Which user lookup wins?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Which user lookup wins?

@lbutlr
When postfix checks for a local user it looks at any local user (like /home/fred), I assume by checking /etc/passwd or similar (I have local users who can receive mail who are not mentioned in any /etc/postfix/* file, so postfix knows about them from somewhere outside of postfix’s config file) and then it also checks for virtual_mailbox_domains and virtual_alias_maps, yes?

If a user lookup matches in BOTH locations due to a misconfiguration, which one “wins”? Can I simply add user@$mydomain to the sql maps and they will trigger, or do I have to do something to tell postfix not to use the local home for that user first? (Not literally $mydomain, obvs).

Is it possible to prevent delivery to a local user and force the local domain to be resoled through virtual_mailbox_domains and virtual_alias_maps or does this require disabling local delivery to the entire $mydomain at once? Or, can I trick it by using virtual?

user@$mydomain  user@<virtual domain managed by myslq>.tld

So, if I have [hidden email] and [hidden email] and .net is handled in mysql through virtual_mailbox* and [hidden email] has mail put in /home/user because example.com is $mydomain how would I set postfix up so that even though /home/user is the user’s home folder, their mail would be in virtual_mailbox_base only and handled via MySQL? (And yes, I realize the user’s mail would not be available via a shell login, that is rather the point).

What I currently have that seems relevant:

virtual_alias_maps =
    hash:$config_directory/virtual
    proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_alias_domains = kreme.com
virtual_gid_maps = static:89
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 89
virtual_uid_maps = static:89
virtual_transport = dovecot

Hopefully I explained this question well enough.
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Wietse Venema
@lbutlr:
> When postfix checks for a local user it looks at any local user (like =
> /home/fred), I assume by checking /etc/passwd or similar (I have local =
> users who can receive mail who are not mentioned in any /etc/postfix/* =
> file, so postfix knows about them from somewhere outside of postfix=E2=80=99=
> s config file) and then it also checks for virtual_mailbox_domains and =
> virtual_alias_maps, yes?

The Postfix SMTP server always looks in virtual_alias_maps. Then,
it looks in the tables that depend on the address class of the
recipient domain. For that, I suggest that you look at
http://www.postfix.org/ADDRESS_CLASSS_README.html

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

@lbutlr
On 14 Mar 2018, at 18:14, Wietse Venema <[hidden email]> wrote:
> The Postfix SMTP server always looks in virtual_alias_maps.


Oh good, that makes things easier.

>  I suggest that you look at
> http://www.postfix.org/ADDRESS_CLASSS_README.html

Thank you for the link, but I get "Not Found

The requested URL /ADDRESS_CLASSS_README.html was not found on this server.”

Oh, wait a minute, there’s an extra S up there. Did you type that from memory?

I’m impressed.

<http://www.postfix.org/ADDRESS_CLASS_README.html>

--
'I thought we could do it without anyone getting hurt. By using our
brains.' 'Can't. History don't work like that. Blood first, then
brains.' 'Mountains of skulls,' said Truckle. 'There's got to be a
better way than fighting,' said Mr Saveloy. 'Yep. Lots of 'em. Only
none of 'em work.'

Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Matus UHLAR - fantomas
In reply to this post by Wietse Venema
>@lbutlr
>> When postfix checks for a local user it looks at any local user (like =
>> /home/fred), I assume by checking /etc/passwd or similar (I have local =
>> users who can receive mail who are not mentioned in any /etc/postfix/* =
>> file, so postfix knows about them from somewhere outside of postfix=E2=80=99=
>> s config file) and then it also checks for virtual_mailbox_domains and =
>> virtual_alias_maps, yes?

On 14.03.18 20:14, Wietse Venema wrote:
>The Postfix SMTP server always looks in virtual_alias_maps.

Always? isn't that a contradiction to the referenced document that indicated
only domains in virtual_alias_domains are searched for virtual aliases?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Wietse Venema
Matus UHLAR - fantomas:

> >@lbutlr
> >> When postfix checks for a local user it looks at any local user (like =
> >> /home/fred), I assume by checking /etc/passwd or similar (I have local =
> >> users who can receive mail who are not mentioned in any /etc/postfix/* =
> >> file, so postfix knows about them from somewhere outside of postfix=E2=80=99=
> >> s config file) and then it also checks for virtual_mailbox_domains and =
> >> virtual_alias_maps, yes?
>
> On 14.03.18 20:14, Wietse Venema wrote:
> >The Postfix SMTP server always looks in virtual_alias_maps.
>
> Always? isn't that a contradiction to the referenced document that indicated
> only domains in virtual_alias_domains are searched for virtual aliases?

