Re: Virtual Domains/ Users

[cacook]

On 10/26/2017 03:36 PM, Ralph Seichter wrote:
> On 26.10.17 23:29, cac...@quantum-equities.com wrote:
>
>> it appears to me that Postfix has evolved organically (Read:
>> disorganized) as have many legacy applications like Apache used to be.
>> The documentation you refer to is there alright, but it's all about
>> bit-twiddling, nothing about concepts and methodologies.
> Postfix ranks among the most structured and easy-to-use software
> packages I have worked with during the last three decades, seeing how
> complex the underlying issues are. The docs do contain "concepts and
> methodologies", but anyone who wants to maintain a production level mail
> server needs a thorough understanding about how email works (including
> how DNS works). It is not Postfix' job to teach fundamentals. You have
> also received a lot of useful information via this mailing list, and
> people here usually get more mileage out less info given.
>
> Frankly, Postfix is not the problem.
>
> -Ralph

I ... know people here have alot invested in Postfix.

Listen, to make things easier for you guys in the future, recommend to
people like me, Modoboa .





0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[Bill Cole]

On 26 Oct 2017, at 22:55 (-0400), Viktor Dukhovni wrote:


You're wrong of course, Postfix has been designed and implemented
with much care.  What we've not done is maintained a free book
along with the software.  Postfix comes with "reference 
documentation",

and topic-specific tutorials:

http://www.postfix.org/documentation.html
http://www.postfix.org/OVERVIEW.html
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/ADDRESS_REWRITING_README.html
...

These seem to do the job for most Postfix users.


I would add:

http://www.postfix.org/ADDRESS_CLASS_README.html
https://tools.ietf.org/html/rfc5598

The latter being critical to understanding what you might need to 
understand about any MTA package.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Paying Work: https://linkedin.com/in/billcole

Re: Virtual Domains/ Users

[Viktor Dukhovni]

> On Oct 26, 2017, at 5:29 PM, cac...@quantum-equities.com wrote:
> 
> I am surprised with this sprawl, in the 21st Century.  In 30 minutes
> I've figured out and implemented DKIM.

DKIM is comparatively simple, it does just one thing.  And yet,
you really should fix your DNS, you may think you have working
DKIM, but it's not much use if your domain is unresolvable from
a large swath of the Internet, because DNSSEC is promised by the
parent zone, but not implemented in the child:

http://dnsviz.net/d/delphi-real-estate.com/dnssec/

$ dig -t mx delphi-real-estate.com @8.8.8.8

; <<>> DiG 9.11.2 <<>> -t mx delphi-real-estate.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47769
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;delphi-real-estate.com.IN  MX

;; Query time: 113 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 26 22:33:36 EDT 2017
;; MSG SIZE  rcvd: 51

An MTA is more like the construction materials for a house and carpentry
tools than like a furnished apartment.  To use a furnished apartment
you just need the keys and and some idea of which closets hold the
towels, dishes, cleaning supplies, ... To use a carpenters toolbox
and materials to build a house a significant investment in training
may be required.

> But it appears to me that Postfix has evolved organically (Read: disorganized)
> as have many legacy applications like Apache used to be.

You're wrong of course, Postfix has been designed and implemented
with much care.  What we've not done is maintained a free book
along with the software.  Postfix comes with "reference documentation",
and topic-specific tutorials:

http://www.postfix.org/documentation.html
http://www.postfix.org/OVERVIEW.html
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/ADDRESS_REWRITING_README.html
...

These seem to do the job for most Postfix users.

> The documentation you refer to is there alright, but it's all about
> bit-twiddling, nothing about concepts and methodologies.

That's what the Postfix book by Patrick and Ralf is for.
Even the Sendmail book is probably a good place to learn
about running a mail system, and the architectural pieces
would be a useful start for understanding Postfix.

The Exim project maintains what is essentially an online book.
So while its code quality, security and delivery performance
don't match Postfix, perhaps the its greater mix of built-in
features and the online "book" mean that you'd be better off
with Exim:

  https://www.exim.org/exim-html-current/doc/html/spec_html/index.html

-- 
Viktor.

Re: Virtual Domains/ Users

[Benny Pedersen]

you dont add all virtual domains to ptr, who are you being misguiden from ? :(


On 26. okt. 2017 21.37.02 cac...@quantum-equities.com wrote:


On 10/26/2017 12:21 PM, cac...@quantum-equities.com wrote:

the whole fact that mail was SENT by thunderbird has nothing to do
with the
fact that you need mail server on quantum-equities.com if you want to
RECEIVE mail for quantum-equities.com.

configure postfix on quantum-equities.com that will have
"quantum-equities.com" in mydestination.

or

configure different MX for quantum-equities.com pointing to other server
that will receive mail for that domain


The server which postfix is running on will be primarily for
qualtum-equities if I ever get it running.  But for the time being
I've set myhostname = mail.delphi-real-estate.com and mydomain =
delphi-real-estate.com .

Also I've modified my zone file to this:

delphi-real-estate.com. 28800 A 72.251.232.102
www                           28800 CNAME delphi-real-estate.com.
@                            28800 MX 10 mail.delphi-real-estate.com.
mail                             28800 A 72.251.232.102
mail.delphi-real-estate.com. TXT "v=spf1 mx a ip4:72.251.232.102/32"
102.232.251.72.in-addr.arpa. 28800 IN PTR mail.delphi-real-estate.com.

Unfortunately though, my registrar removes IN from my PTR record
automatically, and then fails me with "Syntax error".

And sent mail still never arrives.  No comments in maillog.


Just as well, since PTR records are 1:1 to the IP.  And I'll have 3
domains on this server so I can't use PTR.

Anyway, ARPA has not assigned this IP directly to me;  it came with my
cloud instance.

I'll set SPF and DKIM.

