Re: where to put domain name that's only it virtual map
On Wed, Jul 14, 2010 at 18:38, Wietse Venema wie...@porcupine.org wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. Wietse Thanks for confirming it. I wasn't clear from the documentation because it seemed the only way to implement this would be to have multiple maps be looked up each time a domain needed to be checked. I just couldn't imagine that happening. BTW, I do think about how things work not in terms of abstract definition, but rather, how steps actually take place. So as I read documentation, I'm always thinking about it that way. It's just who I am. Now I need to rewrite my scripts to create separate maps for the domains. -- sHiFt HaPpEnS!
Re: where to put domain name that's only it virtual map
Phil Howard: [ Charset ISO-8859-1 unsupported, converting... ] On Wed, Jul 14, 2010 at 18:38, Wietse Venema wie...@porcupine.org wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. ?Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. ? ? ? ?Wietse Thanks for confirming it. I wasn't clear from the documentation because it seemed the only way to implement this would be to have multiple maps be looked up each time a domain needed to be checked. What part of the document suggests this? Wietse
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 09:53, Wietse Venema wie...@porcupine.org wrote: Phil Howard: [ Charset ISO-8859-1 unsupported, converting... ] On Wed, Jul 14, 2010 at 18:38, Wietse Venema wie...@porcupine.org wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. ?Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. ? ? ? ?Wietse Thanks for confirming it. I wasn't clear from the documentation because it seemed the only way to implement this would be to have multiple maps be looked up each time a domain needed to be checked. What part of the document suggests this? The part that tells about more than one map for domains. If there is one map for domains of one class, and another map for domains of another class (e.g. virtual_alias_domains, and virtual_mailbox_domains), then to determine how to handle a domain (such as for an arriving message), more than one map would have to be checked in at least some cases (where the domain isn't found in the first that is checked). -- sHiFt HaPpEnS!
Re: where to put domain name that's only it virtual map
Phil Howard: On Thu, Jul 15, 2010 at 09:53, Wietse Venema wie...@porcupine.org wrote: Phil Howard: [ Charset ISO-8859-1 unsupported, converting... ] On Wed, Jul 14, 2010 at 18:38, Wietse Venema wie...@porcupine.org wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. ?Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. ? ? ? ?Wietse Thanks for confirming it. ?I wasn't clear from the documentation because it seemed the only way to implement this would be to have multiple maps be looked up each time a domain needed to be checked. What part of the document suggests this? The part that tells about more than one map for domains. If there is one map for domains of one class, and another map for domains of another class (e.g. virtual_alias_domains, and virtual_mailbox_domains), then to determine how to handle a domain (such as for an arriving message), more than one map would have to be checked in at least some cases (where the domain isn't found in the first that is checked). Postfix will search up to four tables to decide how to handle a recipient address: virtual_alias_domains - rewrite recipient to other domain mydestination - deliver with local(8) virtual_mailbox_domains - deliver with virtual(8) relay_domains - deliver with smtp(8) This could have been done with one table, but that would have broken compatibility with Postfix version 1.1 which already had multiple tables (mydestination and relay_domains). Wietse
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 14:17, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Wed, Jul 14, 2010 at 06:38:17PM -0400, Wietse Venema wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. He mentioned not all witht the same domain, which is not entirely clear. I read it to mean that some of the rewrites are to different local-parts, but with the domain unmodified. In that case, and especially if this is followed by virtual mailbox delivery, the domain is a virtual_mailbox_domain with partial forwarding. If what the phrase meant was that there are multiple target domains into which the original domain is rewritten, but no addresses stay in the original domain, then it is a virtual alias domain. I think this is what it is. This is all documented Phil, please read more carefully, and if not sure what something means, test your understanding in a test configuration that does not handle live mail traffic. Fortunately I have that test machine, now. I've now tried both ways with a limited set of addresses hand coded (not the full set of data). It works exactly the same either way. I'm working on recoding the script that generates the maps. To split the domains between these two maps, it has to look at whether there are real mailboxes for a domain or not. Basically, the mailbox data will dictate what goes in virtual_mailbox_domains. But for virtual_alias_domains, derived from the forwarding data, it has to exclude the domains that have mailboxes. -- sHiFt HaPpEnS!
