Hi,
i have got a strange problem. In short: there is a general mapping
from @example.com to @example.net in the virtual_alias_map.
Both example.{com,net} are virtual mailbox domains.
Virtual_transport is lmtp to a mailbox server, and mailboxes exist
only @example.net.
When there are mailboxes [email protected] and [email protected] and
no other valid mailboxes i would expect that an email to
[email protected] was rejected, because [email protected] gets mapped
to [email protected] and [email protected] is not a valid virtual
mailbox.
More generally: the desirable behaviour would be to reject a recipient
address if, after mapping it to all the final recipients, no valid
local or virtual final recipient exists and also no other transport to
external mail servers is involved.
I have tested this with Postfix versions 2.3.8, 2.5.5, 2.7.1 and 2.9.6
from Debian Etch, Lenny, Squeeze and Wheezy resp. and finally with
2.10.1 from CentOS 7.0.
Emails for invalid recipients in example.com are accepted and bounced
later instead of rejected immediately. None of the documentation
gives a clue as to why this happens.
Emails for invalid addresses in example.net do get rejected.
This is the minimum setup for virtual email domains to see the problem:
main.cf (see below for a complete listing):
--->
virtual_transport = lmtp:imap.example.org:2500
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_maps = hash:/etc/postfix/vmailboxes
virtual_alias_maps = hash:/etc/postfix/virtual
<---
vdomains contents:
--->
example.com
example.net
<---
vmailboxes contents:
--->
[email protected]
[email protected]
<---
virtual contents:
--->
@example.com @example.net
<---
Transcript of a smtp dialog:
--->
~$ telnet mx.example.org 25
Trying 10.0.0.25...
Connected to mx.example.org.
Escape character is '^]'.
220 mx.example.org ESMTP Postfix (Debian/GNU)
helo test
250 mx.example.org
mail from:<[email protected]>
250 2.1.0 Ok
rcpt to:<[email protected]>
250 2.1.5 Ok
quit
221 2.0.0 Bye
Connection closed by foreign host.
<---
Since this is cleary not what you want after you have told Postfix
*everything* it needs to reject these addresses i am bit confused -
and it seems to me that the man pages give the impression that this is
erronous bahaviour...
When i use the address verification mechanism invalid addresses in
example.com get rejected. "verify" correctly probes the
virtual_transport lmtp server for the final recipient(s) and decides
correctly to reject the email if and only if all final recipients do
not exist. Mails get accepted as soon as one valid final recipient
shows up.
So i think that smtpd probably needs some extra configuration - because
it has access to all the information that verify has, so that smtpd
could reject itself in this situation.
Thanks for any advice. Avoiding backscatter here would be a great
achievement.
Andreas
Complete main.cf:
-------------8<-----------------------------------------------
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = mx.example.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mx.example.org, localhost.example.org, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_recipient_restrictions =
reject_invalid_helo_hostname,
reject_unauth_pipelining,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
permit_mynetworks,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination
virtual_transport = lmtp:imap.example.org:2500
virtual_mailbox_domains = /etc/postfix/vdomains
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