Re: Virtual Domains/ Users

[Richard]

> Date: Thursday, October 26, 2017 12:36:37 -0700
> From: cac...@quantum-equities.com
>
> On 10/26/2017 12:21 PM, cac...@quantum-equities.com wrote:
>>> the whole fact that mail was SENT by thunderbird has nothing to do
>>> with the
>>> fact that you need mail server on quantum-equities.com if you
>>> want to RECEIVE mail for quantum-equities.com.
>>> 
>>> configure postfix on quantum-equities.com that will have
>>> "quantum-equities.com" in mydestination.
>>> 
>>> or
>>> 
>>> configure different MX for quantum-equities.com pointing to other
>>> server that will receive mail for that domain
>> 
>> The server which postfix is running on will be primarily for
>> qualtum-equities if I ever get it running.  But for the time being
>> I've set myhostname = mail.delphi-real-estate.com and mydomain =
>> delphi-real-estate.com .
>> 
>> Also I've modified my zone file to this:
>> 
>> delphi-real-estate.com. 28800 A 72.251.232.102
>> www                           28800 CNAME
>> delphi-real-estate.com. @                    
>>        28800 MX 10 mail.delphi-real-estate.com. mail
>>                             28800 A
>> 72.251.232.102 mail.delphi-real-estate.com. TXT "v=spf1 mx a
>> ip4:72.251.232.102/32" 102.232.251.72.in-addr.arpa. 28800 IN PTR
>> mail.delphi-real-estate.com.
>> 
>> Unfortunately though, my registrar removes IN from my PTR record
>> automatically, and then fails me with "Syntax error".
>> 
>> And sent mail still never arrives.  No comments in maillog.
> 
> Just as well, since PTR records are 1:1 to the IP.  And I'll have 3
> domains on this server so I can't use PTR.
> 
> Anyway, ARPA has not assigned this IP directly to me;  it came
> with my cloud instance.
> 
> I'll set SPF and DKIM.
> 

There's no requirement that a mail server be in the same domain as
the domain it's serving mail for. 

Many receiving mail servers will reject connections from sending
servers where the reverse and forward dns entries don't match, and
even more likely if the sending server doesn't have a PTR record. If
you can't get past the HELO, it doesn't much matter if you have SPF
and/or DKIM.

You need to talk with your hosting provider to get them, or the
people upstream from them if they don't control the netblock, to get
the PTR record put in. Without it you will run into unreliable mail
delivery issues.

Re: Virtual Domains/ Users

[Ralph Seichter]

On 26.10.17 23:29, cac...@quantum-equities.com wrote:

> it appears to me that Postfix has evolved organically (Read:
> disorganized) as have many legacy applications like Apache used to be.
> The documentation you refer to is there alright, but it's all about
> bit-twiddling, nothing about concepts and methodologies.

Postfix ranks among the most structured and easy-to-use software
packages I have worked with during the last three decades, seeing how
complex the underlying issues are. The docs do contain "concepts and
methodologies", but anyone who wants to maintain a production level mail
server needs a thorough understanding about how email works (including
how DNS works). It is not Postfix' job to teach fundamentals. You have
also received a lot of useful information via this mailing list, and
people here usually get more mileage out less info given.

Frankly, Postfix is not the problem.

-Ralph

Re: Virtual Domains/ Users

[Larry Stone]

> On Oct 26, 2017, at 16:29, cac...@quantum-equities.com wrote:

> I am surprised with this sprawl, in the 21st Century.  In 30 minutes I've 
> figured out and implemented DKIM.  But it appears to me that Postfix has 
> evolved organically (Read: disorganized) as have many legacy applications 
> like Apache used to be.  The documentation you refer to is there alright, but 
> it's all about bit-twiddling, nothing about concepts and methodologies.  You 
> have to start with the big ideas first, and -then- work your way down, not 
> regard potential admins as unworthy for not knowing the vapors.  So much 
> information that you here take for granted, is simply unsaid in the docs, and 
> I can't swirl up my mind into a vortex and reach out to suck in the knowledge 
> from your brains with telepathy.  
> 
Postfix documentation documents Postfix; it does not attempt to document SMTP 
and assumes the reader has a basic understanding of SMTP. Similarly, your car’s 
owner’s manual documents your car; it does not teach you how to drive and 
Word’s documentation documents Word and does not teach you how to write.

-- Larry Stone
   Sent from my iPad

Re: Virtual Domains/ Users

[cacook]

On 10/26/2017 12:21 PM, cac...@quantum-equities.com wrote:
>> the whole fact that mail was SENT by thunderbird has nothing to do
>> with the
>> fact that you need mail server on quantum-equities.com if you want to
>> RECEIVE mail for quantum-equities.com.
>>
>> configure postfix on quantum-equities.com that will have
>> "quantum-equities.com" in mydestination.
>>
>> or
>>
>> configure different MX for quantum-equities.com pointing to other server
>> that will receive mail for that domain
>
> The server which postfix is running on will be primarily for
> qualtum-equities if I ever get it running.  But for the time being
> I've set myhostname = mail.delphi-real-estate.com and mydomain =
> delphi-real-estate.com .
>
> Also I've modified my zone file to this:
>
> delphi-real-estate.com. 28800 A 72.251.232.102
> www                           28800 CNAME delphi-real-estate.com.
> @                            28800 MX 10 mail.delphi-real-estate.com.
> mail                             28800 A 72.251.232.102
> mail.delphi-real-estate.com. TXT "v=spf1 mx a ip4:72.251.232.102/32"
> 102.232.251.72.in-addr.arpa. 28800 IN PTR mail.delphi-real-estate.com.
>
> Unfortunately though, my registrar removes IN from my PTR record
> automatically, and then fails me with "Syntax error".
>
> And sent mail still never arrives.  No comments in maillog.

Just as well, since PTR records are 1:1 to the IP.  And I'll have 3
domains on this server so I can't use PTR.

Anyway, ARPA has not assigned this IP directly to me;  it came with my
cloud instance.

I'll set SPF and DKIM.




0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[cacook]

> the whole fact that mail was SENT by thunderbird has nothing to do
> with the
> fact that you need mail server on quantum-equities.com if you want to
> RECEIVE mail for quantum-equities.com.
>
> configure postfix on quantum-equities.com that will have
> "quantum-equities.com" in mydestination.
>
> or
>
> configure different MX for quantum-equities.com pointing to other server
> that will receive mail for that domain

The server which postfix is running on will be primarily for
qualtum-equities if I ever get it running.  But for the time being I've
set myhostname = mail.delphi-real-estate.com and mydomain =
delphi-real-estate.com .

Also I've modified my zone file to this:

delphi-real-estate.com. 28800 A 72.251.232.102
www                           28800 CNAME delphi-real-estate.com.
@                            28800 MX 10 mail.delphi-real-estate.com.
mail                             28800 A 72.251.232.102
mail.delphi-real-estate.com. TXT "v=spf1 mx a ip4:72.251.232.102/32"
102.232.251.72.in-addr.arpa. 28800 IN PTR mail.delphi-real-estate.com.

Unfortunately though, my registrar removes IN from my PTR record
automatically, and then fails me with "Syntax error".

