[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Mon, Mar 18, 2024 at 12:20:09AM -0700, Glenn Tenney via Postfix-users wrote: > > transport: > > u...@domain.nameerror:5.1.1 purported to not exist > > > > > > Thank you very much. A question please… the above two “solutions” seem to > accomplish very similar tasks: to reject user@domain.example issuing an > error to the sender… but… Yes, quite similar, though not completely identical. > It would seem that the 2nd solution using transport_maps is simpler to > implement, Only if you don't already have any access(5) checks. Either way, you add an entry to a table. The transport(5) approach makes the recipient *undeliverable* even for locally submitted mail, and even after alias expansion, but either way only the *verabatim* recipient address is rejected after SMTP "RCPT TO". > but there may be a variety of reasons to choose one solution > over the other. Mostly a matter of taste, the recipient restrictions are the more common approach, but the transport(5) mapping to "error" is also fine. > Is there some relatively straightforward criteria to consider which of > your two “solutions” is better or more efficient? Neither is noticeably more "efficient", either way a cheap table lookup. > It’s clear that there are going to be multiple ways to accomplish the > same task. Yes, many ways, and overlap with per-address class valid recipient tables, ... (local_recipient_maps, virtual_mailbox_maps, relay_recipient_maps). Which is why just cargo-cult is difficult to specify without the full picture of your entire setup, but that's too much work to take in unless you hire a paid consultant. In your place, I'd have stuck with Sendmail on FreeBSD, while you're learning to use Postfix on some toy machines, reading docs more deeply, ... Another option is a turnkey solution, such as: https://mailinabox.email -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Mon, Mar 18, 2024 at 12:50:18AM -0700, Glenn Tenney via Postfix-users wrote: > On Monday, March 18, 2024, Benny Pedersen via Postfix-users < > > > Victor gave a vierd config :) > > > > postfix must not return any result on non existsing users, so if this > > gives no result user is unknown, with in turn gives postfix user not found, > > to keep things very simple mydestination must only have unix users where @ > > is not auth without realm-domain, when this is in place you can in > > virtual_alias_maps map remote mail recipient to system users mailbox, of > > not all is virtual_domained > > > > > Thanks. I’m hosting several domains: a couple need to accept any user@ > except some that specifically need to be rejected delivering locally; some > domains are more normal, just accept specific users & deliver to some local > user (sometimes using procmail to forward some or save some to files); and > a few domains that will deliver to some-other domain (kinda relay). So only > the first of these need to return a result (reject) specific users. Benny is at times too eager to answer more questions than he can give justice to. Tread with care. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Monday, March 18, 2024, Benny Pedersen via Postfix-users < postfix-users@postfix.org> wrote: > catch all is badly advised, it makes recipient validation impososibe, > don't do it > > define maps with what is wanted, not with what is not wanted, catch-all is > unwanted > I know, but a couple of domains create email addresses at any time with no notice, so I’ve got to “allow all unless a userid has been set to be rejected” for those domains. Glenn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
Glenn Tenney via Postfix-users skrev den 2024-03-18 08:50: Thanks. I’m hosting several domains: a couple need to accept any user@ except some that specifically need to be rejected delivering locally; some domains are more normal, just accept specific users & deliver to some local user (sometimes using procmail to forward some or save some to files); and a few domains that will deliver to some-other domain (kinda relay). So only the first of these need to return a result (reject) specific users. catch all is badly advised, it makes recipient validation impososibe, don't do it define maps with what is wanted, not with what is not wanted, catch-all is unwanted ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Monday, March 18, 2024, Benny Pedersen via Postfix-users < postfix-users@postfix.org> wrote: > Glenn Tenney via Postfix-users skrev den 2024-03-18 03:52: > > My question in one, hopefully simple sentence, is: >> >> In Postfix, how do I configure Postfix such that all email to >> "user@some.domain" will return an error code (e.g. 550 user unknown) >> to bounce that email >> > > Victor gave a vierd config :) > > postfix must not return any result on non existsing users, so if this > gives no result user is unknown, with in turn gives postfix user not found, > to keep things very simple mydestination must only have unix users where @ > is not auth without realm-domain, when this is in place you can in > virtual_alias_maps map remote mail recipient to system users mailbox, of > not all is virtual_domained > Thanks. I’m hosting several domains: a couple need to accept any user@ except some that specifically need to be rejected delivering locally; some domains are more normal, just accept specific users & deliver to some local user (sometimes using procmail to forward some or save some to files); and a few domains that will deliver to some-other domain (kinda relay). So only the first of these need to return a result (reject) specific users. Glenn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
