On 2013-06-19 Wed 10:55 AM |, Stan Hoeppner wrote:
>
> I'm anything but an expert in this particular area of Postfix, but I
> think the problem is that Craig is trying to use virtual_alias_maps when
> he should probably just be using the local aliases file. His Postfix
> hosts a single mail domain IIUC.
To start with at least.
> He's simply wanting to create alias
> addresses presented to the public for each local UNIX mailbox address.
Correct.
> Additionally he wants to reject any inbound mail destined for the actual
> local UNIX addresses, as well as system/role accounts.
Correct again.
> These last two are straightforward. For the first:
>
> /etc/postfix/reject-local-system
>
> jb4...@example.com reject Unknown User
> jb8...@example.com reject Unknown User
> s...@example.com reject Unknown User
> na...@example.com reject Unknown User
> dove...@example.com reject Unknown User
> sq...@example.com reject Unknown User
> post...@example.com reject Unknown User
>
> and use
>
> smtpd_recipient_restrictions
> ...
> check_recipient_access hash:/etc/postfix/reject-local-system
> ...
$ for account in $(cut -d: -f1 /etc/passwd | grep -v master$); \
do \
print "${account}@example.com reject Unknown User" >> \
/etc/postfix/reject-local-system.map; \
done
$ postmap ....
$ postmap -q s...@example.com reject-local-system.map
reject Unknown User
main.cf:
smtpd_recipient_restrictions =
reject_non_fqdn_hostname
reject_invalid_hostname
reject_non_fqdn_sender
....
...
...
check_recipient_access btree:$config_directory/reject-local-system.map
...
..
>
> To satisfy the second:
>
> jb4...@server1.example.com --> reject as unknown
> jb8...@server2.example.com --> reject as unknown
>
> Simply do not put "$myhostname, localhost.$mydomain" in mydestination,
> assuming $myhostname is an FQDN equal to "serverX.example.com". In fact
> there's likely no need to have anything in mydestination other than your
> domain name.
>
main.cf:
mydestination = $mydomain
# no virtual_alias_* stuff
restart postfix and then .... system accounts are still getting mail;-
$ uptime | sendmail post...@example.com
Jun 19 19:12:16 server1 postfix/pickup[2654]: 0776A6753: uid=1097 from=<user1>
Jun 19 19:12:16 server1 postfix/cleanup[8207]: 0776A6753:
message-id=<20130619181216.0776a6...@server1.example.com>
Jun 19 19:12:16 server1 postfix/qmgr[8538]: 0776A6753:
from=<user.n...@example.com>, size=344, nrcpt=1 (queue active)
Jun 19 19:12:16 server1 dovecot: lmtp(9851): Connect from local Jun 19 19:12:16
server1 dovecot: lmtp(9851, postfix): Error: user
_postfix: Initialization failed: Namespace '': mkdir(/var/mail/postfix) failed:
Permission denied (euid=507(postfix) egid=507(postfix) missing +w perm:
/var/mail, dir owned by 0:0 mode=0755)
Jun 19 19:12:16 server1 dovecot: lmtp(9851): Disconnect from local: Client quit
(in reset)
$ uptime | sendmail us...@example.com
Jun 19 19:12:33 server1 postfix/pickup[2654]: C90DB6765: uid=1097 from=<user1>
Jun 19 19:12:33 server1 postfix/cleanup[8207]: C90DB6765:
message-id=<20130619181233.c90db6...@server1.example.com>
Jun 19 19:12:33 server1 postfix/qmgr[8538]: C90DB6765:
from=<user.n...@example.com>, size=344, nrcpt=1 (queue active)
Jun 19 19:12:33 server1 dovecot: lmtp(9851): Connect from local
Jun 19 19:12:33 server1 dovecot: lmtp(9851, user1): w9hyI0r0wVF7JgAANm01jw:
sieve: msgid=<20130619181233.c90db6...@server1.example.com>: stored mail into
mailbox 'INBOX'
My next thought is to remove /etc/passwd from:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
Ideas?
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