And sent mail still never arrives.  No comments in maillog.


0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[Richard]

> Date: Thursday, October 26, 2017 20:00:44 +0200
> From: Matus UHLAR - fantomas 
>
 Here's what delphi-real-estate.com looks like:
 
 www 28800  A   72.251.232.102
 @   28800  MX  10 mail.delphi-real-estate.com.
 
 Do you mean I need to set an A record for delphi-real-estate.com
 ?
> 
>> On 10/26/2017 09:18 AM, Richard wrote:
>>> No, you don't need an A-record for delphi-real-estate.com (for
>>> mail purposes at least) since you have the MX pointing to
>>> mail.delphi-real-estate.com.
>>> 
>>> But you need an A-record for mail.delphi-real-estate.com
>>> (analogous to the A-record you have for www.) otherwise no
>>> sending MTA will be able to reach it.
> 
> On 26.10.17 09:36, cac...@quantum-equities.com wrote:
>> Yes I have my smtp server set to mail.delphi-real-estate.com.
>> 
>> Maybe I have it now.  I've set my zone file so:
>> 
>>  delphi-real-estate.com. 28800 A 72.251.232.102
>>  www                     28800 CNAME 
delphi-real-estate.com.
>>  mail                    28800 A 72.251.232.102 
>>  @           28800 MX
10 mail.delphi-real-estate.com.
>> 
>> Is this correct?
> 
> No.
> 
> He explicitly said "you don't need an A-record for
> delphi-real-estate.com" and "need an A-record for 
> mail.delphi-real-estate.com" - you did not do what was
> needed, you did what was NOT needed.
> 
> there is no "mail.delphi-real-estate.com" so there is nowhere to
> deliver mail for your domain. I wonder other servers accept mail
> for you - many servers don't accept mail from undeliverable
> source addresses

He changed www. from an A-record to a CNAME (pointing to
delphi-real-estate.com), so (now) the A-record for
delphi-real-estate.com is indeed needed/correct.

As you noted in a followup, he did also get the A-record in for mail.

So, the dns records seem to be getting there (except for the lack of
a PTR record for 72.251.232.102), however there appear to be a range
of postfix configuration issues pending.

Re: Virtual Domains/ Users

[Matus UHLAR - fantomas]

On 26.10.17 10:32, cac...@quantum-equities.com wrote:

The test email I'm sending from quantum-equities.com to
delphi-real-estate.com, causes the delphi postfix to try and contact
quantum on port 25, for some reason.


this is the reason:

quantum-equities.com.   300 IN  MX  0 quantum-equities.com.
quantum-equities.com.   300 IN  A   199.127.58.3

(the MX is implicit, so unneeded)


Thing is, there is nothing listening there on 25 as the test email was
sent by Thunderbird.


the whole fact that mail was SENT by thunderbird has nothing to do with the
fact that you need mail server on quantum-equities.com if you want to
RECEIVE mail for quantum-equities.com.

configure postfix on quantum-equities.com that will have
"quantum-equities.com" in mydestination.

or

configure different MX for quantum-equities.com pointing to other server
that will receive mail for that domain
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95

Re: Virtual Domains/ Users

[Matus UHLAR - fantomas]

On 26.10.17 09:36, cac...@quantum-equities.com wrote:

Yes I have my smtp server set to mail.delphi-real-estate.com.

Maybe I have it now.  I've set my zone file so:



        mail                                28800    A    72.251.232.102



Is this correct?


On 26.10.17 20:00, Matus UHLAR - fantomas wrote:

No.


OH! yes, you did. I mised this between other records. Sorry

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !

Re: Virtual Domains/ Users

[Matus UHLAR - fantomas]

Here's what delphi-real-estate.com looks like:

www 28800  A   72.251.232.102
@   28800  MX  10 mail.delphi-real-estate.com.

Do you mean I need to set an A record for delphi-real-estate.com ?



On 10/26/2017 09:18 AM, Richard wrote:

No, you don't need an A-record for delphi-real-estate.com (for mail
purposes at least) since you have the MX pointing to
mail.delphi-real-estate.com.

But you need an A-record for mail.delphi-real-estate.com (analogous
to the A-record you have for www.) otherwise no sending MTA will be
able to reach it.


On 26.10.17 09:36, cac...@quantum-equities.com wrote:

Yes I have my smtp server set to mail.delphi-real-estate.com.

Maybe I have it now.  I've set my zone file so:

        delphi-real-estate.com.    28800    A    72.251.232.102
        www                          28800    CNAME   
delphi-real-estate.com.
        mail                                28800    A    72.251.232.102
        @                               28800    MX    10  
mail.delphi-real-estate.com.


Is this correct?


No.

He explicitly said "you don't need an A-record for delphi-real-estate.com"
and "need an A-record for mail.delphi-real-estate.com"
- you did not do what was needed, you did what was NOT needed.

there is no "mail.delphi-real-estate.com" so there is nowhere to deliver
mail for your domain. I wonder other servers accept mail for you - many
servers don't accept mail from undeliverable source addresses

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.

Re: Virtual Domains/ Users

[cacook]

The test email I'm sending from quantum-equities.com to
delphi-real-estate.com, causes the delphi postfix to try and contact
quantum on port 25, for some reason.

Thing is, there is nothing listening there on 25 as the test email was
sent by Thunderbird.

Oct 26 09:06:33 quantum postfix/smtp[1137]: B56C1814CC4:
to=,
relay=quantum-equities.com[199.127.58.3]:25, delay=194265,
delays=193965/0.04/300/0, dsn=4.4.2, status=deferred (conversation with
quantum-equities.com[199.127.58.3] tim$
Oct 26 09:06:33 quantum postfix/smtp[1145]: 28286814CC6:
to=, orig_to=,
relay=quantum-equities.com[199.127.58.3]:25, delay=106652,
delays=106352/0.05/300/0, dsn=4.4.2, status=deferred (conversation with
quantum-equities.com[1$
Oct 26 09:06:33 quantum postfix/smtp[1140]: B7026814CC5:
to=, orig_to=,
relay=quantum-equities.com[199.127.58.3]:25, delay=194250,
delays=193950/0.06/300/0, dsn=4.4.2, status=deferred (conversation with
quantum-equities.com[1$
Oct 26 09:06:33 quantum postfix/error[1439]: EFEEB82D41D:
to=, relay=none, delay=106668,
delays=106367/300/0/0.01, dsn=4.4.2, status=deferred (delivery
temporarily suspended: conversation with
quantum-equities.com[199.127.58.3] tim$
Oct 26 09:06:33 quantum postfix/error[1440]: 05837814CC2:
to=, orig_to=, relay=none,
delay=82878, delays=82577/300/0/0, dsn=4.4.2, status=deferred (delivery
temporarily suspended: conversation with quantum-equitie$
Oct 26 09:06:33 quantum postfix/smtp[1141]: 9BCCE816087:
to=, orig_to=,
relay=quantum-equities.com[199.127.58.3]:25, delay=253486,
delays=253186/0.06/300/0, dsn=4.4.2, status=deferred (conversation with
quantum-equities.com[1$
Oct 26 09:06:33 quantum postfix/smtp[1133]: B3A15816086:
to=,
relay=quantum-equities.com[199.127.58.3]:25, delay=253501,
delays=253201/0.06/300/0, dsn=4.4.2, status=deferred (conversation with
quantum-equities.com[199.127.58.3] tim$


