On Tue, Feb 10, 2015 at 04:05:08PM +1100, Carl Brewer wrote: > I'm trying to get my head around how to get virtual aliases to work with my > cyrus setup (NetBSD, postfix 2.11.0).
I'm using 2.11.3 from pkgsrc, and I imagine 2.11.4 will be out soonish. You should upgrade when that happens. > I have realtime address checking using lmtp : > > mailbox_transport = lmtp:unix:/var/imap/socket/lmtp > virtual_transport = lmtp:unix:/var/imap/socket/lmtp This is not "address checking". Rather this is a common configuration for LMTP delivery to IMAP for both system and virtual mailbox users. > and that seems to work just fine for addresses that exist in the cyrus > setup, but ... I have this : > > virtual_alias_maps = hash:/usr/pkg/etc/postfix/virtual That's fine, all recipient addresses go through recursive expansion via this table first. > which only seems to work for email I submit locally. eg : > > Feb 10 15:58:57 postfix/smtpd[3365]: > NOQUEUE: reject: RCPT from mx208.h.outbound.createsend.com[204.75.142.208]: > 450 4.1.1 <[email protected]>: > Recipient address rejected: unverified address: > host rollcage3.bl.echidna.id.au[/var/imap/socket/lmtp] said: > 550-Mailbox unknown. Either there is no mailbox associated with this > 550-name or you do not have authorization to see it. > 550 5.1.1 User unknown (in reply to RCPT TO command); > from=<[email protected]> > to=<[email protected]> proto=ESMTP helo=<mx208.h.outbound.createsend.com> You have recipient address verification configured, and have somehow managed to disable recipient rewriting in the cleanup(8) service used by the verify(8) service. Non-default entries in your master.cf file should tell the whole story. > postconf reports : [ Please DO NOT post "postconf" results again, "postconf -n" reports non-default settings, and don't let cut/paste wrap long lines, report each setting on a single (long) line. ] > lmtp_tls_mandatory_protocols = SSLv3, TLSv1 > smtp_tls_mandatory_protocols = SSLv3, TLSv1 > smtpd_tls_mandatory_protocols = SSLv3, TLSv1 Use the exclusion form: lmtp_tls_mandatory_protocols = !SSLv2 smtp_tls_mandatory_protocols = !SSLv2 smtpd_tls_mandatory_protocols = !SSLv2 > tls_export_cipherlist = ALL:+RC4:@STRENGTH > tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH > tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH > tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH Don't override these, the defaults behave better with OpenSSL 1.0.0 and later. > smtpd_tls_eecdh_grade = none Any particular reason to shun ECDHE? > mail_release_date = 20111924 > mail_version = 2.7.7 I did never knew there were 19 months in a year down-under! These non-default settings are a bad idea. Especially as you say you're running 2.10.0. > smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination > reject_unknown_recipient_domain reject_unverified_recipient Verification probes are not subjected to virtual alias expansion for some reason. -- Viktor.
