1 (edited by harro.verton 2014-11-19 07:18:46)

Topic: relay domains with local mailboxes

==== Required information ====
- iRedMail Pro version: 1.8.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 6.5
- Related log if you're reporting an issue:
====

I've got (I think) quite a complex setup that I can't seem to get my head around. Let me try to describe the setup:

Our incoming mail server is the iRedMail box, it serves 23 domains at the moment. Most of these domains have "service" mailboxes, i.e. imap boxes that need to be accessed by applications, not by humans. Some of the "human" mailboxes are hosted on the iRedMail server as well, some on secondary mailservers (for example office365 or GoogleApps).

So for every incoming email iRedMail needs to check:
1) do I have a local mailbox for it, and if so, deliver locally, process any forward defined
2) do I have an email address defined with a relay, if so, relay the mail to the defined secondairy server
3) no local mailbox, do I have a domain relay defined? If so, relay to the defined secondairy server
4) out of options, bounce with "user not found"

Now, 1, 2 and 4 can be implemented out of the box, but I'm struggling with 3.

I can define a relay at domain level, but that implements the BackupMX feature. If I check "Relay without verifying local recipients" the relay works, but 1 and 2 no longer works, all defined local email addresses are ignored. If I uncheck "Relay without verifying local recipients", 1 and 2 work, but unknown local users for that domain are not relayed, but bounced.

So, how can I convince postfix to use the domain relay definition ONLY if no local address could be matched?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: relay domains with local mailboxes

You can try this:

*) Add one more account under domain, e.g. catchall@ (just an example, it can be any address)
*) Set per-user relay for catchall@ to relay to your other mail servers. e.g. smtp:[xxx.xxx.xxx.xxx]:25
*) Set per-domain catch-all account to this newly created account "catchall@".

This way, Postfix still verifies existing accounts, and emails sent to non-existing address will be relayed to another server.

3

Re: relay domains with local mailboxes

Thats for the quick reply. As always!

Unfortunately, this doesn't work.

Postfix will rewrite the header on a catchall, so all relay'd mail arrives at the destination server with a To address of "catchall@example.org", so the original To address is lost, and the destination mailserver will bounce it.

4

Re: relay domains with local mailboxes

I think, from a functional point of view, there is a difference between the options:

* Mark as backup MX
* Relay without verifying local recipients

The first option should forward everything without any local activity, this is what BackupMX means. The second option is useless, since if you define a relay, but it's NOT a backupMX, it implies you want local recipient verifying, and only relay if verification fails.

However currently both set the backupMX flag, so do exactly the same.

5

Re: relay domains with local mailboxes

Try this: Open file /etc/postfix/mysql/transport_maps_domain.cf, APPEND 'AND backupmx=0' in 'query =' setting.
The final setting looks like below:

user        = ...
password    = ...
hosts       = ...
port        = ...
dbname      = ...
query       = SELECT transport FROM domain WHERE domain='%s' AND active=1 AND backupmx=0

Restart Postfix service and try again.

6 (edited by harro.verton 2014-11-24 19:11:19)

Re: relay domains with local mailboxes

That doesn't make any difference. Same error.

When BackupMX=0 and relay transport != 'dovevot', it should relay the incoming message using th defined domain transport if no local recipient exists.

When BackupMX=0 and relay transport is empty or set to 'dovecot', it should return "Recipient address rejected: User unknown in virtual mailbox table" if no local recipient exists.

I've been looking at the different cf files, and from a logical point of view I think relay_domains should be changed so it only returns the transport if no local mailbox exists, but I don't think you've got access to %u and %d in that query?

7

Re: relay domains with local mailboxes

harro.verton wrote:

3) no local mailbox, do I have a domain relay defined? If so, relay to the defined secondairy server

The problem is step #3 (in your first post).
If no local mailbox, Postfix rejects the smtp session immediately. It won't check domain relay at all.

8

Re: relay domains with local mailboxes

Maybe it will work this way:

* Add addition sql/ldap/hash file query AFTER domain transport lookup setting, e.g.

transport_maps =
    proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf,
    proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf,
    proxy:mysql:/etc/postfix/mysql/transport_non_exist_accounts.cf    # <- Add this one

Since transport_maps_user.cf and transport_maps_domain.cf return transport for valid users/domains, transport_non_exist_accounts.cf should return transport setting for all non-existing accounts. You can write a proper SQL command in this file to return the relay setting of secondary mail server.

e.g.

query = SELECT transport FROM domain WHERE domain='%d' AND transport <> 'dovecot' ...

9

Re: relay domains with local mailboxes

It goes wrong before that.

If I leave BackupMX enabled, an incoming mail gets relayed even if a local mailbox for that account exists.