Docs leave so much unsaid that it's starting to look like I can not get
postfix running.  I've mastered Xen and OpenStack, but maybe this is
beyond me as so much is undocumented and ppl here are so busy.



On 10/26/2017 09:36 AM, cac...@quantum-equities.com wrote:
>
> Thank you Richard.
>
>
> On 10/26/2017 09:18 AM, Richard wrote:
>>
>>> Here's what delphi-real-estate.com looks like:
>>>
>>> www 28800  A   72.251.232.102 
>>> @   28800  MX  10 mail.delphi-real-estate.com.
>>>
>>> Do you mean I need to set an A record for delphi-real-estate.com ?
>> No, you don't need an A-record for delphi-real-estate.com (for mail
>> purposes at least) since you have the MX pointing to
>> mail.delphi-real-estate.com.
>>
>> But you need an A-record for mail.delphi-real-estate.com (analogous
>> to the A-record you have for www.) otherwise no sending MTA will be
>> able to reach it. 
> Yes I have my smtp server set to mail.delphi-real-estate.com.
>
> Maybe I have it now.  I've set my zone file so:
>
>         delphi-real-estate.com.    28800    A    72.251.232.102
>         www                          28800    CNAME   
> delphi-real-estate.com.
>         mail                                28800    A    72.251.232.102
>         @                               28800    MX    10  
> mail.delphi-real-estate.com.
>
>
> Is this correct?
>
> Now when I send a test email, nothing has changed.  It never gets
> there.  No indications in the log. (below)
>
>
> This morning I'm finding in the maillog the following entries. 
> Apparently I am configured to not relay, although I don't know where
> those settings are.
>
>
> Oct 26 09:01:31 quantum dovecot: master: Dovecot v2.2.10 starting up
> for imap (core dumps disabled)
> Oct 26 09:01:33 quantum postfix/postfix-script[1112]: starting the
> Postfix mail system
> Oct 26 09:01:33 quantum postfix/master[1115]: daemon started --
> version 2.10.1, configuration /etc/postfix
> Oct 26 09:01:33 quantum postfix/qmgr[1120]: B3A15816086: from=<>,
> size=4806, nrcpt=1 (queue active)
> Oct 26 09:01:33 quantum postfix/qmgr[1120]: B56C1814CC4: from=<>,
> size=4806, nrcpt=1 (queue active)
> Oct 26 09:01:33 quantum postfix/qmgr[1120]: B7026814CC5:
> from=, size=44601, nrcpt=1 (queue active)
> Oct 26 09:01:33 quantum postfix/qmgr[1120]: 9BCCE816087:
> from=, size=41864, nrcpt=1 (queue active)
> Oct 26 09:01:33 quantum postfix/qmgr[1120]: 28286814CC6:
> from=, size=44601, nrcpt=1 (queue active)
> Oct 26 09:01:33 quantum postfix/qmgr[1120]: EFEEB82D41D: from=<>,
> size=4806, nrcpt=1 (queue active)
> Oct 26 09:01:33 quantum postfix/qmgr[1120]: 05837814CC2:
> from=, size=763, nrcpt=1
> (queue active)
> Oct 26 09:01:39 quantum postfix/smtpd[1386]: warning: hostname
> GE3-0-R1-C-HZ-B.gd.cn.net does not resolve to address 202.96.142.2:
> Name or service not known

Re: Virtual Domains/ Users

[cacook]

Thank you Richard.


On 10/26/2017 09:18 AM, Richard wrote:
>
>> Here's what delphi-real-estate.com looks like:
>>
>> www 28800  A   72.251.232.102 
>> @   28800  MX  10 mail.delphi-real-estate.com.
>>
>> Do you mean I need to set an A record for delphi-real-estate.com ?
> No, you don't need an A-record for delphi-real-estate.com (for mail
> purposes at least) since you have the MX pointing to
> mail.delphi-real-estate.com.
>
> But you need an A-record for mail.delphi-real-estate.com (analogous
> to the A-record you have for www.) otherwise no sending MTA will be
> able to reach it. 
Yes I have my smtp server set to mail.delphi-real-estate.com.

Maybe I have it now.  I've set my zone file so:

        delphi-real-estate.com.    28800    A    72.251.232.102
        www                          28800    CNAME   
delphi-real-estate.com.
        mail                                28800    A    72.251.232.102
        @                               28800    MX    10  
mail.delphi-real-estate.com.


Is this correct?

Now when I send a test email, nothing has changed.  It never gets
there.  No indications in the log. (below)


This morning I'm finding in the maillog the following entries. 
Apparently I am configured to not relay, although I don't know where
those settings are.