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 02:45:10PM -0400, Phil Howard wrote: This is all documented Phil, please read more carefully, and if not sure what something means, test your understanding in a test configuration that does not handle live mail traffic. Fortunately I have that test machine, now. I've now tried both ways with a limited set of addresses hand coded (not the full set of data). It works exactly the same either way. I'm working on recoding the script that generates the maps. To split the domains between these two maps, it has to look at whether there are real mailboxes for a domain or not. Basically, the mailbox data will dictate what goes in virtual_mailbox_domains. But for virtual_alias_domains, derived from the forwarding data, it has to exclude the domains that have mailboxes. I am reluctant to recommend an approach where domains automatically morph between virtual mailbox domains and virtual alias domains based on transient surveys for the presence of non-forwarded mailboxes. The distinction between the two address classes should be a *design* decision, that is made or changed by intent rather than circumstance. If you don't know in advance whether a domain may or may not host mailboxes, then assume it will, and virtual mailbox domains for all domains. There is nothing wrong with a virtual mailbox domain, that has no mailboxes yet, so long as the possibility to have them later is a requirement. You are working too hard if you are trying to optimize mailbox domains to alias domains when there are not yet any mailboxes. -- Viktor.
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 15:19, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Thu, Jul 15, 2010 at 02:45:10PM -0400, Phil Howard wrote: This is all documented Phil, please read more carefully, and if not sure what something means, test your understanding in a test configuration that does not handle live mail traffic. Fortunately I have that test machine, now. I've now tried both ways with a limited set of addresses hand coded (not the full set of data). It works exactly the same either way. I'm working on recoding the script that generates the maps. To split the domains between these two maps, it has to look at whether there are real mailboxes for a domain or not. Basically, the mailbox data will dictate what goes in virtual_mailbox_domains. But for virtual_alias_domains, derived from the forwarding data, it has to exclude the domains that have mailboxes. I am reluctant to recommend an approach where domains automatically morph between virtual mailbox domains and virtual alias domains based on transient surveys for the presence of non-forwarded mailboxes. The distinction between the two address classes should be a *design* decision, that is made or changed by intent rather than circumstance. It is a design decision. It's just that the information about it is not recorded in the data the script will be building from. If you don't know in advance whether a domain may or may not host mailboxes, then assume it will, and virtual mailbox domains for all domains. There is nothing wrong with a virtual mailbox domain, that has no mailboxes yet, so long as the possibility to have them later is a requirement. You are working too hard if you are trying to optimize mailbox domains to alias domains when there are not yet any mailboxes. I *know* certain domains will never have mailboxes. However, if things work fine (and they do seem to) by assuming they may have mailboxes some day in the future but just don't, yet, then that really would simplify things. I wasn't trying to do this to optimize ... I have no idea what is optimal in Postfix. Instead, I was trying to be correct without knowing for sure what was correct (initially). Actually, my script would be noticeably slower to separate the domains. It's simpler to put them all in virtual_mailbox_domains by concatenating all the domains from my mailbox password data and all the domains from my forwarding data (which can have domains from both sets) and piping that through sort -u. By correct above, I mean semantically, not methodically. Methodically, it all looks identical (mail comes in, domain lookup is done, it gets OK from virtual_mailbox_domains ... BUT ... virtual_alias_maps rewrites it to something else ... before or after I don't know ... mail goes on to its final destination). A case of unknown user part, this may cause the wrong message. I don't know if I need to be concerned with that, or not. If not, virtual_mailbox_domains should suffice. It's kind of like some web design issues. There's a right way if you listen to the semantic web people, but many ways actually work. The problem is, some of the many ways that work may not do so in the future. Or it's like using undefined aspects of C programming known to always work fine on x86. Maybe they won't in x86_64 or PPC. -- sHiFt HaPpEnS!