If I disable BackupMX, I get "Recipient address rejected: User unknown in virtual mailbox table" as soon as I send an email for which NO local mailbox exists.

transport_maps_domain.cf contains:

SELECT transport FROM domain WHERE domain='%s' AND active=1

so it already ignores the BackupMX flag.

10

Re: relay domains with local mailboxes

5th post in this thread says adding 'backupmx=0' in transport_maps_domain.cf.

11 (edited by harro.verton 2014-11-25 21:51:06)

Re: relay domains with local mailboxes

Sorry, but wat does that change?

My point was that both transport_maps_domain.cf and  transport_non_exist_accounts.cf currently return exactly the same answer. Adding "backupmx=0" doesn't change anything, because on this domain record, backupmx is zero (because if it is 1, postfix will relay without checking local mailboxes).

So the problem remains:

If I disable BackupMX, I get "Recipient address rejected: User unknown in virtual mailbox table" as soon as I send an email for which NO local mailbox exists.

12

Re: relay domains with local mailboxes

I added some debugging to the qmgr, and that confirms that the message is bounced higher up in the process, before it gets to the qmgr and transports are checked.

13

Re: relay domains with local mailboxes

harro.verton wrote:

My point was that both transport_maps_domain.cf and  transport_non_exist_accounts.cf currently return exactly the same answer.

I'm afraid that you didn't get my point.

With added sql query file in "transport_maps", you can return whatever transport you want with proper SQL query statement. I just show an example of SQL query, you have to adjust it to match your need.

harro.verton wrote:

So for every incoming email iRedMail needs to check:
1) do I have a local mailbox for it, and if so, deliver locally, process any forward defined
2) do I have an email address defined with a relay, if so, relay the mail to the defined secondairy server
3) no local mailbox, do I have a domain relay defined? If so, relay to the defined secondairy server
4) out of options, bounce with "user not found"

1) and 2) handles existing mailboxes and relay, so Postfix will query non-existing accounts with your addition sql query, that's why i said you can try addition sql query file in "transport_maps".

14

Re: relay domains with local mailboxes

Well, I did exactly what you said. Let me recap:

main.cf contains:

transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, 
      proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf, 
      proxy:mysql:/etc/postfix/mysql/transport_maps_forwards.cf

transport_maps_user.cf:

SELECT mailbox.transport FROM mailbox,domain 
     WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain 
     AND mailbox.transport<>'' AND mailbox.active=1 AND mailbox.enabledeliver=1
     AND domain.backupmx=0 AND domain.active=1

transport_maps_domain.cf:

SELECT transport FROM domain WHERE domain='%s' AND active=1 AND backupmx=0

transport_maps_forwards.cf:

SELECT transport FROM domain 
     WHERE domain='%s' AND active=1
     AND (transport LIKE "smtp:%%" OR transport LIKE "relay:%%")

Unless I've understood you completely wrong, this was you advice, yes?

With this config as soon as I set BackupMX to 0 on my test domain, the local mailbox starts accepting mail, and when there is no local mailbox, I get "Recipient address rejected: User unknown in virtual mailbox table;" as I explained.

15 (edited by harro.verton 2014-11-28 06:29:10)

Re: relay domains with local mailboxes

Reading back I thought maybe the "%s" should be a "%d", but that doesn't matter. The problem remains.

I've tested the "forwards" query, and it returns the correct transport value when I test it with my test domain as %s.

16

Re: relay domains with local mailboxes

*) '%s' should be '%d' in transport_maps_forwards.cf
*) Please verify transport_maps_forwards.cf with below command first:

# cd /etc/postfix/mysql/
# postmap -q 'non-exist-user@your_domain.com' mysql:./transport_maps_user.cf
# postmap -q 'your_domain.com' mysql:./transport_maps_domain.cf
# postmap -q 'your_domain.com' mysql:./transport_maps_forwards.cf

17 (edited by harro.verton 2014-12-03 20:45:50)

Re: relay domains with local mailboxes

Results, with "BackupMx=0 and a defined relay:

[root@mail mysql]# postmap -q 'non-exist-user@my_domain.com' mysql:./transport_maps_user.cf
[root@mail mysql]# postmap -q 'exist-user@my_domain.com' mysql:./transport_maps_user.cf
dovecot
[root@mail mysql]# postmap -q 'my_domain.com' mysql:./transport_maps_domain.cf
[root@mail mysql]# postmap -q 'my_domain.com' mysql:./transport_maps_forwards.cf

So the results of the last one is odd. If I run

SELECT transport FROM domain WHERE domain='my_domain.com' AND active=1 AND (transport LIKE "smtp:%%" OR transport LIKE "relay:%%")

manually, I do get the correct transport back.

If I change the %d back into %s in the transport_maps_forwards query, I do get the correct result back:

[root@mail mysql]# postmap -q 'my_domain.com' mysql:./transport_maps_forwards.cf
smtp:my_domain.com.mail.protection.outlook.com:25

18

Re: relay domains with local mailboxes

With these corrections there are no differences though.

