NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-05

Re: smtp auth/local delivery question

From: Matthias Leopold (matthiasaic.at)
Date: Fri May 02 2008 - 09:51:00 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Brian Evans schrieb:
> Matthias Leopold wrote:
>> hi,
>>
>> i need help with the following problem:
>>
>> i have a (mostly) ldap based setup (relevant main.cf lines see below).
>>
>> virtual_mailbox_maps = ldap:/etc/postfix/ldapmaps/virtual_mailbox.cf
>> virtual_mailbox_domains = hash:/etc/postfix/virtual_mailbox_domains
>>
>> virtual_alias_maps = hash:/etc/postfix/virtual_alias
>>
>> smtpd_recipient_restrictions = reject_unauth_destination
>> permit_sasl_authenticated
>>
>> a lookup for "userdomain.tld" in virtual_mailbox_maps yields a result
>> /etc/postfix/virtual_mailbox_domains does not contain "domain.tld"
>> /etc/postfix/virtual_alias only contains "userdomain.tld" as a remote
>> destination
>>
>> when i try to relay mail to "userdomain.tld" via my server i get
>> "relaying denied". this is what i expect. when i try to relay mail to
>> "userdomain.tld" after successful smtp authentication postfix tries
>> to deliver locally. this is contrary to what i thought. is there a way
>> to make this work other than deleting "userdomain.tld" from
>> virtual_mailbox_maps?
> My "guess" would be you have your domain in mydestination.
>
> No one here can help further without posting `postconf -n`.
> Substitute example.(com|net|org) instead of your own domain if you so
> desire.
>
> Brian
>
the domain in question is definitely not in $mydestination, since the
problem arises for all virtual domains

the output of postconf -n is below

i "beautified" the main.cf lines in the original post a little, but (i
think) the basic layout described is the same

matthias

# postconf -n
alias_maps = hash:/home2/var/virtual_alias
biff = no
bounce_size_limit = 50000
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 25
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
header_size_limit = 1024
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 10
mail_owner = postfix
mailbox_size_limit = 150000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = example.com
myhostname = host.example.com
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /localdisk/var/spool/node2
readme_directory = no
relay_domains = $mydestination
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client relays.mail-abuse.org, reject_rbl_client
list.dsbl.org, reject_rbl_client
sbl.spamhaus.org, reject_rbl_client
cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net
smtpd_hard_error_limit = 3
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,
             permit_mynetworks,
reject_invalid_hostname,
reject_unauth_pipelining,
check_helo_access hash:/etc/postfix/helo_access
smtpd_recipient_restrictions = permit_mynetworks,
          permit_sasl_authenticated,
reject_unknown_recipient_domain, reject_invalid_hostname,
                reject_non_fqdn_hostname,
reject_non_fqdn_sender
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unauth_pipelining,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rhsbl_sender rhsbl.sorbs.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks,
       permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_unauth_pipelining,
reject_sender_login_mismatch,
check_sender_access hash:/etc/postfix/sender_access
transport_maps = ldap:/etc/postfix/ldapmaps/virtual_transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/home2/var/virtual_alias
virtual_gid_maps = ldap:/etc/postfix/ldapmaps/virtual_mailbox_gid.cf
virtual_mailbox_base = /
virtual_mailbox_domains = hash:/home2/var/virtual_relay_domains
virtual_mailbox_limit = 150000000
virtual_mailbox_maps = ldap:/etc/postfix/ldapmaps/virtual_mailbox.cf
virtual_uid_maps = ldap:/etc/postfix/ldapmaps/virtual_mailbox_uid.cf

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]