Postfix: relay domain or virtual domain?

[bknorr]

I am in a college/university environment, and thought I had this problem fixed with a couple of lines in a main.cf file .

Some of my users paid for a hosted service, in the past, that would allow a forwarding service for alumni users. They would give alumni a your.name@alumni.university.edu "account" that would forward all messages to a preset other account that the user had. They decided to stop paying for this, and weeks later after services were absent completely, I was approached to come up with a solution that would do this same thing. Arg!

What I came up with was a solution with postfix and virtual domain maps.

I've got my virtual map set up with a few thousand users like so:

Code:

joe.user@alumni.university.edu                  someother.user@job-place.com
another.user@alumni.university.edu           different@anotherdomain.com
bob@alumni.university.edu                          ake2314455@someotherdomain.net
...

My main.cf has some lines that I've setup:

Code:

inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = alumpostfix.mydomain.edu
program_directory = /usr/lib/postfix
#inet_interfaces = localhost
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
#mynetworks_style = subnet
mynetworks = 127.0.0.0/8, xxx.xx.xx.x/24
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
#alias_maps MODIFIED BY BEN
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
myorigin = $myhostname
#LINES ADDED AFTER THIS ARE BY BEN.
inet_interfaces = localhost
recipient_delimiter = +

Some of the lines were just copied/pasted from another postfix box that runs mailman, so perhaps I've got some redundant stuff in this config file that is breaking things.

During testing, I send a message from a different/main email system at the parent domain to a test-user to verify that it will forward. All is gravy and the messages go to where they are supposed to.

I just recently heard from some users that senders to their @alumni.university.edu email addresses are getting bouncebacks with "relay access denied" in the messages. I haven't yet obtained one of these bouncebacks, but looking through /var/log/mail is showing tons of relay denied type of errors. This has me thinking that I misunderstood the whole concept in the beginning, and that my postfix box is asking recipients to relay the original message and they're not willing to do so.

Frequently with projects like this, where I have users that expect a very particular type of functionality, I end up tweaking an existing open source solution and bending it to our need...and in the end the software is doing something it wasn't really intended to do. Now, I suspect that this email forwarding project might be difficult since it sounds like a spam-type operation, and other mailservers might not like it.

So is this something I just have all wrong in my postfix setup, or is this something a relay domain would do better at?

[scathefire]

Postfix will not take mail that it doesn't know how to transport. If your server is only set up for university.edu when someone sends directly alumni.university.edu it will see it as relay attempt.

try adding the domain to the mydestination in your main.cf file, we use mysql to handle our domains, so i may be a bit out of my element. but the basic concept is your mail server needs to know it can accept mail for that domain.

[bknorr]

Based on the POSTFIX doc : Postfix Virtual Domain Hosting Howto , it notes "NEVER list a virtual alias domain name as a mydestination domain!". I haven't put in alumni.university.edu in mydestinations because of this.

If I'm understanding it right (which I definitely might not be!), doesn't my config file with the lines...

Code:

virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual

...tell postfix that the virtual domains to send mail to are the users in my virtual file? I mean, I've got thousands of lines with usera@alumni.university.edu usera@theirdomain.com .... is this enough to satisfy the virtual_alias_domains entry in main.cf ?

[scathefire]

mail servers are one of those enigmatic creatures sometimes. when they work they work in most superior manner, when they don't well... they just plain suck. Let's take a look at some of your logs and see if they shed any light on the subject.

[bknorr]

I thought I had read everything there was to read in the docs related to postfix virtual_alias_domains, but obviously not. I just looked at Postfix manual - virtual(5) , which is built into the SLES10 /etc/postfix/virtual file , and looked at the line regarding the syntax of the first line of the file.

I added this to my virtual file:

Code:

alumni.university.edu                                   anything
postmaster@alumni.university.edu                        postmaster@university.edu
bknorr@alumni.university.edu                            uberbug@otherdomain.com
test123@alumni.university.edu                           nebbbben@somethingelse.com

postmap /etc/postfix/virtual
postfix reload

!

It all works with no more 550 relaying errors now. Meh! Read the documentation. I'll try to remember that next time

[ccolumbu]

Can't you just add .forward files for your users in their home dirs?

[bknorr]

None of these addressed that are being forwarded have any kind of user accounts on the box. I've set it up so this server only functions to forward a few thousand addresses to external domains.