[pfx] Re: Preparation of switch from OpenSMTPd to Postfix -> syntax/behaviuor of virtual_alias_maps
On Sun, Jan 21, 2024 at 11:35:39PM +0100, Simon Hoffmann via Postfix-users wrote: > > DO NOT use the deprecated "virtual_domains" parameter, it mixes > > classification of domains with address mappings. > > I have read that and I thought I understood it. Simply put, use "virtual_alias_domains" to enumerate any virtual alias domains, and "virtual_alias_maps". DO NOT reply on the backwards-compatible (with Postfix 1.x 20+ years ago) default value of "virtual_alias_domains": virtual_alias_domains = $virtual_alias_maps Instead, set "virtual_alias_domains" explicitly, either empty or a non-empty list of such domains. > I have also read http://www.postfix.org/VIRTUAL_README.html and this states > that with > virtual alias mode I can have the same local part in an email address and > deliver > them to different unix users, You're not reading on its own merit, rather letting your prior expectations obscure the message. Try to forget everything you know about the OpenSMTP virtual table as a model of what virtual mappings do, all you should carry forward is an understanding of the functionality of the individual lines that you want to translate in a suitable manner to Postfix. The Postfix virtual(5) table is *very* different, and to avoid confusion, on this list, lets reserve virtual table for the Postfix version, and your OpenSMTPd configuration file is just some file with lines that implement various behaviours which you'll want to match one line at a time... Note: 0. The virtual(5) mapping applies to ALL envelope recipient addresses, regardless of address class. The domainpart does not need to be listed in virtual_alias_domains! 1. The virtual(5) table is a 1-to-many mapping of input rfc822 recipient addresses to output *addresses*. Nothing you put on the RHS of the *Postfix* virtual(5) file directly causes deliveryu to some file or to a user, or causes a recipient to be rejected... 2. virtual(5) is JUST a one-to-many address mapping. 3. On the RHS, bare "localpart" addresses with no domain part are implicity rewritten to "localpart@$myorigin" 4. The mapping is recursive! Each RHS value is again subject to virtual(5) rewriting, until there's no match, or an address maps to itself (after appening @$myorigin if necessary). 5. Input adresses with a domain part that matches "$myorigin" that don't match as-is, are retried with just the localpart as a lookup key, but the termination check (self-mapping) is based on the full input address. Sepately, Postfix supports virtual_alias_domains, which cannot hold any directly deliverable mailboxes, instead, each address in such a domain must be rewritten to some list of addresses in other domains. > but i can still use local unix users. You want to see "unix users" on the RHS of the table, but what's there are email address localparts, that get an implicit domain when none is explicitly specified. > The first method on that page does not allow me to route > localp...@domain1.com to a different user than localp...@domain2.org This is wrong. You can map any address to some list of addresses. With virtual(5), just write: us...@domain1.com us...@domain.org > (with the exact same localpart) and the third mode on that page does > not use unix users and their home directory to store mails but just a > directory structure, which is also not what i want. With virtual_mailbox_domains you can indeed to deliver to logical users that aren't tied to system accounts. You may need to get a copy of the Postfix book by Patrick Koetter and Ralph Hildebrandt and spend a few days reading the background topics. You need to understand local(8) delivery, and virtual(8) delivery or delivery via an LDA or LMTP to some appropriate mail store. > > It is best to not use the same terminology for two different things. > > Instead let go of the old terminology and focus on function. > > The file that maps an email address to a unix user or another email address > in OpenSMTPd > is literally stated in the config with the keyword "virtual". This is actually a big part of the problem. You need to let go of the diea that these serve the same function. They don't. > > Actually to simon@$myorigin, which may or may not go to the UNIX user, > > depending on how that's handled. > > With the information from http://www.postfix.org/VIRTUAL_README.html I > understand > that this line means that this email address is delivered to the unix user on > the > RHS. Why would I need to specify a domain on the RHS if i want the unix user > simon to > get the mail? No. It is delivered to wherever that address happens to be routed, which depends on the transport to which the address is resolved, which depends on the domainpart's address class or matching data in the transport(5) table. > Or is specifying @$myhostname the actual (and only?) way to tell > postfix to