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 04:44:00PM -0400, Phil Howard wrote: You are working too hard if you are trying to optimize mailbox domains to alias domains when there are not yet any mailboxes. I *know* certain domains will never have mailboxes. You can make these virtual alias domains, but if you make them virtual mailbox domains with no mailboxes, the difference will be rather small. Instead of the queue manager routing the mail of non-existing users directly to the error transport, they'll be routed to the virtual(8) transport, which will bounce them instead. Since smtpd(8) rejects non-existing users (when not misconfigured), the different internal logic has little practical impact. things work fine (and they do seem to) by assuming they may have mailboxes some day in the future but just don't, yet, then that really would simplify things. If you have a lot of domains to manage, you can make do with virtual mailbox domains as a sensible default. You need separate tables for virtual aliases and virtual mailboxes regardless of which designation you choose, all that changes is the contents of virtual_mailbox_domains vs. virtual_alias_domains. -- Viktor.
Re: where to put domain name that's only it virtual map
On Wed, Jul 14, 2010 at 12:49:11PM -0400, Phil Howard wrote: http://www.postfix.org/postconf.5.html#virtual_mailbox_domains So what if a given domain is, instead, going to have addresses forwarded back out to some other mail server? If without rewriting, that's a relay domain. If addresses are always rewritten to another domain (ala the model of pobox.com), then its a virtual alias domain. Take the time to understand http://www.postfix.org/ADDRESS_CLASS_README.html Or worse, what if a given domain has some users forwarding to an address that is delivered via virtual transport and some other users forwarding to an address that goes elsewhere? Not a problem, virtual aliases are global, pick whichever model is best for any users that are not rewritten to another domain. Or even a user forwarding to two or more addresses in different places. Not a problem: http://www.postfix.org/ADDRESS_REWRITING_README.html http://www.postfix.org/VIRTUAL_README.html -- Viktor.
Re: where to put domain name that's only it virtual map
On Wed, Jul 14, 2010 at 17:08, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Wed, Jul 14, 2010 at 12:49:11PM -0400, Phil Howard wrote: http://www.postfix.org/postconf.5.html#virtual_mailbox_domains So what if a given domain is, instead, going to have addresses forwarded back out to some other mail server? If without rewriting, that's a relay domain. If addresses are always rewritten to another domain (ala the model of pobox.com), then its a virtual alias domain. Take the time to understand There will be a whole new envelope address. That's been rewriting for as long as I have know it. http://www.postfix.org/ADDRESS_CLASS_README.html The domain does not fall into any of these classes. I have pretended it was virtual mailbox, even though it wasn't, listed it as such, anyway, and that did make it work. Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). Or worse, what if a given domain has some users forwarding to an address that is delivered via virtual transport and some other users forwarding to an address that goes elsewhere? Not a problem, virtual aliases are global, pick whichever model is best for any users that are not rewritten to another domain. OK, maybe this is the correct class to put them in, afterall. I'll try it out tomorrow. -- sHiFt HaPpEnS!