Please cite the text that says 'only domains in virtual_alias_domains
are searched for virtual aliases'.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Matus UHLAR - fantomas
>> >@lbutlr
>> >> When postfix checks for a local user it looks at any local user (like =
>> >> /home/fred), I assume by checking /etc/passwd or similar (I have local =
>> >> users who can receive mail who are not mentioned in any /etc/postfix/* =
>> >> file, so postfix knows about them from somewhere outside of postfix=E2=80=99=
>> >> s config file) and then it also checks for virtual_mailbox_domains and =
>> >> virtual_alias_maps, yes?
>>
>> On 14.03.18 20:14, Wietse Venema wrote:
>> >The Postfix SMTP server always looks in virtual_alias_maps.

>Matus UHLAR - fantomas:
>> Always? isn't that a contradiction to the referenced document that indicated
>> only domains in virtual_alias_domains are searched for virtual aliases?

On 15.03.18 09:20, Wietse Venema wrote:
>Please cite the text that says 'only domains in virtual_alias_domains
>are searched for virtual aliases'.

virtual_alias_domains and virtual_alias_maps are described in
"The virtual alias domain class." section.

* Domain names are listed in virtual_alias_domains. The default value is
$virtual_alias_maps for Postfix 1.1 compatibility.

* Valid recipient addresses are listed with the virtual_alias_maps parameter.
The Postfix SMTP server rejects invalid recipients with "User unknown in
virtual alias table". The default value is $virtual_maps for Postfix 1.1
compatibility.

That lead me to think that virtual_alias_maps does not apply to other classes.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Wietse Venema
Matus UHLAR - fantomas:

> >> >@lbutlr
> >> >> When postfix checks for a local user it looks at any local user (like =
> >> >> /home/fred), I assume by checking /etc/passwd or similar (I have local =
> >> >> users who can receive mail who are not mentioned in any /etc/postfix/* =
> >> >> file, so postfix knows about them from somewhere outside of postfix=E2=80=99=
> >> >> s config file) and then it also checks for virtual_mailbox_domains and =
> >> >> virtual_alias_maps, yes?
> >>
> >> On 14.03.18 20:14, Wietse Venema wrote:
> >> >The Postfix SMTP server always looks in virtual_alias_maps.
>
> >Matus UHLAR - fantomas:
> >> Always? isn't that a contradiction to the referenced document that indicated
> >> only domains in virtual_alias_domains are searched for virtual aliases?
>
> On 15.03.18 09:20, Wietse Venema wrote:
> >Please cite the text that says 'only domains in virtual_alias_domains
> >are searched for virtual aliases'.
>
> virtual_alias_domains and virtual_alias_maps are described in
> "The virtual alias domain class." section.
>
> * Domain names are listed in virtual_alias_domains. The default value is
> $virtual_alias_maps for Postfix 1.1 compatibility.
>
> * Valid recipient addresses are listed with the virtual_alias_maps parameter.
> The Postfix SMTP server rejects invalid recipients with "User unknown in
> virtual alias table". The default value is $virtual_maps for Postfix 1.1
> compatibility.

That text does not exclude other virtual_alias_maps lookups.

> That lead me to think that virtual_alias_maps does not apply to other classes.
All Blacksmiths have dark skin.
All Negroes have dark skin.
All blacksmiths are negroes.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Matus UHLAR - fantomas
>> >> >@lbutlr
>> >> >> When postfix checks for a local user it looks at any local user (like =
>> >> >> /home/fred), I assume by checking /etc/passwd or similar (I have local =
>> >> >> users who can receive mail who are not mentioned in any /etc/postfix/* =
>> >> >> file, so postfix knows about them from somewhere outside of postfix=E2=80=99=
>> >> >> s config file) and then it also checks for virtual_mailbox_domains and =
>> >> >> virtual_alias_maps, yes?
>> >>
>> >> On 14.03.18 20:14, Wietse Venema wrote:
>> >> >The Postfix SMTP server always looks in virtual_alias_maps.
>>
>> >Matus UHLAR - fantomas:
>> >> Always? isn't that a contradiction to the referenced document that indicated
>> >> only domains in virtual_alias_domains are searched for virtual aliases?
>>
>> On 15.03.18 09:20, Wietse Venema wrote:
>> >Please cite the text that says 'only domains in virtual_alias_domains
>> >are searched for virtual aliases'.

>Matus UHLAR - fantomas:
>> virtual_alias_domains and virtual_alias_maps are described in
>> "The virtual alias domain class." section.
>>
>> * Domain names are listed in virtual_alias_domains. The default value is
>> $virtual_alias_maps for Postfix 1.1 compatibility.
>>
>> * Valid recipient addresses are listed with the virtual_alias_maps parameter.
>> The Postfix SMTP server rejects invalid recipients with "User unknown in
>> virtual alias table". The default value is $virtual_maps for Postfix 1.1
>> compatibility.