Oct 26 09:01:31 quantum dovecot: master: Dovecot v2.2.10 starting up for
imap (core dumps disabled)
Oct 26 09:01:33 quantum postfix/postfix-script[1112]: starting the
Postfix mail system
Oct 26 09:01:33 quantum postfix/master[1115]: daemon started -- version
2.10.1, configuration /etc/postfix
Oct 26 09:01:33 quantum postfix/qmgr[1120]: B3A15816086: from=<>,
size=4806, nrcpt=1 (queue active)
Oct 26 09:01:33 quantum postfix/qmgr[1120]: B56C1814CC4: from=<>,
size=4806, nrcpt=1 (queue active)
Oct 26 09:01:33 quantum postfix/qmgr[1120]: B7026814CC5:
from=, size=44601, nrcpt=1 (queue active)
Oct 26 09:01:33 quantum postfix/qmgr[1120]: 9BCCE816087:
from=, size=41864, nrcpt=1 (queue active)
Oct 26 09:01:33 quantum postfix/qmgr[1120]: 28286814CC6:
from=, size=44601, nrcpt=1 (queue active)
Oct 26 09:01:33 quantum postfix/qmgr[1120]: EFEEB82D41D: from=<>,
size=4806, nrcpt=1 (queue active)
Oct 26 09:01:33 quantum postfix/qmgr[1120]: 05837814CC2:
from=, size=763, nrcpt=1 (queue
active)
Oct 26 09:01:39 quantum postfix/smtpd[1386]: warning: hostname
GE3-0-R1-C-HZ-B.gd.cn.net does not resolve to address 202.96.142.2: Name
or service not known
Oct 26 09:01:39 quantum postfix/smtpd[1386]: connect from
unknown[202.96.142.2]
Oct 26 09:01:45 quantum postfix/smtpd[1386]: lost connection after
CONNECT from unknown[202.96.142.2]
Oct 26 09:01:45 quantum postfix/smtpd[1386]: disconnect from
unknown[202.96.142.2]
Oct 26 09:02:14 quantum postfix/smtpd[1386]: connect from
unknown[45.6.217.6]
Oct 26 09:02:19 quantum postfix/smtpd[1386]: lost connection after
CONNECT from unknown[45.6.217.6]
Oct 26 09:02:19 quantum postfix/smtpd[1386]: disconnect from
unknown[45.6.217.6]
Oct 26 09:02:30 quantum postfix/smtpd[1386]: connect from
unknown[122.226.62.90]
Oct 26 09:02:35 quantum postfix/smtpd[1386]: lost connection after
CONNECT from unknown[122.226.62.90]
Oct 26 09:02:35 quantum postfix/smtpd[1386]: disconnect from
unknown[122.226.62.90]
Oct 26 09:02:41 quantum postfix/smtpd[1386]: connect from
unknown[217.179.206.193]
Oct 26 09:02:47 quantum postfix/smtpd[1386]: NOQUEUE: reject: RCPT from
unknown[217.179.206.193]: 454 4.7.1 : Relay
access denied; from=
to= proto=ESMTP helo=,
relay=quantum-equities.com[199.127.58.3]:25, delay=194265,
delays=193965/0.04/300/0, dsn=4.4.2, status=deferred (conversation with
quantum-equities.com[199.127.58.3] tim$
Oct 26 09:06:33 quantum postfix/smtp[1145]: 28286814CC6:
to=, orig_to=,
relay=quantum-equities.com[199.127.58.3]:25, delay=106652,
delays=106352/0.05/300/0, dsn=4.4.2, status=deferred (conversation with
quantum-equities.com[1$
Oct 26 09:06:33 quantum postfix/smtp[1140]: B7026814CC5:
to=, orig_to=,
relay=quantum-equities.com[199.127.58.3]:25, delay=194250,
delays=193950/0.06/300/0, dsn=4.4.2, status=deferred (conversation with
quantum-equities.com[1$
Oct 26 09:06:33 quantum postfix/error[1439]: EFEEB82D41D:
to=, 

Re: Virtual Domains/ Users

[Richard]

> Date: Thursday, October 26, 2017 08:40:13 -0700
> From: cac...@quantum-equities.com
> To: postfix-users@postfix.org
> 
> On 10/25/2017 12:39 PM, Richard wrote:
>> 
>>> Date: Wednesday, October 25, 2017 11:55:13 -0700
>>> From: cac...@quantum-equities.com
>>> 
>>> Sending an email from a remote machine pretends like it goes out
>>> just fine.  But it never arrives in the server's mail folder. 
>>> Zero goes into maillog, even with systemctl restart postfix.  TLS
>>> is not enabled.
>>> 
>> You have an MX record pointing from delphi-real-estate.com to
>> mail.delphi-real-estate.com
>> 
>>   # dig delphi-real-estate.com mx
>> 
>>   ;; QUESTION SECTION:
>>   ;delphi-real-estate.com.   IN  MX
>> 
>>   ;; ANSWER SECTION:
>>   delphi-real-estate.com. 28800 IN MX  10
>>   mail.delphi-real-estate.com.
>> 
>> but no A record for mail.delphi-real-estate.com. 
>> 
>> You need to get an A-record for mail.delphi-real-estate.com (which
>> will point to its IPnumber) added to the dns entries for your
>> domain at bookmyname.com.
>> 
>> I suspect your test message is sitting on the outgoing mail server
>> you used and you will get delivery warning and failure messages in
>> time.

> My email client finds the smtp server fine and seems to send the
> email successfully.  I can't find it remaining anywhere locally
> except in Sent.

When sending your test message(s) to delphi-real-estate.com, what are
you using for your smtp server, mail.delphi-real-estate.com or
something else?

> 
> I've asked my registrar about this and he says:
> 
>>> There is no example how to set an A record for a mail domain.

>> Hi, For mail you have to use MX not A. So you have to redirect it
>> on canonical address.

While the current practice, this is not technically true:

   > For mail you have to use MX not A

but we won't belabor that point.

> Here's what delphi-real-estate.com looks like:
> 
> www 28800  A   72.251.232.102 
> @   28800  MX  10 mail.delphi-real-estate.com.
> 
> Do you mean I need to set an A record for delphi-real-estate.com ?
> 

No, you don't need an A-record for delphi-real-estate.com (for mail
purposes at least) since you have the MX pointing to
mail.delphi-real-estate.com.

But you need an A-record for mail.delphi-real-estate.com (analogous
to the A-record you have for www.) otherwise no sending MTA will be
able to reach it. 

Re: Virtual Domains/ Users

[cacook]

On 10/25/2017 12:39 PM, Richard wrote:
>
>> Date: Wednesday, October 25, 2017 11:55:13 -0700
>> From: cac...@quantum-equities.com
>>
>> Sending an email from a remote machine pretends like it goes out
>> just fine.  But it never arrives in the server's mail folder. 
>> Zero goes into maillog, even with systemctl restart postfix.  TLS
>> is not enabled.
>>
> You have an MX record pointing from delphi-real-estate.com to
> mail.delphi-real-estate.com
>
>   # dig delphi-real-estate.com mx
>
>   ;; QUESTION SECTION:
>   ;delphi-real-estate.com.IN  MX
>
>   ;; ANSWER SECTION:
>   delphi-real-estate.com. 28800 IN MX  10 mail.delphi-real-estate.com.
>
> but no A record for mail.delphi-real-estate.com. 
>
> You need to get an A-record for mail.delphi-real-estate.com (which
> will point to its IPnumber) added to the dns entries for your domain
> at bookmyname.com.
>
> I suspect your test message is sitting on the outgoing mail server
> you used and you will get delivery warning and failure messages in
> time.
My email client finds the smtp server fine and seems to send the email
successfully.  I can't find it remaining anywhere locally except in Sent.

