NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> current

Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

From: Stan Hoeppner (stanhardwarefreak.com)
Date: Wed Jun 19 2013 - 10:55:28 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/19/2013 10:16 AM, Wietse Venema wrote:
> Craig R. Skinner:
>> On 2013-06-19 Wed 06:51 AM |, Stan Hoeppner wrote:
>>> On 6/19/2013 6:11 AM, Craig R. Skinner wrote:
>>>
>>> What happens when you try
>>>
>>> mydestination =
>>>
>>
>> That's something I didn't think of trying.
>>
>> Either blank, or with localhost:
>>
>> status=bounced (User unknown in virtual alias table)
>
> This suggests that you had the domain name listed in both mydestination
> and in virtual_alias_domains. Now you also need to remove the domain
> name from virtual_alias_domains, in order to make that error go away.
>
> Until now Postfix will have logged numerous warnings with "do not
> list domain X in both mydestination and virtual_alias_maps" to
> remind you of a configuration error. Maybe it should just abort
> deliveries, that might get people's attention.
>
> Wietse

I'm anything but an expert in this particular area of Postfix, but I
think the problem is that Craig is trying to use virtual_alias_maps when
he should probably just be using the local aliases file. His Postfix
hosts a single mail domain IIUC. He's simply wanting to create alias
addresses presented to the public for each local UNIX mailbox address.
Additionally he wants to reject any inbound mail destined for the actual
local UNIX addresses, as well as system/role accounts. These last two
are straightforward. For the first:

/etc/postfix/reject-local-system

jb4356example.com reject Unknown User
jb8921example.com reject Unknown User
sshdexample.com reject Unknown User
namedexample.com reject Unknown User
dovecotexample.com reject Unknown User
squidexample.com reject Unknown User
postfixexample.com reject Unknown User

and use

smtpd_recipient_restrictions
    ...
    check_recipient_access hash:/etc/postfix/reject-local-system
    ...

To satisfy the second:

jb4356server1.example.com --> reject as unknown
jb8921server2.example.com --> reject as unknown

Simply do not put "$myhostname, localhost.$mydomain" in mydestination,
assuming $myhostname is an FQDN equal to "serverX.example.com". In fact
there's likely no need to have anything in mydestination other than your
domain name.

--
Stan

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]