Glenn Tenney via Postfix-users skrev den 2024-03-18 03:52: My question in one, hopefully simple sentence, is: In Postfix, how do I configure Postfix such that all email to "user@some.domain" will return an error code (e.g. 550 user unknown) to bounce that email Victor gave a vierd config :) postfix must not return any result on non existsing users, so if this gives no result user is unknown, with in turn gives postfix user not found, to keep things very simple mydestination must only have unix users where @ is not auth without realm-domain, when this is in place you can in virtual_alias_maps map remote mail recipient to system users mailbox, of not all is virtual_domained so in practices use mydestination: localhost and make virtual all mail for the rest, this fits nicely with dovecot then postmap -q unknown-user hash:/path-to/hash-file if it gives no result, then this user does not exists if unknown-user exists, it should give virtual-user-mailbox-storage-user unsure then show logs if error is there and lastly show postconf -nf on request, i don't need this yet i have succes with postfixadmin so no users is in hash files, but in sqlite mysql postgresql as you see fit and i have no use for system users mailboxes ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Sunday, March 17, 2024, Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > > > - You can reject SMTP recipients via various restriction checks > > > that perform access(5) lookups against tables of your choice. > > > > How can I do it not based on the network or domain name but a specific > > u...@domain.name? > > By putting that address in an access(5) table with "REJECT " as > the RHS. Then add: > > main.cf: > indexed = ${default_database_type}:${config_directory}/ > smtpd_recipient_restrictions = > permit_mynetworks, > reject_unauth_destination, > check_recipient_access ${indexed}rcpt-access > > rcpt-access: > # Postmap after each change > user1@domain.example REJECT 5.1.1 purported to not exist > user2@domain.example REJECT 5.7.1 access denied > ... > … > There is no error(8) table, that's delivery agent. There's a transport > table: > > main.cf: > # See "indexed = ..." above > transport_maps = ${indexed}transport > > transport: > u...@domain.nameerror:5.1.1 purported to not exist > > Thank you very much. A question please… the above two “solutions” seem to accomplish very similar tasks: to reject user@domain.example issuing an error to the sender… but… It would seem that the 2nd solution using transport_maps is simpler to implement, but there may be a variety of reasons to choose one solution over the other. Is there some relatively straightforward criteria to consider which of your two “solutions” is better or more efficient? It’s clear that there are going to be multiple ways to accomplish the same task. Glenn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Sun, Mar 17, 2024 at 09:52:10PM -0700, Glenn Tenney via Postfix-users wrote: > > It is a reserved domain name, (one of many) that you can use internally, > > without clashing with *real domains*. > > Wow. Once you KNOW it's there, you can find out about "local.invalid". > BUT if you didn't know it was there, finding out about "local.invalid" > would be difficult. The entire "invalid" TLD is reserved by IANA, this isn't a Postfix thing. I use it for various internal routing tricks without stepping on real domains. E.g. rewrite some recipients to "discard.invalid" which is routed in my transport(5) to the discard(8) transport. > Based on "local.invalid" knowledge from Viktor, am I correct that > entering the following line in virtual would block that email address? > user@some.domain user@local.invalid No. The opposite. This would definintely accept the mail, which would typically bounce, unless you make it deliverable. As explained, the access(5) and transport(5) tables are available to reject and/or bounce some recipients, while virtual(5) is just for aliasing. > For virtually hosted domains is there any way to "rewrite" any email > address to a specific email? e.g. > @some.domain user@another.domain Just like that. > > - You can reject SMTP recipients via various restriction checks > > that perform access(5) lookups against tables of your choice. > > How can I do it not based on the network or domain name but a specific > u...