I've asked my registrar about this and he says:

>> There is no example how to set an A record for a mail domain.
> Hi, For mail you have to use MX not A. So you have to redirect it on
canonical address.


Here's what delphi-real-estate.com looks like:

www 28800  A  72.251.232.102
@   28800  MX 10 mail.delphi-real-estate.com.

Do you mean I need to set an A record for delphi-real-estate.com ?












0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[Richard]

> Date: Wednesday, October 25, 2017 11:55:13 -0700
> From: cac...@quantum-equities.com
> 
> Sending an email from a remote machine pretends like it goes out
> just fine.  But it never arrives in the server's mail folder. 
> Zero goes into maillog, even with systemctl restart postfix.  TLS
> is not enabled.
> 

You have an MX record pointing from delphi-real-estate.com to
mail.delphi-real-estate.com

  # dig delphi-real-estate.com mx

  ;; QUESTION SECTION:
  ;delphi-real-estate.com.  IN  MX

  ;; ANSWER SECTION:
  delphi-real-estate.com. 28800 IN MX  10 mail.delphi-real-estate.com.

but no A record for mail.delphi-real-estate.com. 

You need to get an A-record for mail.delphi-real-estate.com (which
will point to its IPnumber) added to the dns entries for your domain
at bookmyname.com.

I suspect your test message is sitting on the outgoing mail server
you used and you will get delivery warning and failure messages in
time.

Re: Virtual Domains/ Users

[cacook]

On 10/24/2017 10:20 AM, cac...@quantum-equities.com wrote:
>
> On 10/23/2017 11:55 AM, Wietse Venema wrote:
>> cac...@quantum-equities.com:
>>> On 10/21/2017 11:25 AM, Wietse Venema wrote:
 cac...@quantum-equities.com:
> How does DNS know where mail.example1.com is?  Should I set it in
> my registrar, in the mail system, in Apache as a virtual domain,
> or where?
 Normally, someone pays a registrar, so that the payer can configure
 the names of DNS servers that hold DNS records for example1.com.

Wietse
>>> Understand, I do have a registrar for my domains, but there I have
>>> always set ns1.{hoster}.com and ns2.{hoster}.com as the DNS servers.?
>>> (I've always used shared hosting in the past, but now am making my first
>>> hosting cloud instance)
>> In addition to the NS records that name these DNS servers, those
>> servers need to contain records for your domain. You can use the 
>> 'dig' tool to verify that:
>>
>> dig ns example1.com. @8.8.8.8
>> dig mx example.com. @8.8.8.8
>>
>> and so on. This uses Google DNS to show what a remote client would get.
>>
>>  Wietse
> Yes this works.  But all my questions have disappeared.

Sending an email from a remote machine pretends like it goes out just
fine.  But it never arrives in the server's mail folder.  Zero goes into
maillog, even with systemctl restart postfix.  TLS is not enabled.


# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled;
vendor preset: disabled)
   Active: active (running) since Wed 2017-10-25 11:50:18 PDT; 1min 34s ago
  Process: 6944 ExecStop=/usr/sbin/postfix stop (code=exited,
status=0/SUCCESS)
  Process: 6964 ExecStart=/usr/sbin/postfix start (code=exited,
status=0/SUCCESS)
  Process: 6960 ExecStartPre=/usr/libexec/postfix/chroot-update
(code=exited, status=0/SUCCESS)
  Process: 6956 ExecStartPre=/usr/libexec/postfix/aliasesdb
(code=exited, status=0/SUCCESS)
 Main PID: 7037 (master)
   CGroup: /system.slice/postfix.service
   ├─7037 /usr/libexec/postfix/master -w
   ├─7038 pickup -l -t unix -u
   └─7039 qmgr -l -t unix -u

Oct 25 11:50:18 quantum.localdomain systemd[1]: Starting Postfix Mail
Transport Agent...
Oct 25 11:50:18 quantum.localdomain postfix/master[7037]: daemon started
-- version 2.10.1, configuration /etc/postfix
Oct 25 11:50:18 quantum.localdomain systemd[1]: Started Postfix Mail
Transport Agent.


# listen |grep
master
master  7037   root   13u  IPv4 351967  0t0  TCP *:25 (LISTEN)
master  7037   root   14u  IPv6 351968  0t0  TCP *:25 (LISTEN)


# dig ns delphi-real-estate.com. @88.191.249.135

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> ns delphi-real-estate.com.
@88.191.249.135
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35740
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;delphi-real-estate.com.    IN  NS

;; ANSWER SECTION:
delphi-real-estate.com. 28800   IN  NS  nsa.bookmyname.com.
delphi-real-estate.com. 28800   IN  NS  nsc.bookmyname.com.
delphi-real-estate.com. 28800   IN  NS  nsb.bookmyname.com.

;; Query time: 407 msec
;; SERVER: 88.191.249.135#53(88.191.249.135)
;; WHEN: Wed Oct 25 11:10:23 PDT 2017
;; MSG SIZE  rcvd: 116


# dig mx delphi-real-estate.com. @88.191.249.135

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> mx delphi-real-estate.com.
@88.191.249.135
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31336
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;delphi-real-estate.com.    IN  MX

;; ANSWER SECTION:
delphi-real-estate.com. 28800   IN  MX  10
mail.delphi-real-estate.com.

;; Query time: 198 msec
;; SERVER: 88.191.249.135#53(88.191.249.135)
;; WHEN: Wed Oct 25 11:06:16 PDT 2017
;; MSG SIZE  rcvd: 72


0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[cacook]

On 10/23/2017 11:55 AM, Wietse Venema wrote:
> cac...@quantum-equities.com:
>> On 10/21/2017 11:25 AM, Wietse Venema wrote:
>>> cac...@quantum-equities.com:
 How does DNS know where mail.example1.com is?  Should I set it in
 my registrar, in the mail system, in Apache as a virtual domain,
 or where?
>>> Normally, someone pays a registrar, so that the payer can configure
>>> the names of DNS servers that hold DNS records for example1.com.
>>>
>>> Wietse
>> Understand, I do have a registrar for my domains, but there I have
>> always set ns1.{hoster}.com and ns2.{hoster}.com as the DNS servers.?
>> (I've always used shared hosting in the past, but now am making my first
>> hosting cloud instance)
> In addition to the NS records that name these DNS servers, those
> servers need to contain records for your domain. You can use the 
> 'dig' tool to verify that:
>
> dig ns example1.com. @8.8.8.8
> dig mx example.com. @8.8.8.8
>
> and so on. This uses Google DNS to show what a remote client would get.
>
>   Wietse
Yes this works.  But all my questions have disappeared.