[pfx] Re: Preparation of switch from OpenSMTPd to Postfix -> syntax/behaviuor of virtual_alias_maps
Dnia 21.01.2024 o godz. 23:35:39 Simon Hoffmann via Postfix-users pisze: > I have also read http://www.postfix.org/VIRTUAL_README.html and this > states that with virtual alias mode i can have the same local part in an > email address and deliver them to different unix users, but i can still > use local unix users. If you have for example domains example1.com, example2.com and example3.com, one of them (say example1.com) can be your "main" domain where you use unix users as mail destinations, ie. use...@example1.com. You DON'T put any addresses in that domain in virtual_alias_maps, you just list that domain in mydestination= parameter in main.cf. The other two domains, example2.com and example3.com, will be virtual domains. You DON'T list them in mydestination=, but you can handle addresses in virtual domains in two different ways. First, you can put the addresses in virtual_alias_table, and redirect the mail addressed to virtual users either to real unix users on your system OR to remote users on another server. Of course the following should work (if not, then you have done something wrong): usern...@example2.comsomeuser usern...@example3.comotheruser and redirect mail sent to "usern...@example2.com" to user "someuser" on your system, and mail sent to "usern...@example3.com" (the same localpart) to another user "otheruser". The second option is to have virtual mailboxes, where mail is just delivered to some place in the filesystem and you have arranged some method for your virtual users to pick it up (eg. via Dovecot). You list the domain in virtual_mailbox_domains=, and use virtual_mailbox_maps (and possibly other related parameters like eg. virtual_mailbox_base) to specify location of the individual mailboxes like: u...@example4.com /vbox/example4/user I'm using such a setup, with all three kinds of domains (a "real" one, virtual alias and virtual mailbox) and everything works as intended. > The first method on that page does not allow me to route > localp...@domain1.com to a different user than localp...@domain2.org (with > the exact same localpart) By "first method" do you refer to the section "As simple as can be: shared domains, UNIX system accounts". Yes, in that case you just have two fully equivalent domains, both listed in mydestination=. Each unix user, by definition, "belongs" to ALL domains listed in mydestination=. > and the third mode on that page does not use > unix users and their home directory to store mails but just a directory > structure, which is also not what i want. This is the virtual mailbox example mentioned above. So you need the second one: "Postfix virtual ALIAS example: separate domains, UNIX system accounts", as Viktor already explained to you. > The file that maps an email address to a unix user or another email > address in OpenSMTPd is literally stated in the config with the keyword > "virtual". The Postfix equivalent is virtual_alias_maps. > With the information from http://www.postfix.org/VIRTUAL_README.html I > understand that this line means that this email address is delivered to > the unix user on the RHS. Why would I need to specify a domain on the RHS > if i want the unix user simon to get the mail? You don't have to. You have to remember that because virtual aliasing is done in the cleanup(8) process, and mail whose RHS is "simon" is then passed to local(8) process for delivery, it may be subject to further aliasing in that process, according to alias_maps table (whose default value is /etc/aliases). So if you have defined in your virtual_alias_table: usern...@domain2.com simon and in your /etc/aliases file: simon extu...@example.net then the mail will be effectively forwarded to extu...@example.net, and not delivered to local user simon (but the same applies to all mail addressed to local user simon, regardless of the origin). -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Preparation of switch from OpenSMTPd to Postfix -> syntax/behaviuor of virtual_alias_maps
