dovecot lda bouncing postfix aliases

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

dovecot lda bouncing postfix aliases

Ian Evans
Recently configured postfix to use the dovecot lda as I wanted to use sieve. Got that working a few days ago but noticed that I wasn't getting any emails to aliases. Checked the logs and saw messages like:

Mar  1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=<[hidden email]>, relay=carson.example.com[private/dovecot-lmtp], delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 <[hidden email]> User doesn't exist: [hidden email] (in reply to RCPT TO command))

Aliases were working previously and are in /etc/postfix/vmaps

Anything I need to check on the postfix end of things to get dovecot to recognize postfix aliases?

Thanks...reaching for my morning coffee.
Reply | Threaded
Open this post in threaded view
|

Re: dovecot lda bouncing postfix aliases

Viktor Dukhovni

> On Mar 1, 2017, at 8:42 AM, Ian Evans <[hidden email]> wrote:
>
> Mar  1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=<[hidden email]>, relay=carson.example.com[private/dovecot-lmtp], delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 <[hidden email]> User doesn't exist: [hidden email] (in reply to RCPT TO command))
>
> Aliases were working previously and are in /etc/postfix/vmaps

You've not posted your "postconf -n" or "postconf -Mf" output,

    http://www.postfix.org/DEBUG_README.html#mail

so what follows will be speculative.  The aliases you allude to
sound like virtual(5) aliases.  In which case their processing
happens on *input* in cleanup(8), not in delivery agents.  Since
the log entry you show has no "orig_to" element, and you probably
don't have "enable_original_recipient = no", one might conclude
that somehow you've disabled use of that set of aliases in cleanup(8).
Perhaps "receive_override_options"?  Or perhaps a change in the
definition of "virtual_alias_maps"?

Or perhaps the aliases were local(5) aliases, in which case your
dovecot lda would not be processing those, you need to use
"mailbox_transport" to deliver mail to local users to an alternate
transport without losing local(5) alias expansion.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: dovecot lda bouncing postfix aliases

Ian Evans
On Wed, Mar 1, 2017 at 2:47 PM, Viktor Dukhovni <[hidden email]> wrote:

> On Mar 1, 2017, at 8:42 AM, Ian Evans <[hidden email]> wrote:
>
> Mar  1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=<[hidden email]>, relay=carson.example.com[private/dovecot-lmtp], delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 <[hidden email]> User doesn't exist: [hidden email] (in reply to RCPT TO command))
>
> Aliases were working previously and are in /etc/postfix/vmaps

You've not posted your "postconf -n" or "postconf -Mf" output,

    http://www.postfix.org/DEBUG_README.html#mail

so what follows will be speculative.  The aliases you allude to
sound like virtual(5) aliases.  In which case their processing
happens on *input* in cleanup(8), not in delivery agents.  Since
the log entry you show has no "orig_to" element, and you probably
don't have "enable_original_recipient = no", one might conclude
that somehow you've disabled use of that set of aliases in cleanup(8).
Perhaps "receive_override_options"?  Or perhaps a change in the
definition of "virtual_alias_maps"?

Or perhaps the aliases were local(5) aliases, in which case your
dovecot lda would not be processing those, you need to use
"mailbox_transport" to deliver mail to local users to an alternate
transport without losing local(5) alias expansion.


Sorry. Also dealing with a relative in hospital so my mind's all over the place. As soon as I read that I banged my head on the desk.

postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
mailbox_size_limit = 0
message_size_limit = 104857600
myhostname = carson.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
policy-spf_time_limit = 3600s
readme_directory = no
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = carson.example.com ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policy-spf,reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client cbl.abuseat.org,check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/valid_senders, reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = EXPORT
smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = example.com
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000

postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
mailbox_size_limit = 0
message_size_limit = 104857600
myhostname = carson.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
policy-spf_time_limit = 3600s
readme_directory = no
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = carson.example.com ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policy-spf,reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client cbl.abuseat.org,check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/valid_senders, reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = EXPORT
smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = example.com
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: dovecot lda bouncing postfix aliases

Viktor Dukhovni

> On Mar 1, 2017, at 3:20 PM, Ian Evans <[hidden email]> wrote:
>
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = example.com
> virtual_mailbox_limit = 0
> virtual_mailbox_maps = hash:/etc/postfix/vmaps
> virtual_transport = lmtp:unix:private/dovecot-lmtp

The virtual_mailbox_maps table is NOT an aliasing mechanism.
It serves precisely two purposes:

   1. Used as a *validation* table for inbound mail to reject
      invalid recipients.  Only the existence of the lookup key
      (email address) matters, the associated value is ignored.

   2. *IF* you're using the Postfix-provided virtual(8) delivery
      agent, then *that* agent uses the associated value as the
      location of the mailbox in the filesystem.

With "dovecot-lmtp", the second purpose does not apply, and mapping
email addresses to mailboxes is up to dovecot.

You can of course use virtual_alias_maps to map multiple equivalent
addresses to a single address known to dovecot for delivery to the
associated mailbox.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: dovecot lda bouncing postfix aliases

Ian Evans
On Wed, Mar 1, 2017 at 3:32 PM, Viktor Dukhovni <[hidden email]> wrote:

> On Mar 1, 2017, at 3:20 PM, Ian Evans <[hidden email]> wrote:
>
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = example.com
> virtual_mailbox_limit = 0
> virtual_mailbox_maps = hash:/etc/postfix/vmaps
> virtual_transport = lmtp:unix:private/dovecot-lmtp

The virtual_mailbox_maps table is NOT an aliasing mechanism.
It serves precisely two purposes:

   1. Used as a *validation* table for inbound mail to reject
      invalid recipients.  Only the existence of the lookup key
      (email address) matters, the associated value is ignored.

