Thanks for the replies. I forgotten some details in my last mail:
Our current configuration looks like this:
[outter-postfix] (MX, Spamfilter, virus scanner ...) <=> [inner-postfix]
(expands the virtual recipients, delivers mails to different internel MTA's)
<=> Exchange Server (holds the user mailboxes)
Am Dienstag, 31. Mai 2011, 16:15:38 schrieb /dev/rob0:
> The "right" solution is to have the recipient address checking
> process also check for the "full mailbox" condition, or better yet,
> use a check_recipient_access lookup which returns a proper reject
> message for these full mailboxes.
We could not figure out right now how to do that with an Exchange Server as
mailstorage.
Maybe someone on this list knows how to setup this correct?
> > Now we want to redirect Bounces, send to an external system to one
> > of our virtual users.
>
> This is broken. Although you're rightly thinking about minimizing
> backscatter, you may be causing loss of real mail.
As we only redirect the mails and don't drop them, and thats only effects
outgoing mail, we would never loose some real mails.
> Please note that what is needed is "postconf -n". It's possible that
> I missed something relevant in all of that, which I did not attempt
> to read.
Done, i have attached a new output to this mail.
> So I guess you are saying it is a virtual ALIAS. Here it failed to be
> delivered as a virtual MAILBOX. If you have receive_override_options
> set with no_address_mappings, you can't deliver to a virtual alias at
> this point.
We don't have this set anywhere, there are no override options, we use virtual
aliases here since a few years, without any problem.
> > As we have only virtual domains on this
> > mailsystem, there is no way to send to a local user.
>
> > receive_override_options =
>
> > smtpd_client_restrictions = permit_mynetworks,
> > permit_sasl_authenticated, reject
>
> (This is not suitable for a MX host.)
>
This is not an MX host, this is just an internal relay.
> > smtpd_data_restrictions =
>
> > smtpd_helo_restrictions =
>
> > smtpd_recipient_restrictions = check_sender_access
> > hash:/etc/postfix/check_bounce_sender, permit_mynetworks,
> > permit_sasl_authenticated, reject_unauth_destination
>
> > smtpd_sender_restrictions = mysql:/etc/postfix/mysql-sender_restrictions.cf
>
> No check_recipient_access lookup exists in the above.
Here the relevant parts from the config and the maps:
/etc/postfix/main.cf:
smtpd_restriction_classes =
check_bounce_recipient
check_bounce_recipient=
check_recipient_access pcre:/etc/postfix/bounce_recipients
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/check_bounce_sender
/etc/postfix/check_bounce_sender:
<> check_bounce_recipient
MAILER-DAEMON@ check_bounce_recipient
/etc/postfix/bounce_recipients:
/(^|\.)boreus\.de$/ DUNNO
/./ REDIRECT [email protected]
> What you are telling us is that virtual_alias_maps were not checked,
> but no evidence to that effect was shown.
~ # postmap -q [email protected] mysql:/etc/postfix/mysql-virtual.cf
[email protected]
> > virtual_mailbox_domains =
> > mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
>
> boreus.de is found here, in virtual_mailbox_domains
>
> > virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
>
> [email protected] is NOT found here.
Thats right, as not every virtual user is in the same system. We have a few
system accounts, used for bounce back mgmt and more, but thats a rare case.
> Go back to the right solution, above. Figure out a way to check for
> and populate a list of addresses with "full" mailboxes. Then consult
> that list as a check_recipient_access lookup.
As we didn't found any informations about doing that in the exchange docs or on
the net, that seems impossible at the moment :(
alias_maps = mysql:/etc/postfix/mysql-aliases.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 20 default_process_limit = 500 home_mailbox = .maildir/ inet_interfaces = all local_destination_concurrency_limit = 5 local_recipient_maps = local_transport = local luser_relay = [email protected] mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 19631488 minimal_backoff_time = 600 mydestination = $myhostname, mysql:/etc/postfix/mysql-mydestination.cf myhostname = mail.boreus.de mynetworks = 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16 80.154.16.8/32 80.154.16.6/32 85.199.64.8/32 195.50.177.8/32 195.50.176.6/32 mynetworks_style = host myorigin = /etc/mailname newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES recipient_delimiter = + relocated_maps = mysql:/etc/postfix/mysql-relocated.cf sample_directory = /usr/share/doc/packages/postfix/samples sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP Boreus Rechenzentrum GmbH smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/check_bounce_sender, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_restriction_classes = check_bounce_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = mysql:/etc/postfix/mysql-sender_restrictions.cf smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/mail.boreus.de-cert.pem smtpd_tls_key_file = /etc/postfix/mail.boreus.de-key.pem smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 450 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf, mysql:/etc/postfix/mysql-virtual-to-local.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf virtual_mailbox_base = / virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf virtual_minimum_uid = 1000 virtual_transport = virtual virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf
signature.asc
Description: This is a digitally signed message part.
