn.com,
mrbrklyn.com, nylxs.com, brooklyn-living.com, freedon_it.com
myhostname = mrbrklyn.com
mynetworks_style = subnet
relayhost =

alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
sender_canonical_maps = hash:/etc/postfix/sender_canonical
transport_maps = hash:/etc/postfix/transport


mailbox_command = /usr/bin/procmail

strict_rfc821_envelopes = yes
smtpd_helo_required = yes

smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net

smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
regexp:/etc/postfix/helo.regexp, permit


smtpd_sender_restrictions = hash:/etc/postfix/access,
reject_unknown_sender_domain

smtpd_recipient_restrictions =
   check_client_access hash:/etc/postfix/helo_client_exceptions
   check_sender_access    hash:/etc/postfix/sender_checks,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_unauth_destination,
   permit_mynetworks, reject_unauth_destination,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client bl.spamcop.net
   reject_rbl_client cbl.abuseat.org,
   permit

virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual

~~~~~~~~~~~~~~~~~~~~`

/etc/postfix/virtual is empty
/etc/postfix/canonical is empty
/etc/postfix/relay is empty



> > I'm sure this has been asked a few times.  It just seems this mailing
> > list in not well listed by search engines any longer.
>
> Not related to my job, but I find that over half of the effort goes
> into figuring out what question to ask.
>

It internet is just getting harder and harder to use every day


> Wietse

--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

Reply | Threaded
Open this post in threaded view
|

Re: Multiple Virtual Domains

Ruben Safir Secretary NYLXS
On Wed, Jun 20, 2018 at 11:44:23AM -0400, Ruben Safir wrote:

> On Wed, Jun 20, 2018 at 09:54:54AM -0400, Wietse Venema wrote:
> > Ruben Safir:
> > > Hello
> > >
> > > I have a new domain on my server and I want certain accounts to
> > > be sent out with the new domain, rather than the default.  I have it
> > > set up at the moment so that any domain that you try to send though
> > > get rewritten to the default, mrbrklyn.com.  But I'd like this new
> > > domain to be allowed through.
> >
> > What you ask for is Postfix default behavior: don't rewrite addresses
> > when forwarding email. So whatever you did to force Postfix to
> > always rewrite, you'd have to make an exception. The details of
> > making that exception depend on what you are doing now.
> >
>
> Well, there are two parts to this
>
> The first part is for incoming email.  If I get email to a specific
> user, [hidden email] , it should be accepted and the MTA should relay
> it a user ceo or an alias mysuer.  It should reject anything other than
> newcorp.com or mrbrklyn.com on the incoming mail
>
> On the outgoing mail, I want it to continue to default all outgoing mail
> to be from mrbrklyn.com regardless of the host it comes from within the
> network.  But I want certain accounts to turn over to newcorp.com (again
> regardless of the host from within the network it is sent from).  No
> other domains should go through other than mrbrklyn.com or newcorp.com
>
> and obviously it shouldn't relay email.
>
> relavent settings in main.cf that I have I think are
>
> mydomain = mrbrklyn.com
> unknown_local_recipient_reject_code = 550
> local_recipient_maps = unix:passwd.byname $alias_maps
>
>
> masquerade_domains = mrbrklyn.com, mrbrklyn.com
> masquerade_exceptions = root
> mydestination = www.mrbrklyn.com, www2.mrbrklyn.com, home.mrbrklyn.com,
> mrbrklyn.com, nylxs.com, brooklyn-living.com, freedon_it.com
> myhostname = mrbrklyn.com
> mynetworks_style = subnet
> relayhost =
>
> alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
> canonical_maps = hash:/etc/postfix/canonical
> relocated_maps = hash:/etc/postfix/relocated
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> transport_maps = hash:/etc/postfix/transport
>
>
> mailbox_command = /usr/bin/procmail
>
> strict_rfc821_envelopes = yes
> smtpd_helo_required = yes
>
> smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net
>
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
> regexp:/etc/postfix/helo.regexp, permit
>
>
> smtpd_sender_restrictions = hash:/etc/postfix/access,
> reject_unknown_sender_domain
>
> smtpd_recipient_restrictions =
>    check_client_access hash:/etc/postfix/helo_client_exceptions
>    check_sender_access    hash:/etc/postfix/sender_checks,
>    reject_invalid_hostname,
>    reject_non_fqdn_hostname,
>    reject_non_fqdn_sender,
>    reject_non_fqdn_recipient,
>    reject_unknown_sender_domain,
>    reject_unknown_recipient_domain,
>    permit_mynetworks,
>    reject_unauth_destination,
>    permit_mynetworks, reject_unauth_destination,
>    reject_invalid_hostname,
>    reject_non_fqdn_hostname,
>    reject_non_fqdn_sender,
>    reject_non_fqdn_recipient,
>    reject_unknown_sender_domain,
>    reject_unknown_recipient_domain,
>    reject_rbl_client zen.spamhaus.org,
>    reject_rbl_client bl.spamcop.net
>    reject_rbl_client cbl.abuseat.org,
>    permit
>
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = hash:/etc/postfix/virtual
>
> ~~~~~~~~~~~~~~~~~~~~`
>
> /etc/postfix/virtual is empty
> /etc/postfix/canonical is empty
> /etc/postfix/relay is empty
>


I get this when sending email to the new domain

2018-06-20T12:10:14.319765-04:00 www2 postfix/smtpd[13841]: NOQUEUE:
reject: RCPT from l2mail1.panix.com[166.84.1.75]: 454 4.7.1
<[hidden email]>: Relay access denied;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<l2mail1.panix.com>
Reply | Threaded
Open this post in threaded view
|

Re: Multiple Virtual Domains

Wietse Venema
Ruben Safir:
> I get this when sending email to the new domain
>
> 2018-06-20T12:10:14.319765-04:00 www2 postfix/smtpd[13841]: NOQUEUE:
> reject: RCPT from l2mail1.panix.com[166.84.1.75]: 454 4.7.1
> <[hidden email]>: Relay access denied;
> from=<[hidden email]> to=<[hidden email]> proto=ESMTP
> helo=<l2mail1.panix.com>

Relay control is specified with smtpd_recipient_restrictions or
smtpd_relay_restrictions. Looks like you would need to set
smtpd_relay_restrictions to empty:

/etc/postfix/main.cf:
    smtpd_relay_restrictions=

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Multiple Virtual Domains

Ruben Safir Secretary NYLXS
On Wed, Jun 20, 2018 at 12:23:54PM -0400, Wietse Venema wrote:

> Ruben Safir:
> > I get this when sending email to the new domain
> >
> > 2018-06-20T12:10:14.319765-04:00 www2 postfix/smtpd[13841]: NOQUEUE:
> > reject: RCPT from l2mail1.panix.com[166.84.1.75]: 454 4.7.1
> > <[hidden email]>: Relay access denied;
> > from=<[hidden email]> to=<[hidden email]> proto=ESMTP
> > helo=<l2mail1.panix.com>
>
> Relay control is specified with smtpd_recipient_restrictions or
> smtpd_relay_restrictions. Looks like you would need to set
> smtpd_relay_restrictions to empty:
>
> /etc/postfix/main.cf:
>     smtpd_relay_restrictions=
>
> Wietse



I added the domain to mydestinations variable, but this might not be the
best idea.  It lets me pass through the domain and accept it, but it
doesn't permit me to assign certain users for that domain specifically


--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

Reply | Threaded
Open this post in threaded view
|

Re: Multiple Virtual Domains

Wietse Venema
Ruben Safir:

> On Wed, Jun 20, 2018 at 12:23:54PM -0400, Wietse Venema wrote:
> > Ruben Safir:
> > > I get this when sending email to the new domain
> > >
> > > 2018-06-20T12:10:14.319765-04:00 www2 postfix/smtpd[13841]: NOQUEUE:
> > > reject: RCPT from l2mail1.panix.com[166.84.1.75]: 454 4.7.1
> > > <[hidden email]>: Relay access denied;
> > > from=<[hidden email]> to=<[hidden email]> proto=ESMTP
> > > helo=<l2mail1.panix.com>
> >
> > Relay control is specified with smtpd_recipient_restrictions or
> > smtpd_relay_restrictions. Looks like you would need to set
> > smtpd_relay_restrictions to empty:
> >
> > /etc/postfix/main.cf:
> >     smtpd_relay_restrictions=
> >
> > Wietse
>
>
>
> I added the domain to mydestinations variable, but this might not be the