@domain.name? By putting that address in an access(5) table with "REJECT " as the RHS. Then add: main.cf: indexed = ${default_database_type}:${config_directory}/ smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access ${indexed}rcpt-access rcpt-access: # Postmap after each change user1@domain.example REJECT 5.1.1 purported to not exist user2@domain.example REJECT 5.7.1 access denied ... > > - You can route some recipients to the error(8) transport, and > > this will also lead them to be rejected at SMTP time. > > I DID look it up. How do I do this? I don't see a way to use error(8) > table to do it. There is no error(8) table, that's delivery agent. There's a transport table: main.cf: # See "indexed = ..." above transport_maps = ${indexed}transport transport: u...@domain.nameerror:5.1.1 purported to not exist > > No, it also supports user@domain. > > it sure would be nice if that was in that man page! It is. Look under "TABLE SEARCH ORDER". > > > ACCESS seems to allow only a domain name or IP (again, without a > > > user@) on the LHS. This doesn't seem to apply to my query. > > > > No, it also supports user@domain. > > it sure would be nice if that was in that man page! It is. Look under "EMAIL ADDRESS PATTERNS". > > By mapping a user to the error transport. > > Oh, PLEASE... just tell me how to map a user to the error transport... By adding an entry to the transport(5) table, see above. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
Monday, March 18, 2024, 3:01:11 PM, Glenn Tenney via Postfix-users wrote: > On Sun, Mar 17, 2024 at 8:05 PM Phil Biggs via Postfix-users > wrote: >> Not sure about the rest of your requirements but perhaps >> >> smtpd_recipient_restrictions = reject_unverified_recipient >> https://www.postfix.org/ADDRESS_VERIFICATION_README.html > I don't think I can do that because I host a couple of domains that > require any email address, except specific ones that have been > blocked, to work. i.e. for better or worse, some domains I'm hosting > just create an email address without any warning. > Glenn > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org Fair enough. Sorry for the noise. -- Cheers, Phil ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Sun, Mar 17, 2024 at 8:49 PM Viktor Dukhovni via Postfix-users wrote: > > > Add "local.invalid local" to the transport(5) table, and rewrite > > > anything that needs local(8) delivery to mailbox@local.invalid. > > > > I honestly re-read the above sentence several times and have no clue > > what it means nor why to do it. "local.invalid" is not something I've > > come across. > > It is a reserved domain name, (one of many) that you can use internally, > without clashing with *real domains*. Wow. Once you KNOW it's there, you can find out about "local.invalid". BUT if you didn't know it was there, finding out about "local.invalid" would be difficult. > But you're looking at the problem from the wrong end, just asking for > magic recipes whose quality you cannot assess, because you've not > studied the available mechanisms. The more productive approach is > to take the time to understand all of > > OVERVIEW > ADDRESS_REWRITING_README > VIRTUAL_README In an ideal world, you'd be correct. I'd spend the next month understanding Postfix from the inside out... Alas I've got to get this new machine up and emails switched over by this Friday and I *AM* looking for direct, simple "DO THIS" for: What files / configs do I need to set up so that I can generate a list of virtual and local email addresses to be blocked? Based on "local.invalid" knowledge from Viktor, am I correct that entering the following line in virtual would block that email address? user@some.domain user@local.invalid > See the access control docs, but also note that: > > - In a virtual alias domain (if you configure any), all names not > mapped to some recipient in another domain are rejected. For virtually hosted domains is there any way to "rewrite" any email address to a specific email? e.g. @some.doamin user@another.domain I know, not ideal but I need it. > - You can reject SMTP recipients via various restriction checks > that perform access(5) lookups against tables of your choice. How can I do it not based on the network or domain name but a specific u...