Still, with the transport mentioned in the previous post defined on "my-domain.com", and "backupmx" set to 0, any email that comes in for "exist-user@my-domain.com" is correctly delivered, and email for "non-exist-user@my-domain.com" is bounced, and not forwarded:

Delivery to the following recipient failed permanently:

    non-exist-user@my-domain.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain my-domain.com by iredmail.my-domain.com. [x.x.x.x].

The error that the other server returned was:
550 5.1.1 <non-exist-user@my-domain.com>: Recipient address rejected: User unknown in virtual mailbox table


----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=WYqNRWWXIehP4s5147vSFraNlCfTqrvduNQ7U4iCxxw=;
        b=tfoV4WNsu3+NhjXyJTHbJtXGTzt4FRqcCUprFd0N/cBqSL4vWQH3V17GdcjbCLmPaj
         iuktkdgRkVPZpAW06BxmZihdTUeHnf/wM5yZDXr/azIzht6hMkwQYZevhEqr23bVqa4h
         HMf1yVgNaQE4ixwbig61JQUvr0nSBLkW2+widD1SFoJu/ufWYuF/Z/CAMH3IKzWke2l2
         jt4HJIOw8uO/vHcsS0OEKkmWvM/6/LMr3FXJcfcTU/3RZCu4tY84tV/IuP5igLkVCzeM
         oV+14M4VBCmBZtQiugJzd57WrRDKUwcnT6+j1fSU4MdMhWiWjs6iofLsxANjf9uxSI0e
         9jAA==
MIME-Version: 1.0
X-Received: by 10.180.96.41 with SMTP id dp9mr13379877wib.13.1417611733057;
 Wed, 03 Dec 2014 05:02:13 -0800 (PST)
Received: by 10.217.108.135 with HTTP; Wed, 3 Dec 2014 05:02:13 -0800 (PST)
Date: Wed, 3 Dec 2014 14:02:13 +0100
Message-ID: <CAMK7jNa7dxWDHikrHMRdA0fuFjHC6GSqW_2_xm=GsH7_HkbUFg@mail.gmail.com>
Subject: still ok?
From: Harro Verton <my-private-account@gmail.com>
To: non-exist-user@my-domain.com
Content-Type: multipart/alternative; boundary=f46d043bdc58c747ee05094f7310

19

Re: relay domains with local mailboxes

harro.verton wrote:

If I change the %d back into %s in the transport_maps_forwards query, I do get the correct result back:

Then use '%s'. smile

20

Re: relay domains with local mailboxes

I'd rather you responded with a solution to the problem instead of with a joke, because we're still no inch further in solving this.

I already replied that even with my correction to your suggestion, it doesn't work. The "postmap -q" query returns the correct information, but it still either forwards, or delivers locally, but not both. So the process doesn't even get that far.

21

Re: relay domains with local mailboxes

harro.verton wrote:

I'd rather you responded with a solution to the problem instead of with a joke, because we're still no inch further in solving this.

Sorry for the confusion, i didn't joke, the icon smile is just a smile face.

harro.verton wrote:

I already replied that even with my correction to your suggestion, it doesn't work. The "postmap -q" query returns the correct information, but it still either forwards, or delivers locally, but not both. So the process doesn't even get that far.

Could you please show us below info:

*) current settings of Postfix (postconf -n)
*) All files used in Postfix parameter "transport_maps" (Remove passwords)
*) Run below commands with files used in 'transport_maps', one by one.

# postmap -q 'exist_domain.com' mysql:/etc/postfix/mysql/[THE_FILE]
# postmap -q 'relay_domain.com' mysql:/etc/postfix/mysql/[THE_FILE]
# postmap -q 'exist_user@domain.com' mysql:/etc/postfix/mysql/[THE_FILE]
# postmap -q 'non-exist-user@domain.com' mysql:/etc/postfix/mysql/[THE_FILE]

22

Re: relay domains with local mailboxes

Hi,
I'm trying the same thing as TO with no success. I really would appreciate an idea how to make postfix accept a non-existing address and trigger the relay process. Should I open a new thread or continue here?
Thank you
Lucas

23

Re: relay domains with local mailboxes

I never got it working.

Eventually I resorted to creating a subdomain for those accounts, so "mail@servicedesk.DOMAIN" instead of "servicedesk@DOMAIN".

24

Re: relay domains with local mailboxes

Hi @luvo, @harro.verton,

Could you try this?
https://gist.github.com/iredmail/fda90a … c18638e047

25

Re: relay domains with local mailboxes

The original post was from over 4,5 years ago.

In our case, that situation no longer exists, as in the meantime we have migrated that domain from O365 to iRedMail/SoGo.

I've added it to the list of things to test, next time we need to setup an iRedMail server in the lab.

Thanks for your brillant work !