The division of the company I work for was once a separate company that
was acquired a couple of years ago. Since then, we've run the old mail
system in parallel with the new. But now we're looking to deprecate the
old email infrastructure (a handful of exchange servers) with a postfix
mail relay.
The behavior I'm looking for is
* local alias processing (to handle system accounts, etc.)
* rewrite sender/recipient addresses based on LDAP lookup.
* expand local LDAP groups.
* reject messages where the recipient is not a local alias
or rewritten address.
I have the first three of these working.
* I'm using canonical_maps to lookup and rewrite addresses
(e.g. "jconklin" -> "[email protected]")
* I'm using virtual_alias_maps to expand groups:
(e.g. "dl-foo" -> "[email protected]", "[email protected]")
But I'm having trouble with the third. From the reading the
documentation, my understanding is that local_recipient_maps should
handle this, yet I find that messages with recipients without a LDAP
mapping but with a local UNIX account (e.g. the disabled accounts of
former employees) are delivered locally.
I've set local_recipent_maps to $alias_maps, thinking that address
rewriting would be handled by canonical_maps (resulting in mail to
be forwarded to the new domain), but aliases would still have to be
handled locally. I have not change mydestination, thinking that it
would be needed for postfix to handle "local" aliases.
I'm running postfix 2.6.6 on CentOS 6.7. The postfix -n config is:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
canonical_maps = ldap:/etc/postfix/ldap-users.cf,
hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $alias_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = old.example.com
myhostname = smtprelay.old.example.com
mynetworks = $config_directory/mynetworks
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ldap:/etc/postfix/ldap-groups.cf
A log for a message delivery for user "foo" (no LDAP mapping, no
/etc/alias record, local UNIX account) looks like:
Feb 26 10:47:07 smtprelay-eqx-01 postfix/smtpd[23698]: 574EE80940:
client=regr-maa-02.old.example.com[10.16.127.182]
Feb 26 10:47:08 smtprelay-eqx-01 postfix/cleanup[18127]: 574EE80940:
message-id=<[email protected]>
Feb 26 10:47:08 smtprelay postfix/qmgr[7513]: 574EE80940:
from=<[email protected]>, size=3131, nrcpt=1 (queue active)
Feb 26 10:47:08 smtprelay-eqx-01 postfix/local[22751]: 574EE80940:
to=<[email protected]>, relay=local, delay=0.92, delays=0.91/0/0/0,
dsn=2.0.0, status=sent (delivered to mailbox)
Feb 26 10:47:08 smtprelay-eqx-01 postfix/qmgr[7513]: 574EE80940: removed
I'd appreciate any help / explanations why this happens and what I might
change.
Thanks in advance,
--jtc