@domain.name? > - You can route some recipients to the error(8) transport, and > this will also lead them to be rejected at SMTP time. I DID look it up. How do I do this? I don't see a way to use error(8) table to do it. > > If I have many lines in virtual mapping several email addresses for a > > hosted domain, then is it automatic that every other email address > > (not listed there) will be rejected? > > Only for virtual alias domains, for other domains, you may need > a separate valid recipient table, see: > > https://www.postfix.org/ADDRESS_CLASS_README.html > Because you're looking to cargo-cult recipes, in lieu of understanding > the facilities at your disposal. The Sendmail virtuser table is an > amalgam of many features, which in Postfix are handled at different > layers, by separate tables. I am recommending understanding over > parroting. Perhaps someone else can help with parroting... :-( As I said, I just don't have the time to understand all of the facilities at my disposal. I truly just need cargo-cult recipes. Sorry, but it's a fact of life for me today. > The transport resolves a recipient to a delivery agent and nexthop. > The error(8) delivery agent is special, and recipients that route > there are also rejected during SMTP input, not just after queueing > (which would be a bounce). The access(5) table syntax is used in > various SMTP "restrictions", see: > > https://www.postfix.org/SMTPD_ACCESS_README.html#lists > > > TRANSPORT seems to allow only a domain name without a user@ portion on > > the LHS. This doesn't seem to apply to my query. > > No, it also supports user@domain. it sure would be nice if that was in that man page! > > ACCESS seems to allow only a domain name or IP (again, without a > > user@) on the LHS. This doesn't seem to apply to my query. > > No, it also supports user@domain. it sure would be nice if that was in that man page! > > As for ERROR, ok... it's a delivery agent that will return an error > > code (e.g. to bounce the incoming message), but.. how do I get > > "user@some.domain" to be delivered to the "error" agent? > > By mapping a user to the error transport. Oh, PLEASE... just tell me how to map a user to the error transport... PLEASE ANYONE... I need some examples to do these things. This is not a business, and I've got very little time left to set this dang new system up for family and friends. > > In Postfix, how do I configure Postfix such that all email to > > "user@some.domain" will return an error code (e.g. 550 user unknown) > > to bounce that email > > Reject is always better than "bounce". The anwer is to use > "check_recipient_access" against a suitable access(5) table of your > choice. But, you can also bounce if the recipient is submitted locally > or results from a rewrite, and for that you need the
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Sun, Mar 17, 2024 at 8:05 PM Phil Biggs via Postfix-users wrote: > Not sure about the rest of your requirements but perhaps > > smtpd_recipient_restrictions = reject_unverified_recipient > https://www.postfix.org/ADDRESS_VERIFICATION_README.html I don't think I can do that because I host a couple of domains that require any email address, except specific ones that have been blocked, to work. i.e. for better or worse, some domains I'm hosting just create an email address without any warning. Glenn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Sun, Mar 17, 2024 at 04:28:00PM -0700, Glenn Tenney via Postfix-users wrote: > Are you saying that if I want "username1" at my local domain to be > delivered to "user2" at my local domain, that that should be in the > virtual table and not in aliases? That's a 1-to-1 rewrite, not a > 1-to-many. 1-to-many includes 1-to-1 as a special case. And it does not matter whether the domain is "local" or not, virtual(5) rewrites all recipient addresses as each message is received. https://www.postfix.org/OVERVIEW.html https://www.postfix.org/ADDRESS_REWRITING_README.html > I had thought that 1-to-many (e.g. email address "adiscussion" to be > send to user a, user b, & user c) would be done in alises. The virtual(5) table is an alias table, one that is used as messages are received, before they enter the active queue, and are resolved to a delivery transport. See: https://www.postfix.org/ADDRESS_REWRITING_README.html > But you're saying that 1-to-many should be done in virtual, but that > "lists" would be in aliases. That's very very confusing to me as > simple lists (without a listserver) would've seemed to be done via > aliases. No, only lists that need an owner-alias or use ":include:" syntax. These are lists with a dynamic or large subscriber count, or that forward out to remote recipients, and have a list owner-address, ... > > Add "local.invalid local" to the transport(5) table, and rewrite > > anything that needs local(8) delivery to mailbox@local.invalid. > > I honestly re-read the above sentence several times and have no clue > what it means nor why to do it. "local.invalid" is not something I've > come across. It is a reserved domain name, (one of many) that you can use internally, without clashing with *real domains*. > In my reading previously, I had not come across "the transport(5) > table" so, again, that'll take a while to understand. See the OVERVIEW documentation, and read Patrick and Ralf's book. The transport(5) table maps (mostly domains, but also optionally user@domain) to a transport and optional nexthop. > > The syntax