consolidate virtual and relay_recipients files

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

consolidate virtual and relay_recipients files

Samuel Torton

Hi,

 

I have a postfix server configured as a incoming mail relay for my customers.

 

One of my customers has several domain names: domain1.com (main), domain2.com, domain3.com, domain4.com.

My server can receive emails on whatever domain1/2/3/4.com, but can accept emails for declared email addresses only (relay_recipients), and rejects others non declared.

 

Here is a part of my /etc/postfix/main.cf:

++++

virtual_alias_maps = hash:/etc/postfix/virtual

relay_recipient_maps = hash:/etc/postfix/relay_recipients

transport_maps = hash:/etc/postfix/transport

++++

 

Here is my /etc/postfix/virtual:

++++

@domain2.com                @domain1.com

@domain3.com                @domain1.com

@domain4.com                @domain1.com

++++

 

Here is my /etc/postfix/relay_recipients:

++++

[hidden email]     x

[hidden email]     x

[hidden email]     x

[hidden email]     x

++++

 

Here is my /etc/postfix/transport:

++++

domain1.com                            smtp:[10.10.10. 1]

++++

 

Now, here are several scenarios happening on my server:

 

1/ Receiving email for [hidden email] à OK, relayed to 10.10.10.1 (for [hidden email])

2/ Receiving email for [hidden email] à OK, rejected

3/ Receiving email for [hidden email] à OK, relayed to 10.10.10.1 (for [hidden email])

4/ Receiving email for [hidden email] à relayed to 10.10.10.1 (for [hidden email]) !!! à and the destination mail server will reject it

 

I’m happy with the scenarios 1/ 2/ 3/.

I’m NOT happy with the scenario 4/.

 

As I understand, the combination of virtual + relay_recipients files doesn’t work efficiently: if an email is sent to whatever@domain2/3/4.com, the relay_recipients file is bypassed by the virtual file, and the email will be automatically relayed to [hidden email] on 10.10.10.1 without checking the relay_recipients.

 

Do you have any solution / hint to avoid this ?

If possible, I would like to avoid writing a list of all my user mailbox @ all domain names neither in virtual, nor in relay_recipients file.

 

Thanks a lot for your help.

Samuel

 

 

Reply | Threaded
Open this post in threaded view
|

Re: consolidate virtual and relay_recipients files

Curtis Maurand
I would think about using the transport file for this.  It's pretty flexible.  Check the docs, but I found this:

"TABLE SEARCH ORDER
       With  lookups  from  indexed files such as DB or DBM, or from networked
       tables such as NIS, LDAP or SQL, patterns are tried  in  the  order  as
       listed below:

       user+extension@domain transport:nexthop
              Deliver mail for user+extension@domain through transport to nex-
              thop.


On 3/6/19 12:34 PM, Samuel Torton wrote:

Hi,

 

I have a postfix server configured as a incoming mail relay for my customers.

 

One of my customers has several domain names: domain1.com (main), domain2.com, domain3.com, domain4.com.

My server can receive emails on whatever domain1/2/3/4.com, but can accept emails for declared email addresses only (relay_recipients), and rejects others non declared.

 

Here is a part of my /etc/postfix/main.cf:

++++

virtual_alias_maps = hash:/etc/postfix/virtual

relay_recipient_maps = hash:/etc/postfix/relay_recipients

transport_maps = hash:/etc/postfix/transport

++++

 

Here is my /etc/postfix/virtual:

++++

@domain2.com                @domain1.com

@domain3.com                @domain1.com

@domain4.com                @domain1.com

++++

 

Here is my /etc/postfix/relay_recipients:

++++

[hidden email]     x

[hidden email]     x

[hidden email]     x

[hidden email]     x

++++

 

Here is my /etc/postfix/transport:

++++

domain1.com                            smtp:[10.10.10. 1]

++++

 

Now, here are several scenarios happening on my server:

 

1/ Receiving email for [hidden email] à OK, relayed to 10.10.10.1 (for [hidden email])

2/ Receiving email for [hidden email] à OK, rejected

3/ Receiving email for [hidden email] à OK, relayed to 10.10.10.1 (for [hidden email])

4/ Receiving email for [hidden email] à relayed to 10.10.10.1 (for [hidden email]) !!! à and the destination mail server will reject it

 

I’m happy with the scenarios 1/ 2/ 3/.

I’m NOT happy with the scenario 4/.

 

As I understand, the combination of virtual + relay_recipients files doesn’t work efficiently: if an email is sent to [hidden email], the relay_recipients file is bypassed by the virtual file, and the email will be automatically relayed to [hidden email] on 10.10.10.1 without checking the relay_recipients.

 

Do you have any solution / hint to avoid this ?

If possible, I would like to avoid writing a list of all my user mailbox @ all domain names neither in virtual, nor in relay_recipients file.

 

Thanks a lot for your help.

Samuel

 

 


--
Best Regards Curtis Maurand
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: consolidate virtual and relay_recipients files

Viktor Dukhovni
In reply to this post by Samuel Torton
On Wed, Mar 06, 2019 at 05:34:03PM +0000, Samuel Torton wrote:

> virtual_alias_maps = hash:/etc/postfix/virtual
> relay_recipient_maps = hash:/etc/postfix/relay_recipients
> transport_maps = hash:/etc/postfix/transport
> ...
> ++++
>
> Here is my /etc/postfix/virtual:
> ++++
> ...
> @domain2.com                @domain1.com
> @domain3.com                @domain1.com
> @domain4.com                @domain1.com
> ...

The problem is the wildcard entries.  The solution is to have
explicit mappings for each valid address (each user at each domain).

> Here is my /etc/postfix/relay_recipients:
> ++++
> ...
> [hidden email]     x
> [hidden email]     x
> [hidden email]     x
> [hidden email]     x
> ...

Once all the valid addresses are in virtual_alias_maps, the
relay_recipients table can be empty (note that's different
from an empty setting of "relay_recipient_maps", you should
set to a table, whose *content* is empty, or perhaps contains
just the postmaster mappings).

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

RE: consolidate virtual and relay_recipients files

Samuel Torton
Thanks a lot Viktor,
That's heavy, but safe !

--
Samuel Torton


-----Original Message-----
From: [hidden email] <[hidden email]> On Behalf Of Viktor Dukhovni
Sent: 08 March 2019 16:20
To: [hidden email]
Subject: Re: consolidate virtual and relay_recipients files

On Wed, Mar 06, 2019 at 05:34:03PM +0000, Samuel Torton wrote:

> virtual_alias_maps = hash:/etc/postfix/virtual relay_recipient_maps =
> hash:/etc/postfix/relay_recipients
> transport_maps = hash:/etc/postfix/transport ...
> ++++
>
> Here is my /etc/postfix/virtual:
> ++++
> ...
> @domain2.com                @domain1.com
> @domain3.com                @domain1.com
> @domain4.com                @domain1.com
> ...

The problem is the wildcard entries.  The solution is to have explicit mappings for each valid address (each user at each domain).

> Here is my /etc/postfix/relay_recipients:
> ++++
> ...
> [hidden email]     x
> [hidden email]     x
> [hidden email]     x
> [hidden email]     x
> ...

Once all the valid addresses are in virtual_alias_maps, the relay_recipients table can be empty (note that's different from an empty setting of "relay_recipient_maps", you should set to a table, whose *content* is empty, or perhaps contains just the postmaster mappings).

--
        Viktor.