0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[Wietse Venema]

cac...@quantum-equities.com:
> 
> On 10/21/2017 11:25 AM, Wietse Venema wrote:
> > cac...@quantum-equities.com:
> >> How does DNS know where mail.example1.com is?  Should I set it in
> >> my registrar, in the mail system, in Apache as a virtual domain,
> >> or where?
> > Normally, someone pays a registrar, so that the payer can configure
> > the names of DNS servers that hold DNS records for example1.com.
> >
> > Wietse
> 
> Understand, I do have a registrar for my domains, but there I have
> always set ns1.{hoster}.com and ns2.{hoster}.com as the DNS servers.?
> (I've always used shared hosting in the past, but now am making my first
> hosting cloud instance)

In addition to the NS records that name these DNS servers, those
servers need to contain records for your domain. You can use the 
'dig' tool to verify that:

dig ns example1.com. @8.8.8.8
dig mx example.com. @8.8.8.8

and so on. This uses Google DNS to show what a remote client would get.

Wietse

Re: Virtual Domains/ Users

[cacook]

On 10/21/2017 11:25 AM, Wietse Venema wrote:
> cac...@quantum-equities.com:
>> How does DNS know where mail.example1.com is?  Should I set it in
>> my registrar, in the mail system, in Apache as a virtual domain,
>> or where?
> Normally, someone pays a registrar, so that the payer can configure
> the names of DNS servers that hold DNS records for example1.com.
>
>   Wietse

Understand, I do have a registrar for my domains, but there I have
always set ns1.{hoster}.com and ns2.{hoster}.com as the DNS servers. 
(I've always used shared hosting in the past, but now am making my first
hosting cloud instance)

I believe that I may now have the solution, and would appreciate
confirmation.

I must run dnsmasq in my cloud hosting instance (the same instance
running Apache for my websites), to accept outside connections on port
53, and set it to reference first /etc/hosts (which correlates my
website domains to the instance's WAN IP) and then fall back to the
normal outside DNS servers for that cloud instance for unknown domains. 

Also in dnsmasq.conf, to respond to MX requests, I must set:
mx-host=example1.com,mail.example1.com,50
mx-host=example2.com,mail.example2.com,50
mx-host=example3.com,mail.example3.com,50

Nothing documents what that Priority number is for, but otherwise correct?


And then I must present port 25 (postfix) to the outside world to
receive SMTP, and port 110 (dovecot) for me to pick up email that's been
stored?

In main.cf, I believe:

myhostname = mail.example1.com
mydomain = example1.com
mydestination = localhost
local_recipient_maps =
mynetworks = ??.??.??.0/24, 127.0.0.0/8    (I don't understand what to
set this to, if I want to pick up mail from several places with varying IPs)
relay_domains =

virtual_mailbox_domains = mail.example1.com mail.example2.com
mail.example3.com
virtual_mailbox_base = /var/spool/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual

mailbox_command =
smtpd_client_restrictions = sleep 5
smtpd_delay_reject = no
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_error_sleep_time = 30
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = no
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_auth_only = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/private/postfix.dh.param
tls_random_source = dev:/dev/urandom
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2
smtpd_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2
tls_high_cipherlist =
kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:$
tls_medium_cipherlist =
kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRS$
smtp_tls_ciphers = high
smtpd_tls_ciphers = high


/etc/postfix/virtual    (hashed to virtual.db):
# Redirect system email so it can be picked up
root    r...@example1.com


/etc/postfix/vmailbox    (hashed to vmailbox.db):
us...@example1.com    example1.com/user1
us...@example1.com    example1.com/user2
us...@example1.com    example1.com/user3
us...@example2.com    example2.com/user1
us...@example2.com    example2.com/user2
us...@example2.com    example2.com/user3
us...@example3.com    example3.com/user1
us...@example3.com    example3.com/user2
us...@example3.com    example3.com/user3
# Don't know whether to use a catchall, from a security perspective.
# If unknown users are bounced, that gives spammers info,
#   but if absorbed to /dev/null could encourage them to send more.


I haven't completely figured out TLS yet, but otherwise above, am I on
the right track?

Also I haven't figured out where to set passwords to -send- email.  It
must be in the vicinity of vmailbox.db.

Thank you Wietse, for Postfix.








0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[Wietse Venema]

cac...@quantum-equities.com:
> How does DNS know where mail.example1.com is?  Should I set it in
> my registrar, in the mail system, in Apache as a virtual domain,
> or where?

Normally, someone pays a registrar, so that the payer can configure
the names of DNS servers that hold DNS records for example1.com.

Wietse

Re: Virtual Domains/ Users

[cacook]

How does DNS know where mail.example1.com is?  Should I set it in my registrar, 
in the mail system, in Apache as a virtual domain, or where?

In /etc/postfix/virtual ( have
    # Redirect system email so it can be picked up
    root    r...@quantum-equities.com

Will this bypass /var/spool/mail/root and send it directly to 
/var/spool/mail/vhosts/ex1.com/root so it can be picked up?

Is setting a group of 'mail' down the /var/spool/mail/vhosts/ line adequate for 
everything to function properly, including pickup through Dovecot?





0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[Noel Jones]

On 10/20/2017 12:42 PM, cac...@quantum-equities.com wrote:
> Thanks Noel and Rob, I may be on the right track now.  Good to know
> I can trust the docs to be current.
> 
> So my three domains with 6 users are completely independent of one
> another;  no aliasing.  Thus I used
> *Non-Postfix mailbox store: separate domains, non-UNIX accounts*
> 
> In main.cf I set mydomain to the main domain, example1.com. 

That's fine.  "mydomain" is the internet domain of your host and not
necessarily a mail destination.

> Should
> that instead be mail.example1.com? 

You can use that as myhostname, which is the internet name of your
computer.

mydestination should  be set empty or set to localhost.

mydestination = localhost

> If so, where else should I set
> mail.example1.com?  In my registrar, or in the mail system,
> example1.com, or nothing?
> 
> And I set virtual_mailbox_domains = example2.com example3.com

You should also list example1.com in virtual_mailbox_domains.