Re: where to put domain name that's only it virtual map
Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. Wietse
Re: where to put domain name that's only it virtual map
On 7/14/2010 5:09 PM, Phil Howard wrote: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). A domain where every address will be rewritten to a different domain for delivery is a classic description of a virtual_alias_domain. The different domain need not be a single domain. List the domain in virtual_alias_domains and list the address mappings in virtual_alias_maps. -- Noel Jones
Re: where to put domain name that's only it virtual map
On Monday 12 July 2010 20:53:46 Phil Howard wrote: I've added a domain name which has email addresses that are only in the virtual map. There are no real mailboxes over on Dovecot (via transport) for this one. Attempts to send mail to postmas...@newdomain.example.com gets Relay access denied, so it clearly doesn't recognize the domain (I didn't put it anywhere, so how could it ... depending on the virtual map for that would not get the right error message for bad LHS in that domain). So my question is, which map does it go in if all it is used for is addresses in the virtual map (being forwarded to real mailboxes in another domain). I think you want virtual_mailbox_domains, so in your config /etc/postfix/domains. This is domains for which it is a final destination but delivery is via the virtual transport. http://www.postfix.org/postconf.5.html#virtual_mailbox_domains I didn't check to see if this fits the rest of your config
Re: where to put domain name that's only it virtual map
On Mon, Jul 12, 2010 at 19:02, Wietse Venema wie...@porcupine.org wrote: Phil Howard: virtual_alias_domains already defaults to virtual_alias_maps. But that wasn't working. If you believe it is broken then you must provide the evidence, otherwise you are just spreading false rumors. I'm not saying it is broken. I'm saying it isn't working. But that could be a misunderstanding on my part of how it is supposed to work. I always assume I misunderstand something when I can't get it to work as expected. Maybe my expectations are wrong. Or maybe my methods are wrong. That's why I'm asking, first. That fact that a domain is not being recognized as valid could be caused my many things. But I'd say the most obvious reason is because I have not configured that domain at all. It was a GUESS on my part that the existing of the domain in the virtual_alias_maps would somehow make it known that the domain is OK. But even I recognize that doing something like that would be non-trivial. For example, if incoming mail is to a non-existent users in an existing domain, looking up u...@domain does not gain any knowledge that the domain exists (at this server, somewhere) since the lookup is still going to fail. I have not yet added the domain to virtual_domain_maps since the documentation is adding a confusing element to that. I plan to do a reference test at some point with this and other configuration variations just to determine what that confusing element really means. That confusing element is that specification that virtual_alias_maps is the default value for virtual_domain_maps. http://www.postfix.org/DEBUG_README.html#debugging I'm not debugging Postfix. I'm trying to grasp how to properly set this up. I'm assuming it can be, because it makes sense that someone would do this at some point. Jeroen's response suggests that is a reality, somewhere. But that response only rules out a few alternatives. -- sHiFt HaPpEnS!
Re: where to put domain name that's only it virtual map
On Tue, Jul 13, 2010 at 04:07, Simon Waters sim...@zynet.net wrote: On Monday 12 July 2010 20:53:46 Phil Howard wrote: I've added a domain name which has email addresses that are only in the virtual map. There are no real mailboxes over on Dovecot (via transport) for this one. Attempts to send mail to postmas...@newdomain.example.com gets Relay access denied, so it clearly doesn't recognize the domain (I didn't put it anywhere, so how could it ... depending on the virtual map for that would not get the right error message for bad LHS in that domain). So my question is, which map does it go in if all it is used for is addresses in the virtual map (being forwarded to real mailboxes in another domain). I think you want virtual_mailbox_domains, so in your config /etc/postfix/domains. This is domains for which it is a final destination but delivery is via the virtual transport. http://www.postfix.org/postconf.5.html#virtual_mailbox_domains I didn't check to see if this fits the rest of your config I already have virtual_mailbox_domains listing domains that are destined for virtual_transport = dovecot. The issue was that I'm now dealing with new domains that are not going there. I suppose I could still do that and pretend they are going there ... attempts would fail because no users in the new domains exist there. But what about virtual_alias_domains? What does that really do? It's default value is virtual_alias_map, so it is unclear to me if that is a list of domains or what. -- sHiFt HaPpEnS!