of virtual(5) is documented in that manpage. > > There is NOTHING in there that I could find about how to say > "user@somehosted.domain is to be rejected". Precisely, so you can't use it to reject mail. That's what access(5) is for, though transport(5) can also do that, by mapping some addresses to the "error" transport, which will also cause bounces when mail is submitted locally, while access(5) is only used to reject SMTP recipients. See: https://www.postfix.org/SMTPD_ACCESS_README.html > Since that's what I've got > in my sample "virtusertable" and in my comments, that is a specific > need that I could not locate in postfix documentation of how to do it. But you're looking at the problem from the wrong end, just asking for magic recipes whose quality you cannot assess, because you've not studied the available mechanisms. The more productive approach is to take the time to understand all of OVERVIEW ADDRESS_REWRITING_README VIRTUAL_README > e.g. searching for the word "reject" or "error" is postfix.org is not > helpful. Hence this query email. Once again, I thought that my > situation and query was quite clear. Start at: https://www.postfix.org/documentation.html Read the various relevant tutorials. > > This is not a rewrite, and so goes into the transport(5) table (also > > see error(8)). > > It was not at all clear that "virtual" is used to rewrite only. Linked from virtual(5): The main applications of virtual aliasing are: (https://www.postfix.org/ADDRESS_REWRITING_README.html#virtual) o To redirect mail for one address to one or more addresses. o To implement virtual alias domains where all addresses are aliased to addresses in other domains. > And as I said, there wasn't any clear "pointer" (i.e. no clue) of how > in postfix to designate some email address to be rejected. Start at documentation.html, then the sections under "SMTP Relay/access control", and some of the ones that look relevant under "General configuration" and any other sections. > > See above, but transport and access(5) table entries don't use a leading > > "@". > > My "comment" above from my virtusertable is: block all other email of > a hosted domain, so again I thought that my query of what I wanted to > do but did not know how to do it was clear... See the access control docs, but also note that: - In a virtual alias domain (if you configure any), all names not mapped to some recipient in another domain are rejected. - You can reject SMTP recipients via various restriction checks that perform access(5) lookups against tables of your choice. - You can route some recipients to the error(8) transport, and this will also lead them to be rejected at SMTP time. > If I have many lines in virtual mapping several email addresses for a >
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Mon, Mar 18, 2024 at 02:04:55PM +1100, Phil Biggs via Postfix-users wrote: > Monday, March 18, 2024, 1:52:46 PM, Glenn Tenney via Postfix-users wrote: > Not sure about the rest of your requirements but perhaps > > smtpd_recipient_restrictions = reject_unverified_recipient > > https://www.postfix.org/ADDRESS_VERIFICATION_README.html > NO, there's no need for that. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
Monday, March 18, 2024, 1:52:46 PM, Glenn Tenney via Postfix-users wrote: > My question in one, hopefully simple sentence, is: > In Postfix, how do I configure Postfix such that all email to > "user@some.domain" will return an error code (e.g. 550 user unknown) > to bounce that email > Glenn > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org Not sure about the rest of your requirements but perhaps smtpd_recipient_restrictions = reject_unverified_recipient https://www.postfix.org/ADDRESS_VERIFICATION_README.html -- Cheers, Phil ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Sun, Mar 17, 2024 at 3:40 PM Viktor Dukhovni via Postfix-users wrote: > My general advice is to use aliases(5) very sparingly, just for lists > that require an "owner-" or ":include:" lists. All other rewrites > should be via virtual(5), and perhaps even keep $mydestination empty! > > Add "local.invalid local" to the transport(5) table, and rewrite > anything that needs local(8) delivery to mailbox@local.invalid. ... > > # just wanting to block email to a local user > > user1@mylocal.domainerror:nouser 550 No such user here now or > > ever > > This is not a rewrite, and so goes into the transport(5) table (also > see error(8)). > > user1@mylocal.domainerror:5.1.1 No such user here now or ever > > and/or an acess(5) table referenced in your recipient restrictions: ... > > # block all email to a specific user at a hosted domain > > user2@hosted1.domainerror:nouser 550 Getting too much spam > > See above. ... > > # send all email for a hosted domain to some other email somewhere > > @somehosted3.domain someuser@someother.domain ... > Once you what virtual(5) does (rewrite an input envelope recipient > address