   2. *IF* you're using the Postfix-provided virtual(8) delivery
      agent, then *that* agent uses the associated value as the
      location of the mailbox in the filesystem.

With "dovecot-lmtp", the second purpose does not apply, and mapping
email addresses to mailboxes is up to dovecot.

You can of course use virtual_alias_maps to map multiple equivalent
addresses to a single address known to dovecot for delivery to the
associated mailbox.

--
        Viktor.

Okay...lack of caffeine and hospital distraction is probably not the best time to be doing this,

Created /etc/virtual with:

example.com          this-text-is-ignored
[hidden email] ianevans
[hidden email]        ianevans

postconf -e virtual_alias_maps=hash:/etc/postfix/virtual

postmap /etc/postfix/virtual

service postfix reload

Sent an email to myself:

Mar  1 16:05:56 carson postfix/smtpd[24513]: connect from localhost[127.0.0.1]
Mar  1 16:05:56 carson postfix/smtpd[24513]: 0FD87201FEC: client=localhost[127.0.0.1]
Mar  1 16:05:56 carson postfix/cleanup[24506]: 0FD87201FEC: message-id=<CABiY0=[hidden email]>
Mar  1 16:05:56 carson postfix/qmgr[24498]: 0FD87201FEC: from=<[hidden email]>, size=3734, nrcpt=1 (queue active)
Mar  1 16:05:56 carson amavis[22912]: (22912-04) FWD from <[hidden email]> -> <[hidden email]>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0FD87201FEC
Mar  1 16:05:56 carson postfix/smtpd[24513]: disconnect from localhost[127.0.0.1]
Mar  1 16:05:56 carson amavis[22912]: (22912-04) Passed CLEAN {RelayedInbound}, [74.125.82.43]:38908 [74.125.82.43] <[hidden email]> -> <[hidden email]>, Queue-ID: 48163201F9F, Message-ID: <CABiY0=[hidden email]>, mail_id: x4zkW8Bv6wBB, Hits: -2.019, size: 2816, queued_as: 0FD87201FEC, dkim_sd=20161025:gmail.com, 2611 ms
Mar  1 16:05:56 carson postfix/smtp[24507]: 48163201F9F: to=<[hidden email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3, delays=0.72/0.01/0.01/2.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0FD87201FEC)
Mar  1 16:05:56 carson postfix/qmgr[24498]: 48163201F9F: removed
Mar  1 16:05:56 carson postfix/error[24514]: 0FD87201FEC: to=<[hidden email]>, relay=none, delay=0.03, delays=0.01/0.01/0/0.01, dsn=5.1.1, status=bounced (User unknown in virtual alias table)
Mar  1 16:05:56 carson postfix/cleanup[24506]: 179D7201F9F: message-id=<[hidden email]>

Okay, so I've obviously misunderstood what I need to place in the /etc/virtual file

Do I need the [hidden email] ianevans

or just the [hidden email] ianevans

Sorry if I'm just being really thick.

Reply | Threaded
Open this post in threaded view
|

Re: dovecot lda bouncing postfix aliases

Viktor Dukhovni

> On Mar 1, 2017, at 4:14 PM, Ian Evans <[hidden email]> wrote:
>
> Okay...lack of caffeine and hospital distraction is probably not the best time to be doing this,
>
> Created /etc/virtual with:
>
> example.com          this-text-is-ignored

Lose the above line.  The domain is not a virtual alias domain,
it is a virtual mailbox domain.

> [hidden email] ianevans
> [hidden email]        ianevans

Add an explicit domain to the value (second field) of the above lines:

   [hidden email]        [hidden email]

The domains of the key and value parts don't need to be the same.
The identity mapping in the first line is unnecessary.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: dovecot lda bouncing postfix aliases

Ian Evans


On Mar 1, 2017 4:30 PM, "Viktor Dukhovni" <[hidden email]> wrote:

> On Mar 1, 2017, at 4:14 PM, Ian Evans <[hidden email]> wrote:
>
> Okay...lack of caffeine and hospital distraction is probably not the best time to be doing this,
>
> Created /etc/virtual with:
>
> example.com          this-text-is-ignored

Lose the above line.  The domain is not a virtual alias domain,
it is a virtual mailbox domain.

> [hidden email] ianevans
> [hidden email]        ianevans

Add an explicit domain to the value (second field) of the above lines:

   [hidden email]        [hidden email]

The domains of the key and value parts don't need to be the same.
The identity mapping in the first line is unnecessary.

--
        Viktor.

Thanks Viktor. I will fix it shortly. 
Reply | Threaded
Open this post in threaded view
|

Re: dovecot lda bouncing postfix aliases

Ian Evans
On Mar 1, 2017 4:37 PM, "Ian Evans" <[hidden email]> wrote:


On Mar 1, 2017 4:30 PM, "Viktor Dukhovni" <[hidden email]> wrote:

> On Mar 1, 2017, at 4:14 PM, Ian Evans <[hidden email]> wrote:
>
> Okay...lack of caffeine and hospital distraction is probably not the best time to be doing this,
>
> Created /etc/virtual with:
>
> example.com          this-text-is-ignored

Lose the above line.  The domain is not a virtual alias domain,
it is a virtual mailbox domain.

> [hidden email] ianevans
> [hidden email]        ianevans

Add an explicit domain to the value (second field) of the above lines:

   [hidden email]        [hidden email]

The domains of the key and value parts don't need to be the same.
The identity mapping in the first line is unnecessary.

--
        Viktor.

Thanks Viktor. I will fix it shortly. 

Thanks again. Made the changes the other day and all is well.