Viktor Dukhovni via Postfix-users wrote: > On Sun, Jan 21, 2024 at 07:21:26PM +0100, Simon Hoffmann via Postfix-users > wrote: > > > The old virtual_domains file just lists all domains (one per line), and can > > directly be used in > > virtual_alias_domains. > > You're going about this the wrong way, by tryign to translate low-level > artefacts from one system to somewhat related, but different low-level > artefacts in Postfix. Instead you need to implement a functional at a > higher layer. > > Postfix support virtual alias rewriting (for all envelope recipient > addresses), and virtual alias domains (which make rewriting mandatory, > since there are no actual mailbox recipients in the domain, just aliases > to mailboxes in *other* domains). > > You need to read and understand: > > - ADDRESS_CLASS_README > - ADDRESS_REWRITING_README > - The virtual(5) manpage > - The postconf(5) descriptions of: > * virtual_alias_domains > * virtual_alias_maps > > DO NOT use the deprecated "virtual_domains" parameter, it mixes > classification of domains with address mappings. I have read that and I thought I understood it. I have also read http://www.postfix.org/VIRTUAL_README.html and this states that with virtual alias mode i can have the same local part in an email address and deliver them to different unix users, but i can still use local unix users. The first method on that page does not allow me to route localp...@domain1.com to a different user than localp...@domain2.org (with the exact same localpart) and the third mode on that page does not use unix users and their home directory to store mails but just a directory structure, which is also not what i want. > > > However, in my virtual aliases table on OpenSMTPd, I have the following > > line-types > > It is best to not use the same terminology for two different things. > Instead let go of the old terminology and focus on function. The file that maps an email address to a unix user or another email address in OpenSMTPd is literally stated in the config with the keyword "virtual". > > > si...@simonhoffmann.net simon > > > > The first line is obvious. Mail addressed to the email address is delivered > > to the > > UNIX user. > > This is an address mapping, best practice is to also specify a domain on > the RHS, which by default gets qualified with "@$myorigin", but if you > have a specific domain in mind, specify it here. > > Actually to simon@$myorigin, which may or may not go to the UNIX user, > depending on how that's handled. With the information from http://www.postfix.org/VIRTUAL_README.html I understand that this line means that this email address is delivered to the unix user on the RHS. Why would I need to specify a domain on the RHS if i want the unix user simon to get the mail? Or is specifying @$myhostname the actual (and only?) way to tell postfix to deliver to the local user? With that in mind, i am using sieve rules in dovecot and require the mails to be delivered to dovecot via lmtp. Upon reading the docs again just now it seems that i have to use virtual domains mode and virtual_mailbox_domains and virtual_mailbox_maps to be able to use virtual_transport, which in my understanding is the only way to hand mail off to dovecot. I think i just broke my brain and need to pause for a few weeks before trying to understand the config again ^^ The site also states to add the domain to the virtal_alias_domains, by the way. Is the documentation wrong? > > > @list.simonhoffmann.net simon > > > > The second line is also obvious, as this is a catchall for a domain. In > > Postfix this > > has also the lowest priority so I don't break my current alias file. > > Catchalls are best avoided. If you have a specific list of valid > addresses, best to specify each one. Well for one i am lazy and dont want to edit my map all the time. :) Secondly, aside from getting more spam (which i can live with), why is it best to avoid a catchall? > > > simon simon > > > For the third line, the documenation under > > http://www.postfix.org/virtual.5.html > > specifies > > You're looking at the wrong documentation, that line from OpenSMTPD, What would be the right documentation? Above you asked me to read virtual(5)... > what is supposed to achieve? Then figure out whether it is needed, > and how to get equivalent *functionality* (not syntax) from Postfix. > > > So I am not sure if this would work and the third line would be an accepted > > line or > > if I need to replace this line with a user@domain line for every virtual > > domain. > > What is the "simon" entry supposed to achieve? How does it augment the > functionality of the first line? on OpenSMPTd, this line translates to simon@ALL_DOMAINS deliver to unix user simon. I actually use this for myself, hostmaster, postmaster, webmaster, abuse, ... addresses in my config file
[pfx] Re: Preparation of switch from OpenSMTPd to Postfix -> syntax/behaviuor of virtual_alias_maps