> best idea.  It lets me pass through the domain and accept it, but it
> doesn't permit me to assign certain users for that domain specifically

If the destination is remote, don't put it in mydestination.

Your mail is blocked by smtpd_relay_restrictions. If you don't
want my advice, good luck.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Multiple Virtual Domains

Viktor Dukhovni
In reply to this post by Ruben Safir Secretary NYLXS


> On Jun 20, 2018, at 12:36 PM, Ruben Safir <[hidden email]> wrote:
>
> I added the domain to mydestinations variable, but this might not be the
> best idea.  It lets me pass through the domain and accept it, but it
> doesn't permit me to assign certain users for that domain specifically

http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/ADDRESS_REWRITING_README.html
http://www.postfix.org/DEBUG_README.html#mail

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Multiple Virtual Domains

Matus UHLAR - fantomas
In reply to this post by Ruben Safir Secretary NYLXS
On 20.06.18 11:44, Ruben Safir wrote:
>The first part is for incoming email.  If I get email to a specific
>user, [hidden email] , it should be accepted and the MTA should relay
>it a user ceo or an alias mysuer.  It should reject anything other than
>newcorp.com or mrbrklyn.com on the incoming mail

this can be done by setting up check_sender_access, where you define
[hidden email] and [hidden email] as allowed and @newcorp.com as
forbidden

>On the outgoing mail, I want it to continue to default all outgoing mail
>to be from mrbrklyn.com regardless of the host it comes from within the
>network.

all hosts that send mail through your server do already specify full e-mail
address, including sender domain.

> But I want certain accounts to turn over to newcorp.com (again
>regardless of the host from within the network it is sent from).  No
>other domains should go through other than mrbrklyn.com or newcorp.com

what do you mean accounts? Accounts on those sending hosts?
you must either trust those hosts when they send e-mail, or require them to
do SASL authentication, otherwise you don't know which account from which
hosts sends the e-mail.

>and obviously it shouldn't relay email.

it obviously does not.

>relavent settings in main.cf that I have I think are
>
>mydomain = mrbrklyn.com
>unknown_local_recipient_reject_code = 550
>local_recipient_maps = unix:passwd.byname $alias_maps
>
>
>masquerade_domains = mrbrklyn.com, mrbrklyn.com
>masquerade_exceptions = root

this mean, that all hosts sending mail from hosts in subdomain under
mrbrklyn.com, the subdomain is stripped, unless the sender is root.

>mydestination = www.mrbrklyn.com, www2.mrbrklyn.com, home.mrbrklyn.com,
>mrbrklyn.com, nylxs.com, brooklyn-living.com, freedon_it.com

you accent mail to these domains as if they were local, addresses in those
domains map to local users.

>canonical_maps = hash:/etc/postfix/canonical
>sender_canonical_maps = hash:/etc/postfix/sender_canonical

here you apparently map mail from different addresses to other addresses.

>smtpd_sender_restrictions = hash:/etc/postfix/access,

here allow newcorp.com domain, see above.

>smtpd_recipient_restrictions =
>   check_client_access hash:/etc/postfix/helo_client_exceptions
>   check_sender_access    hash:/etc/postfix/sender_checks,
>   reject_invalid_hostname,
>   reject_non_fqdn_hostname,
>   reject_non_fqdn_sender,
>   reject_non_fqdn_recipient,
>   reject_unknown_sender_domain,
>   reject_unknown_recipient_domain,
>   permit_mynetworks,
>   reject_unauth_destination,

here you have disabled relaying.
 
>   permit_mynetworks, reject_unauth_destination,
>   reject_invalid_hostname,
>   reject_non_fqdn_hostname,
>   reject_non_fqdn_sender,
>   reject_non_fqdn_recipient,
>   reject_unknown_sender_domain,
>   reject_unknown_recipient_domain,

Why did you repeat all of these?

>   reject_rbl_client zen.spamhaus.org,
>   reject_rbl_client bl.spamcop.net
>   reject_rbl_client cbl.abuseat.org,
>   permit



--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.