Am 07.02.2011 11:51, schrieb lst_ho...@kwsoft.de: > Zitat von Reindl Harald <h.rei...@thelounge.net>: > >> hi >> >> i have a little problem implementing alias-domains >> the backend is dbmail with some additional tables and a inhouse >> developed webui for dbmail/postfix/dovecot-proxy >> >> i'm using "recipient_canonical_maps" as follows what works but >> RCPT-Verify for "inva...@aliasdomain.tld" gives back that the >> address is valid, so the mail will be received and after that >> "inva...@targetdomain.tld" is correctly rejected from lmtp and >> postfix sends a bounce-mesage wgat results in backscatter > > The _canonical_ is *only* for rewriting as far as i know and only useful if > you have to rewrite headers too. If you > like (and you really should) do recipient verification you should use virtual > alias or virtual maibox domains. Have > a look at http://www.postfix.org/ADDRESS_CLASS_README.html for the basics. > > For further question please include "postconf -n" output. > > Regards > > Andreas > >
Thank you for your reply!
I tried to understand the ADDRESS_CLASS_README.html but until
now i see no esay mysql-based solution for domain-forwards
below the ouput from "postconf -n" and the mysql-config-files
because without the sql-queries it informations are useless
The whole system works really nice since more than a year
and i noticed the domain-alias-problem only because i
got a quarantine-message from the barracuda-appliance
bounced to postmaster :-(
address_verify_sender = postmaster@mydomain
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
anvil_rate_time_unit = 1800s
body_checks_size_limit = 65535
bounce_queue_lifetime = 3d
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_destination_concurrency_failed_cohort_limit = 5
default_destination_concurrency_limit = 5
default_destination_rate_delay = 1
default_destination_recipient_limit = 15
double_bounce_sender = double-bounce@mydomain
fast_flush_domains =
html_directory = no
in_flow_delay = ${stress?2}${stress:0}s
inet_interfaces = all
inet_protocols = ipv4
initial_destination_concurrency = 5
lmtp_connection_cache_time_limit = 30
local_recipient_maps = mysql:/etc/postfix/mysql-recipients.cf
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
max_idle = 60
maximal_backoff_time = 5400
maximal_queue_lifetime = 3d
message_size_limit = 36700160
minimal_backoff_time = 900
mydestination = mysql:/etc/postfix/mysql-mydestination.cf
myhostname = mail.myhostname
mynetworks = 127.0.0.0/8, proxy:mysql:/etc/postfix/mysql-mynetworks.cf
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 240
readme_directory = /usr/share/doc/postfix-2.7.0/README_FILES
recipient_canonical_maps = mysql:/etc/postfix/mysql-rewritedomains.cf
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.7.0/samples
sender_canonical_maps = mysql:/etc/postfix/mysql-rewritesenders.cf
sender_dependent_relayhost_maps = mysql:/etc/postfix/mysql-sender_relay_hosts.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_connect_timeout = ${stress?15}${stress:45}s
smtp_destination_concurrency_limit = 5
smtp_helo_timeout = ${stress?45}${stress:180}s
smtp_mail_timeout = ${stress?45}${stress:180}s
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_banner = $myhostname hardened ESMTP
smtpd_client_connection_rate_limit = 50
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_pipelining
smtpd_discard_ehlo_keywords = silent-discard, etrn, dsn
smtpd_error_sleep_time = ${stress?1}${stress:2}s
smtpd_hard_error_limit = ${stress?5}${stress:10}
smtpd_peername_lookup = yes
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_mynetworks,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_invalid_hostname, reject_unauth_pipelining,
reject_rbl_client dnsbl-1.uceprotect.net, check_policy_service
unix:/var/spool/postfix/postgrey/socket,
check_recipient_access mysql:/etc/postfix/mysql-spamfilter.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-senderaccess.cf
smtpd_sender_restrictions = permit_mynetworks,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_non_fqdn_recipient,
reject_unknown_recipient_domain
smtpd_soft_error_limit = ${stress?2}${stress:5}
smtpd_tls_CAfile = /etc/postfix/certs/postfix.pem
smtpd_tls_cert_file = /etc/postfix/certs/postfix.pem
smtpd_tls_key_file = /etc/postfix/certs/postfix.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
transport_maps = mysql:/etc/postfix/mysql-transport.cf
transport_retry_time = 30
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
[root@mail:/etc/postfix]$ cat mysql-aliases.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select target from dbma_aliases where source like '%s'
[root@mail:/etc/postfix]$ cat mysql-mydestination.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select transport from dbma_mta where mydestination like '%s'
[root@mail:/etc/postfix]$ cat mysql-mynetworks.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
table = dbma_allowed_hosts
select_field = ip
where_field = ip
[root@mail:/etc/postfix]$
[root@mail:/etc/postfix]$ cat mysql-recipients.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select alias from dbma_recipients where alias like '%s'
[root@mail:/etc/postfix]$ cat mysql-rewritedomains.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select target from dbma_rewrite_domains where source like '%d'
[root@mail:/etc/postfix]$ cat mysql-rewritesenders.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select target from dbma_rewrite_senders where source like '%s'
[root@mail:/etc/postfix]$ cat mysql-senderaccess.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select userid from dbmail_users where ((select count(*) from
dbma_mta where mydestination like '%d')
> 0 or (select count(*) from dbma_sender_relay where email like '%s') > 0) and
> user_idnr>3
[root@mail:/etc/postfix]$ cat mysql-sender_relay_hosts_auth.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select concat(username, ':', password) from dbma_sender_relay
where email like '%s'
[root@mail:/etc/postfix]$ cat mysql-sender_relay_hosts.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select transport from dbma_sender_relay where email like '%s'
[root@mail:/etc/postfix]$ cat mysql-spamfilter.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select filter from dbma_spamfilter where domain like '%d'
[root@mail:/etc/postfix]$ cat mysql-transport.cf
user = dbmailro
password = ****
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock
query = select transport from dbma_transports where mydestination like
'%s' or mydestination like '%d' order
by transport desc limit 1;
signature.asc
Description: OpenPGP digital signature