On 15.03.18 20:18, Wietse Venema wrote:
>That text does not exclude other virtual_alias_maps lookups.
>
>> That lead me to think that virtual_alias_maps does not apply to other classes.
>All Blacksmiths have dark skin.
>All Negroes have dark skin.
>All blacksmiths are negroes.

there are 5 classes described on
http://www.postfix.org/ADDRESS_CLASS_README.html

  The local domain class.
  The virtual alias domain class.
  The virtual mailbox domain class.
  The relay domain class.
  The default domain class.

each of those sections describes different configuration variables used in
those classes.

virtual_alias_maps is only described in virtual alias domain class.  if it
applies in other classes (as you said above, always), it should be probably
described outsideof those sections.

Or should I expect all of maps described in those sections
(local_recipient_maps, virtual_alias_maps, virtual_mailbox_maps,
relay_recipient_maps) to apply in all cases?


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

/dev/rob0
On Mon, Mar 26, 2018 at 05:21:22PM +0200, Matus UHLAR - fantomas wrote:

> > > >> On 14.03.18 20:14, Wietse Venema wrote:
> > > >> >The Postfix SMTP server always looks in virtual_alias_maps.
> > >
> > > >Matus UHLAR - fantomas:
> > > >> Always? isn't that a contradiction to the referenced
> > > >> document that indicated only domains in
> > > >> virtual_alias_domains are searched for virtual aliases?
> > >
> > > On 15.03.18 09:20, Wietse Venema wrote:
> > > >Please cite the text that says 'only domains in
> > > >virtual_alias_domains are searched for virtual aliases'.
>
> > Matus UHLAR - fantomas:
> > > virtual_alias_domains and virtual_alias_maps are described in
> > > "The virtual alias domain class." section.
> > >
> > > * Domain names are listed in virtual_alias_domains. The default
> > > value is $virtual_alias_maps for Postfix 1.1 compatibility.
> > >
> > > * Valid recipient addresses are listed with the
> > > virtual_alias_maps parameter. The Postfix SMTP server rejects
> > > invalid recipients with "User unknown in virtual alias table".
> > > The default value is $virtual_maps for Postfix 1.1
> > > compatibility.
>
> On 15.03.18 20:18, Wietse Venema wrote:
> > That text does not exclude other virtual_alias_maps lookups.

Furthermore, the behavior of virtual_alias_maps is documented
completely, here:
    http://www.postfix.org/postconf.5.html#virtual_alias_maps

> > > That lead me to think that virtual_alias_maps does not apply
> > > to other classes.

> > All Blacksmiths have dark skin.
> > All Negroes have dark skin.
> > All blacksmiths are negroes.
>
> there are 5 classes described on
> http://www.postfix.org/ADDRESS_CLASS_README.html
>
> The local domain class.  The virtual alias domain class.  The
> virtual mailbox domain class.  The relay domain class.  The default
> domain class.
>
> each of those sections describes different configuration variables
> used in those classes.
>
> virtual_alias_maps is only described in virtual alias domain class.

But the ADDRESS_CLASS_README is not intended to completely document
what virtual_alias_maps does.  The postconf(5) manual does that. It
is nicely hyperlinked from ADDRESS_CLASS_README.html, BTW.

> if it applies in other classes (as you said above, always), it
> should be probably described outsideof those sections.

OTOH, perhaps your assumption about the ADDRESS_CLASS_README's
function was wrong.

> Or should I expect all of maps described in those sections
> (local_recipient_maps, virtual_alias_maps, virtual_mailbox_maps,
> relay_recipient_maps) to apply in all cases?

The postconf(5) manual documents each of those, as well, each also
being nicely hyperlinked from ADDRESS_CLASS_README.html.

virtual_alias_maps apply to ALL addresses in ALL classes.  Other
class address maps do not.

The virtual alias class is different in another way, too.  There's
not a transport setting for that class.  The reason is that a
virtual_alias_domains address must ultimately resolve via v_a_maps to
a valid address in some other class, and that class defines the
transport which will be used.
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Wietse Venema
In reply to this post by Matus UHLAR - fantomas
Matus UHLAR - fantomas:

> >Matus UHLAR - fantomas:
> >> virtual_alias_domains and virtual_alias_maps are described in
> >> "The virtual alias domain class." section.
> >>
> >> * Domain names are listed in virtual_alias_domains. The default value is
> >> $virtual_alias_maps for Postfix 1.1 compatibility.
> >>
> >> * Valid recipient addresses are listed with the virtual_alias_maps parameter.
> >> The Postfix SMTP server rejects invalid recipients with "User unknown in
> >> virtual alias table". The default value is $virtual_maps for Postfix 1.1
> >> compatibility.