On Sun, Jan 21, 2024 at 07:21:26PM +0100, Simon Hoffmann via Postfix-users wrote: > The old virtual_domains file just lists all domains (one per line), and can > directly be used in > virtual_alias_domains. You're going about this the wrong way, by tryign to translate low-level artefacts from one system to somewhat related, but different low-level artefacts in Postfix. Instead you need to implement a functional at a higher layer. Postfix support virtual alias rewriting (for all envelope recipient addresses), and virtual alias domains (which make rewriting mandatory, since there are no actual mailbox recipients in the domain, just aliases to mailboxes in *other* domains). You need to read and understand: - ADDRESS_CLASS_README - ADDRESS_REWRITING_README - The virtual(5) manpage - The postconf(5) descriptions of: * virtual_alias_domains * virtual_alias_maps DO NOT use the deprecated "virtual_domains" parameter, it mixes classification of domains with address mappings. > However, in my virtual aliases table on OpenSMTPd, I have the following > line-types It is best to not use the same terminology for two different things. Instead let go of the old terminology and focus on function. > si...@simonhoffmann.net simon > > The first line is obvious. Mail addressed to the email address is delivered > to the > UNIX user. This is an address mapping, best practice is to also specify a domain on the RHS, which by default gets qualified with "@$myorigin", but if you have a specific domain in mind, specify it here. Actually to simon@$myorigin, which may or may not go to the UNIX user, depending on how that's handled. > @list.simonhoffmann.net simon > > The second line is also obvious, as this is a catchall for a domain. In > Postfix this > has also the lowest priority so I don't break my current alias file. Catchalls are best avoided. If you have a specific list of valid addresses, best to specify each one. > simon simon > For the third line, the documenation under > http://www.postfix.org/virtual.5.html > specifies You're looking at the wrong documentation, that line from OpenSMTPD, what is supposed to achieve? Then figure out whether it is needed, and how to get equivalent *functionality* (not syntax) from Postfix. > So I am not sure if this would work and the third line would be an accepted > line or > if I need to replace this line with a user@domain line for every virtual > domain. What is the "simon" entry supposed to achieve? How does it augment the functionality of the first line? > nore...@simonhoffmann.net /dev/null > The fourth line in the old alias file silently discard a mail. Postfix virtual(5) aliases are (rfc822) address-to-address mappings. You cannot use "/dev/null" or similar here. That's a feature of local aliases(5). But far better: valias: nore...@simonhoffmann.net noreply@discard.invalid transport: discard.invalid discard:silently master.cf # Should already have a "discard" transport > OpenSMTPd allows the right hand site to be either a unix user, a > different email address or simply a path to a file to which it will > append the new email. That's what local aliases do in Postfix, but best to avoid the legacy Sendmail-compatible local delivery agent as much as possible. Use it only for outbound delivery to mailing lists, where "owner-alias" and ":include:/member-file", ... are useful features. For address-to-address rewriting use virtual(5). > Thus /dev/null on the right hand site would mark the email as > successfully received to the sending server, but then discards the > mail internally. Is this possible with postfix as well? See above. > s...@simonhoffmann.net error:550 no spam here! > > Lastly, the fifth line bounces the email with the given error code and > the given message. I have used this to disable specific address on an > otherwise catch all domain. The spam example above is only an example, > I have used this for address that were previously used but are not any > longer and I would like the sender to know that this address is no > longer in use. Is something like this possible as well? This goes in the transport(5) file, better as: s...@simonhoffmann.net error:5.1.1 Mailbox unavailable and/or an access(5) table with "check_recipient_access": main.cf: indexed = ${default_database_type}:${config_directory}/ transport_maps = ${indexed}transport smtpd_recipient_restrictions = check_recipient_access ${indexed}rcpt-access, permit_mynetworks, reject_unauth_destination, ... rcpt-access: s...@simonhoffmann.net REJECT 5.1.1 Mailbox unavailable > And then I have read the following in the documentation: > > /etc/postfix/virtual: >virtual-alias.domainanything (right-hand content