to one or more recipient addresses), your questions are > answered. Similar advice for transport(5), (various) access(5), ... > tables. I've read through the man pages for transport, access, and error and I do not see anything in any of them that would do anything that would take a receipient and reject it -- which is basically what all of the above comes down to. TRANSPORT seems to allow only a domain name without a user@ portion on the LHS. This doesn't seem to apply to my query. ACCESS seems to allow only a domain name or IP (again, without a user@) on the LHS. This doesn't seem to apply to my query. As for ERROR, ok... it's a delivery agent that will return an error code (e.g. to bounce the incoming message), but.. how do I get "user@some.domain" to be delivered to the "error" agent? My question in one, hopefully simple sentence, is: In Postfix, how do I configure Postfix such that all email to "user@some.domain" will return an error code (e.g. 550 user unknown) to bounce that email Glenn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Sun, Mar 17, 2024 at 3:40 PM Viktor Dukhovni via Postfix-users wrote: > > Question 1: Am I correct that all (or most) of this be done with a > > virtual_alias_maps table (i.e. hash:/usr/local/etc/postfix/virtual)? > > If not, then: HOW? > > Most of what? You need to be specific, it's been some decades since > many of us have looked at Sendmail. Much depends on what sort of > mappings you're looking to emulate. "most of what" is in the text I included below my questions. I thought that would have been very clear. That's why I included both comments/queries and examples. > For 1-to-many recipient rewrites, the best vehicle is indeed virtual(5), > but if you also use local aliases(5), and $myorigin is listed in > $mydestination, then you need to be sure that any RHS recipients in > in aliases(5) that require virtual(5) rewriting are qualified with > a domain that is not listed in $mydestination. Otherwise, local(8) > will deliver these directly, despite any virtual(5) overrides. > > My general advice is to use aliases(5) very sparingly, just for lists > that require an "owner-" or ":include:" lists. All other rewrites > should be via virtual(5), and perhaps even keep $mydestination empty! It'll take several re-readings to fully understand your above two paragraphs. After only 3-5 re-readings, the first paragraph is just opaque to me. Are you saying that if I want "username1" at my local domain to be delivered to "user2" at my local domain, that that should be in the virtual table and not in aliases? That's a 1-to-1 rewrite, not a 1-to-many. I had thought that 1-to-many (e.g. email address "adiscussion" to be send to user a, user b, & user c) would be done in alises. But you're saying that 1-to-many should be done in virtual, but that "lists" would be in aliases. That's very very confusing to me as simple lists (without a listserver) would've seemed to be done via aliases. > Add "local.invalid local" to the transport(5) table, and rewrite > anything that needs local(8) delivery to mailbox@local.invalid. I honestly re-read the above sentence several times and have no clue what it means nor why to do it. "local.invalid" is not something I've come across. In my reading previously, I had not come across "the transport(5) table" so, again, that'll take a while to understand. > > Question set 2: Here's an excerpt (sanitized) of my "virtusertable". > > Does this just go into my hash:/usr/local/etc/postfix/virtual as-is? > > or what? > > The syntax of virtual(5) is documented in that manpage. There is NOTHING in there that I could find about how to say "user@somehosted.domain is to be rejected". Since that's what I've got in my sample "virtusertable" and in my comments, that is a specific need that I could not locate in postfix documentation of how to do it. e.g. searching for the word "reject" or "error" is postfix.org is not helpful. Hence this query email. Once again, I thought that my situation and query was quite clear. > > > Am I correct that this table needs to have all specific user > > entries for a domain appear before the "@domain" entry for all other > > users at that domain? > > Entry order does not matter for source files of indexed tables (hash, > btree, cdb). > > > # should this be an alias? (I don't recall how/why/when it ended up in > > my virtusertable) > > auser@mylocal.domainanotheruser@mylocal.domain > > This is a fine entry for virtual(5) aliases. > > > # do all of the other entries just go into > > hash:/usr/local/etc/postfix/virtual ??? > > Well, they go into the source file, the "postmap" command then > builds the hash table. See postmap(1) for details yes, of course! I was listing it as "hash:/usr/local/etc/postfix/virtual" to try to indicate (a) I understood I have to postmap it after changing the file and (b) which file I need to edit. > > # just wanting to block email to a local user > > user1@mylocal.domainerror:nouser 550 No such user here now or > > ever > > This is not a rewrite, and so goes into the transport(5) table (also > see error(8)). It was not at all clear that "virtual" is used to rewrite only. And as I said, there wasn't any clear "pointer" (i.e. no clue) of how in postfix to designate some email address to be rejected. > user1@mylocal.domainerror:5.1.1 No such user here now or ever > > and/or an acess(5) table referenced in your recipient restrictions: > > user1@mylocal.domainREJECT 5.1.1 ... > > > # send all other email of mylocal.domain to a specific user here > > @mylocal.domain another2user@mylocal.domain > > Wildcard rewrites are supported, but strongly discouraged. I definitely need to use wildcards for some domains so that email addresses can be created at will without prior knowledge / editing of postfix files. > > # block all email to a specific user at a hosted domain > > user2@hosted1.domainerror:nouser 550 Getting too much spam > > See above. > >
[pfx] Re: Help please on converting SENDMAIL VIRTUSERTABLE to postfix
On Sun, Mar 17, 2024 at 01:22:29PM -0700, Glenn Tenney via Postfix-users wrote: > I have to convert all of my "virtusertable" entries over to postfix. > I've read through > https://www.postfix.org/VIRTUAL_README.html & > https://www.postfix.org/postconf.5.html & > https://www.postfix.org/virtual.5.html and my questions aren't > resolved... > > Question 1: Am I correct that all (or most) of this be done with a > virtual_alias_maps table (i.e. hash:/usr/local/etc/postfix/virtual)? > If not, then: HOW? Most of what? You need to be specific, it's been some decades since many of us have looked at Sendmail. Much depends on what sort of mappings you're looking to emulate. For 1-to-many recipient rewrites, the best vehicle is indeed virtual(5), but if you also use local aliases(5), and $myorigin is listed in $mydestination, then you need to be sure that any RHS recipients in in aliases(5) that require virtual(5) rewriting are qualified with a domain that is not listed in $mydestination. Otherwise, local(8) will deliver these directly, despite any virtual(5) overrides. My general advice is to use aliases(5) very sparingly, just for lists that require an "owner-" or ":include:" lists. All other rewrites should be via virtual(5), and perhaps even keep $mydestination empty! Add "local.invalid local" to the transport(5) table, and rewrite anything that needs local(8) delivery to mailbox@local.invalid. > Question set 2: Here's an excerpt (sanitized) of my "virtusertable". > Does this just go into my hash:/usr/local/etc/postfix/virtual as-is? > or what? The syntax of virtual(5) is documented in that manpage. > Am I correct that this table needs to have all specific user > entries for a domain appear before the "@domain" entry for all other > users at that domain? Entry order does not matter for source files of indexed tables (hash, btree, cdb). > # should this be an alias? (I don't recall how/why/when it ended up in > my virtusertable) > auser@mylocal.domainanotheruser@mylocal.domain This is a fine entry for virtual(5) aliases. > # do all of the other entries just go into > hash:/usr/local/etc/postfix/virtual ??? Well, they go into the source file, the "postmap" command then builds the hash table. See postmap(1) for details. > # just wanting to block email to a local user > user1@mylocal.domainerror:nouser 550 No such user here now or ever This is not a rewrite, and so goes into the transport(5) table (also see error(8)). user1@mylocal.domainerror:5.1.1 No such user here now or ever and/or an acess(5) table referenced in your recipient restrictions: user1@mylocal.domainREJECT 5.1.1 ... > # send all other email of mylocal.domain to a specific user here > @mylocal.domain another2user@mylocal.domain Wildcard rewrites are supported, but strongly discouraged. > # block all email to a specific user at a hosted domain > user2@hosted1.domainerror:nouser 550 Getting too much spam See above. > # send all email to a specific user at a hosted domain to a user at > the local domain > user3@hosted1.domainsomeuser@mylocal.domain Fine, the domin is irrelevant. > # block all other email of a hosted domain > @hosted1.domainerror:nouser 550 Getting too much > spam userid changed See above, but transport and access(5) table entries don't use a leading "@". > # send all email for a hosted domain to some other email somewhere > @somehosted3.domain someuser@someother.domain See above. Overall, read (and if unclear ask) about the functionality and syntax of various Postfix features, rather than whether some random Sendmail syntax does or does not translate directly to virtual(5). Once you what virtual(5) does (rewrite an input envelope recipient address to one or more recipient addresses), your questions are answered. Similar advice for transport(5), (various) access(5), ... tables. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org