OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Running Postfix on a firewall and unknown user
From: Magnus Sandberg (memsth.frontec.se)
Date: Fri Aug 11 2000 - 08:01:03 CDT

Hi,

I'm a new user/admin of Postfix and also new at this maillist, I haven't
been added to the list yet (need to be done by postfix-users-approval), so
please reply to my own address to membluelabs.se (masquerade behind the
old sendmail domain....)

I'm just setting up a Postfix server that will be located outside our
firewall. The idea is that this server shall relay both incoming and
outgoing mail for our company.

For the moment the outgoing relaying is working okay but not the incoming
relaying.

I have tried to look at the FAQ, http://www.postfix.org/faq.html , and
follow the firewall example. The problem is that I get a "unknown user"
bounce from my machine for every incoming mail.

This is the postconf -n output;

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 10
local_destination_concurrency_limit = 2
mail_owner = postfix
mydestination = $myhostname, localhost.$mydomain, mailserver.$mydomain
mydomain = any.domain.com
myhostname = mailrelay.any.domain.com
mynetworks = 127.0.0.0/8, X.Y.Z.0/24
myorigin = $myhostname
notify_classes = bounce, 2bounce, delay, policy, protocol, resource,
software
queue_directory = /var/spool/postfix
relocated_maps = hash:/etc/postfix/relocated
sender_canonical_maps = hash:/etc/postfix/sender_canonical
transport_maps = hash:/etc/postfix/transport

The /etc/postfix/transport;

any.domain.com smtp:mailserver.any.domain.com
mailrelay.any.domain.com smtp:mailserver.any.domain.com
mailserver.any.domain.com smtp:mailserver.any.domain.com

Of cause "any.domain.com", "mailserver" and "X.Y.Z.0" is replacements for
actual values. The relocated_maps and sender_canonical_maps will be used
for reject-mail and pretty-name translation, but it shouldn't affect this
problem (I hope).

My guess is that Postfix don't actually read /etc/postfix/transport which
should be done before local delivery. And as a result Postfix tries to
deliver locally but there are no users created or defined at this machine.
I don't like to create every on on this machine because it will be placed
outside the firewall.

(Later on I will move the relocated_maps and sender_canonical_maps to a
machine inside the firewall. Now I will use them at this machine to test
the functionality only. Everything is run in a test environment for the
moment.)

                                  _\\|//_
                                  (-0-0-)
/-------------------------------ooO-(_)-Ooo------------------------------\
| Magnus Sandberg Email: membluelabs.se |
| Network Engineer, BlueLabs AB http://www.bluelabs.se/ |
| Phone: +46-8-470 2155 (FAX: +46-8-470 2199) GSM: +46-708-225 805 |
\------------------------------------------------------------------------/
                                  || ||
                                 ooO Ooo