Again, it says that

    If the domain matches virtual_alias_domains
    then look up the user in virtual_alias_maps

The text does not say:

    If the domain matches virtual_alias_domains
    then look up the user in virtual_alias_maps
    else don't use virtual_alias_maps

The program behaves as promised.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Matus UHLAR - fantomas
>Matus UHLAR - fantomas:
>> >Matus UHLAR - fantomas:
>> >> virtual_alias_domains and virtual_alias_maps are described in
>> >> "The virtual alias domain class." section.
>> >>
>> >> * Domain names are listed in virtual_alias_domains. The default value is
>> >> $virtual_alias_maps for Postfix 1.1 compatibility.
>> >>
>> >> * Valid recipient addresses are listed with the virtual_alias_maps parameter.
>> >> The Postfix SMTP server rejects invalid recipients with "User unknown in
>> >> virtual alias table". The default value is $virtual_maps for Postfix 1.1
>> >> compatibility.

On 26.03.18 14:15, Wietse Venema wrote:

>Again, it says that
>
>    If the domain matches virtual_alias_domains
>    then look up the user in virtual_alias_maps
>
>The text does not say:
>
>    If the domain matches virtual_alias_domains
>    then look up the user in virtual_alias_maps
>    else don't use virtual_alias_maps

but that is exactly what "if" means.
What you say here is a perfect example of misleading.

Using "if" in case where a condition does NOT have to be met only leads to
mistakes.

there are many ifs in postfix documentation, should I understand that
they are all useless and all "then" apply even when their "if" doesn't
succeed?

>The program behaves as promised.

IMHO the documentation should make it more clear.  I have only found this
information in:
http://www.postfix.org/ADDRESS_REWRITING_README.html#overview
but the virtual_alias_maps is documented in other docs to.

Note that the original poster also did miss this information, that's why we
have this thread.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson.  -- Daffy Duck & Porky Pig
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Wietse Venema
Matus UHLAR - fantomas:

> On 26.03.18 14:15, Wietse Venema wrote:
> >Again, it says that
> >
> >    If the domain matches virtual_alias_domains
> >    then look up the user in virtual_alias_maps
> >
> >The text does not say:
> >
> >    If the domain matches virtual_alias_domains
> >    then look up the user in virtual_alias_maps
> >    else don't use virtual_alias_maps
>
> but that is exactly what "if" means.
> What you say here is a perfect example of misleading.

Sorry, you are confusing 'if X then Y' with 'only if X then Y'
or 'if and only if X then Y'.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Matus UHLAR - fantomas
>Matus UHLAR - fantomas:
>> On 26.03.18 14:15, Wietse Venema wrote:
>> >Again, it says that
>> >
>> >    If the domain matches virtual_alias_domains
>> >    then look up the user in virtual_alias_maps
>> >
>> >The text does not say:
>> >
>> >    If the domain matches virtual_alias_domains
>> >    then look up the user in virtual_alias_maps
>> >    else don't use virtual_alias_maps
>>
>> but that is exactly what "if" means.
>> What you say here is a perfect example of misleading.

On 27.03.18 13:17, Wietse Venema wrote:
>Sorry, you are confusing 'if X then Y' with 'only if X then Y'
>or 'if and only if X then Y'.

people say this to trick others into Y saing that X is a condition even if
it's not.

Please don't do that.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
Reply | Threaded
Open this post in threaded view
|

Re: Which user lookup wins?

Wietse Venema
Matus UHLAR - fantomas:

> >Matus UHLAR - fantomas:
> >> On 26.03.18 14:15, Wietse Venema wrote:
> >> >Again, it says that
> >> >
> >> >    If the domain matches virtual_alias_domains
> >> >    then look up the user in virtual_alias_maps
> >> >
> >> >The text does not say:
> >> >
> >> >    If the domain matches virtual_alias_domains
> >> >    then look up the user in virtual_alias_maps
> >> >    else don't use virtual_alias_maps
> >>
> >> but that is exactly what "if" means.
> >> What you say here is a perfect example of misleading.
>
> On 27.03.18 13:17, Wietse Venema wrote:
> >Sorry, you are confusing 'if X then Y' with 'only if X then Y'
> >or 'if and only if X then Y'.
>
> people say this to trick others into Y saing that X is a condition even if
> it's not.
>
> Please don't do that.

I'm abanding this thread because a) we don't agree on the meaning
of simple words, and b) you're maligning my attempts to educate.

Over and out.

        Wietse