where to put domain name that's only it virtual map
I've added a domain name which has email addresses that are only in the virtual map. There are no real mailboxes over on Dovecot (via transport) for this one. Attempts to send mail to postmas...@newdomain.example.com gets Relay access denied, so it clearly doesn't recognize the domain (I didn't put it anywhere, so how could it ... depending on the virtual map for that would not get the right error message for bad LHS in that domain). So my question is, which map does it go in if all it is used for is addresses in the virtual map (being forwarded to real mailboxes in another domain). I'm doing this on a 2nd test server, for now. Output from postconf -n is here: alias_database = cdb:/etc/postfix/aliases alias_maps = cdb:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix default_destination_concurrency_limit = 2 default_privs = nobody in_flow_delay = 1s inet_protocols = ipv4, ipv6 local_destination_concurrency_limit = 2 mail_owner = postfix message_size_limit = 104857600 mydomain = example.net myhostname = mxx.example.net mynetworks = 127.0.0.0/8, 172.16.0.0/12, [::1]/128, [fcca::]/7, [fe80::]/48 myorigin = $mydomain non_fqdn_reject_code = 404 proxy_interfaces = XXX.YYY.ZZZ.91 queue_directory = /var/spool/postfix recipient_delimiter = + smtp_bind_address = 172.30.0.29 smtp_bind_address6 = fcca::1d smtpd_banner = $myhostname ESMTP #11 Though shalt not spam thy neighbor, nor thy neighbor's wife, nor his ass. smtpd_recipient_restrictions = reject_non_fqdn_recipient permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unlisted_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/dovecot-auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/smtp.example.net.crt smtpd_tls_key_file = /etc/ssl/private/smtp.example.net.key smtpd_tls_security_level = may soft_bounce = yes unknown_local_recipient_reject_code = 450 unverified_recipient_reject_code = 450 virtual_alias_maps = cdb:/etc/postfix/forward virtual_mailbox_domains = cdb:/etc/postfix/domains virtual_mailbox_maps = cdb:/etc/postfix/mailbox virtual_transport = dovecot This is also in main.cf but not shown above: dovecot_destination_recipient_limit = 1 -- Be very glad the Internet was not invented by the Roman Empire Else we might have IP addresses like cxxxi.ccxi.lxxxiv.clxxxvi
Re: where to put domain name that's only it virtual map
On 07/12/2010 09:53 PM, Phil Howard wrote: I've added a domain name which has email addresses that are only in the virtual map. There are no real mailboxes over on Dovecot (via transport) for this one. Attempts to send mail to postmas...@newdomain.example.com gets Relay access denied, so it clearly doesn't recognize the domain (I didn't put it anywhere, so how could it ... depending on the virtual map for that would not get the right error message for bad LHS in that domain). So my question is, which map does it go in if all it is used for is addresses in the virtual map (being forwarded to real mailboxes in another domain). A domain you want to use purely for aliasing should not appear in any other address class. This includes, specifically, mydestination and relay_domains. J.
Re: where to put domain name that's only it virtual map
On Mon, Jul 12, 2010 at 16:25, Jeroen Geilman jer...@adaptr.nl wrote: On 07/12/2010 09:53 PM, Phil Howard wrote: I've added a domain name which has email addresses that are only in the virtual map. There are no real mailboxes over on Dovecot (via transport) for this one. Attempts to send mail to postmas...@newdomain.example.com gets Relay access denied, so it clearly doesn't recognize the domain (I didn't put it anywhere, so how could it ... depending on the virtual map for that would not get the right error message for bad LHS in that domain). So my question is, which map does it go in if all it is used for is addresses in the virtual map (being forwarded to real mailboxes in another domain). A domain you want to use purely for aliasing should not appear in any other address class. This includes, specifically, mydestination and relay_domains. virtual_alias_domains already defaults to virtual_alias_maps. But that wasn't working. -- sHiFt HaPpEnS!
Re: where to put domain name that's only it virtual map
Phil Howard: On Mon, Jul 12, 2010 at 16:25, Jeroen Geilman jer...@adaptr.nl wrote: On 07/12/2010 09:53 PM, Phil Howard wrote: I've added a domain name which has email addresses that are only in the virtual map. There are no real mailboxes over on Dovecot (via transport) for this one. Attempts to send mail to postmas...@newdomain.example.com gets Relay access denied, so it clearly doesn't recognize the domain (I didn't put it anywhere, so how could it ... depending on the virtual map for that would not get the right error message for bad LHS in that domain). ?So my question is, which map does it go in if all it is used for is addresses in the virtual map (being forwarded to real mailboxes in another domain). A domain you want to use purely for aliasing should not appear in any other address class. This includes, specifically, mydestination and relay_domains. virtual_alias_domains already defaults to virtual_alias_maps. But that wasn't working. If you believe it is broken then you must provide the evidence, otherwise you are just spreading false rumors. http://www.postfix.org/DEBUG_README.html#debugging Wietse