> 
> In /etc/postfix/vmailbox I set:
>     us...@example1.com                ex1.com/user1
>     us...@example1.com    ex1.com/user2
>     r...@example1.com                  ex1.com@root
> 
>     us...@example2.com    ex2.com/user3
>     us...@example2.com    ex2.com/user4
> 
>     us...@example3.com        ex3.com/user5
>     us...@example3.com        ex3.com/user6
> 
> Is this right?  Should $mydomain users be in the vmailbox file?  If
> not, where?
> 
> In /etc/postfix/virtual ( have
>     # Redirect system email so it can be picked up
>     root    r...@quantum-equities.com
> 
> Will this bypass /var/spool/mail/root and send it directly to
> /var/spool/mail/vhosts/ex1.com/root so it can be picked up?
> 
> Am I right that the users in /var/spool/mail/vhosts/ex?/ must be
> text files and not directories (since I don't add / for maildir format)?
> 
> Is setting a group of 'mail' down the /var/spool/mail/vhosts/ line
> adequate for everything to function properly, including pickup
> through Dovecot?
> 
> Man, email ain't suited to the ill or weak of mind or will...
> 
> 
> 

Re: Virtual Domains/ Users

[cacook]

Thanks Noel and Rob, I may be on the right track now.  Good to know I
can trust the docs to be current.

So my three domains with 6 users are completely independent of one
another;  no aliasing.  Thus I used
*Non-Postfix mailbox store: separate domains, non-UNIX accounts*

In main.cf I set mydomain to the main domain, example1.com.  Should that
instead be mail.example1.com?  If so, where else should I set
mail.example1.com?  In my registrar, or in the mail system,
example1.com, or nothing?

And I set virtual_mailbox_domains = example2.com example3.com

In /etc/postfix/vmailbox I set:
    us...@example1.com                ex1.com/user1
    us...@example1.com    ex1.com/user2
    r...@example1.com                  ex1.com@root

    us...@example2.com    ex2.com/user3
    us...@example2.com    ex2.com/user4

    us...@example3.com        ex3.com/user5
    us...@example3.com        ex3.com/user6

Is this right?  Should $mydomain users be in the vmailbox file?  If not,
where?

In /etc/postfix/virtual ( have
    # Redirect system email so it can be picked up
    root    r...@quantum-equities.com

Will this bypass /var/spool/mail/root and send it directly to
/var/spool/mail/vhosts/ex1.com/root so it can be picked up?

Am I right that the users in /var/spool/mail/vhosts/ex?/ must be text
files and not directories (since I don't add / for maildir format)?

Is setting a group of 'mail' down the /var/spool/mail/vhosts/ line
adequate for everything to function properly, including pickup through
Dovecot?

Man, email ain't suited to the ill or weak of mind or will...





0x946C680E.asc
Description: application/pgp-keys

Re: Virtual Domains/ Users

[/dev/rob0]

On Wed, Oct 18, 2017 at 10:42:34AM -0700,
   cac...@quantum-equities.com wrote:
> My mail server will receive mail for 3 domains with 6 users, and 
> the MUA will be on another machine on The Internets.

That is very small.  The simplest choice is to add the second and 
third domains to mydestination.  The drawback of this is that all 
domains share one namespace; u...@example.com is the sane as 
u...@example.net is the same as u...@example.org.

> I'm seeing conflicting info on setting this up.  The simplest 
> recipe is here:
> https://blog.tinned-software.net/setup-postfix-for-multiple-domains/

I won't review third-party blog posts, but strongly recommend against 
using them for anything more than ideas.  Most bloggers are not 
qualified to write Postfix documentation.

> ... but nothing is mentioned about virtual_users nor any changes

What is "virtual_users"?

$ man 5 postconf | grep virtual_users || \
  echo 'Your term does not exist in the postconf(5) manual.'
Your term does not exist in the postconf(5) manual.
$ /usr/sbin/postconf virtual_users
/usr/sbin/postconf: warning: virtual_users: unknown parameter

> to main.cf .  So I'm not sure I trust it.
> 
> Then there's this from Postfix:
> http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox

The VIRTUAL_README has two simple examples.  See also the 
#virtual_alias example.

> A different (and it seems more primitive) paradigm than the 
> former.  Again virtual_users is not mentioned.

And now you know why.

> Seems to me that the first approach is closer to the truth, but 
> it's clearly not complete.  Can anyone advise?

That is to imply that the Postfix documentation is untrue.  Son, 
them's fightin' words around these parts. ;)

Stick with the documentation.  Also look at the 
BASIC_CONFIGURATION_README, and then further through the 
VIRTUAL_README.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Virtual Domains/ Users

[Noel Jones]

On 10/18/2017 12:42 PM, cac...@quantum-equities.com wrote:
> My mail server will receive mail for 3 domains with 6 users, and the
> MUA will be on another machine on The Internet>
> I'm seeing conflicting info on setting this up.  The simplest recipe
> is here:
> https://blog.tinned-software.net/setup-postfix-for-multiple-domains/

The above is a very incomplete example of virtual_alias_domains.
A more complete example is
http://www.postfix.org/VIRTUAL_README.html#virtual_alias

Users in a virtual alias domain are listed in virtual_alias_maps,
and must be rewritten to another domain for delivery, typically a
local domain.

Please see the ADDRESS_CLASS_README for a description of what these
different domain types mean.
http://www.postfix.org/ADDRESS_CLASS_README.html


> 
> ... but nothing is mentioned about virtual_users nor any changes to
> main.cf .  So I'm not sure I trust it.
> 
> Then there's this from Postfix:
> http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox

This is an example of a virtual mailbox domain.  Users for a virtual
mailbox domain are listed in virtual_mailbox_maps.

> 
> A different (and it seems more primitive) paradigm than the former. 
> Again virtual_users is not mentioned.
> 
> Seems to me that the first approach is closer to the truth, but it's
> clearly not complete.  Can anyone advise?


Are your 6 users sharing the 3 domains?  eg. dude@1 is the same
person as dude@2 and dude@3?
If yes, then use virtual_alias_domains.  Set one domain as the real
domain listed in mydestination, and list the other 2 domains in
virtual_alias_domains.  Use virtual_alias_maps to define the virtual
domain users:
dude@2  dude@1
dude@3  dude@1

Where dude@1 is a real user in the 1 domain.

http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/ADDRESS_CLASS_README.html

http://www.postfix.org/documentation.html





  -- Noel Jones