Re: Local UNIX accounts, aliasing & rejecting mail to non-public UNIX accounts

Wed, 19 Jun 2013 08:56:41 -0700 

On 6/19/2013 10:16 AM, Wietse Venema wrote:
> Craig R. Skinner:
>> On 2013-06-19 Wed 06:51 AM |, Stan Hoeppner wrote:
>>> On 6/19/2013 6:11 AM, Craig R. Skinner wrote:
>>>
>>> What happens when you try
>>>
>>> mydestination =
>>>
>>
>> That's something I didn't think of trying.
>>
>> Either blank, or with localhost:
>>
>>  status=bounced (User unknown in virtual alias table)
> 
> This suggests that you had the domain name listed in both mydestination
> and in virtual_alias_domains. Now you also need to remove the domain
> name from virtual_alias_domains, in order to make that error go away.
> 
> Until now Postfix will have logged numerous warnings with "do not
> list domain X in both mydestination and virtual_alias_maps" to
> remind you of a configuration error. Maybe it should just abort
> deliveries, that might get people's attention.
> 
>       Wietse

I'm anything but an expert in this particular area of Postfix, but I
think the problem is that Craig is trying to use virtual_alias_maps when
he should probably just be using the local aliases file.  His Postfix
hosts a single mail domain IIUC.  He's simply wanting to create alias
addresses presented to the public for each local UNIX mailbox address.
Additionally he wants to reject any inbound mail destined for the actual
local UNIX addresses, as well as system/role accounts.  These last two
are straightforward.  For the first:

/etc/postfix/reject-local-system

jb4...@example.com      reject Unknown User
jb8...@example.com      reject Unknown User
s...@example.com        reject Unknown User
na...@example.com       reject Unknown User
dove...@example.com     reject Unknown User
sq...@example.com       reject Unknown User
post...@example.com     reject Unknown User

and use

smtpd_recipient_restrictions
    ...
    check_recipient_access hash:/etc/postfix/reject-local-system
    ...

To satisfy the second:

jb4...@server1.example.com --> reject as unknown
jb8...@server2.example.com --> reject as unknown

Simply do not put "$myhostname, localhost.$mydomain" in mydestination,
assuming $myhostname is an FQDN equal to "serverX.example.com".  In fact
there's likely no need to have anything in mydestination other than your
domain name.

-- 
Stan

Reply via email to