1

Topic: Relaying email from an aliased domain

we have an old mail server that we need to migrate, a few of our clients have aliased domains that have forwarding to another server for mailfiltering e.g.

domain.co.uk forwards to domain.com and is delivered remotely to mx5.foo-mailfilter.com

we have setup in iredadmin-pro the main domain "domain.com" and then aliased domain.co.uk along with an entry in the domain level of domain.com to relay 'smtp:[mx5.foo-mailfilter.com]'

when emails arrive for domain.co.uk they are rejected with;

May  8 14:30:33 imap postfix/smtpd[11745]: NOQUEUE: reject: RCPT from unknown[xx.xx.xx.xx]: 550 5.1.1 <mel.gibson@domain.co.uk>: Recipient address rejected: User unknown in virtual mailbox table; from=<me@mydomain.com> to=<mel.gibosn@domain.co.uk> proto=ESMTP helo=<G>


we dont want to have to bother with any sercurty as such due to mx5.foo-mailfilter.com's purpose and this proxy's again to its final destination of an external mail server cluster at the client's premises, so we simply need to translate the domain and forward it on without interuption.

iRedAdmin-Pro v1.3.1 (MySQL)
postconf -n

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = mydomain.com
myhostname = imap.mydomain.com
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = imap.mydomain.com
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500


Any advice tips or outright RTFM links appreciated.

2

Re: Relaying email from an aliased domain

I'm afraid I don't fully understand your points. sad

I guess this is what you need:

- Create new domain "domain.co.uk" with iRedAdmin-Pro.
- In profile page of domain "domain.co.uk", under tab "Relay", set relay to 'smtp:[mx5.foo-mailfilter.com]'.
- Login to phpLDAPadmin, add one more attribute for LDAP object of domain "domain.co.uk":

domainBackupMX=yes

Then all emails will be delivered/forwarded to "smtp:[mx5.foo-mailfilter.com]" WITHOUT recipient verification.

3

Re: Relaying email from an aliased domain

ZhangHuangbin wrote:

I'm afraid I don't fully understand your points. sad

I guess this is what you need:

- Create new domain "domain.co.uk" with iRedAdmin-Pro.
- In profile page of domain "domain.co.uk", under tab "Relay", set relay to 'smtp:[mx5.foo-mailfilter.com]'.
- Login to phpLDAPadmin, add one more attribute for LDAP object of domain "domain.co.uk":

domainBackupMX=yes

Then all emails will be delivered/forwarded to "smtp:[mx5.foo-mailfilter.com]" WITHOUT recipient verification.


Hello Zhang, thank you for the quick response.

Seeing the example you posted and some quick investigation it looks like this was a simple RTFM issue, by adjusting the backupMX setting under the domain in mysql has resolved the recipient verification issue and this now receives correctly.


It now raises another issue and perhaps the fact that we are implimenting this in the wrong way, what we would now like to achieve would be a rewrite of the recipient domain.


configuration as it stands

domain.com, "relay" 'smtp:[mx5.foo-mailfilter.com]'
domain.co.uk, as an alias of domain.com

Perhaps this is the wrong way to achieve what were trying to do below.


when emails pass through the system to the remote smtp server (mx5.foo-mailfilter.com)  emails to user1@domain.co.uk need to present itself to mx5.foo-mailfilter.com as user1@domain.com, in something like sendmail within the virtualusertable you can specify the following;

@domain.co.uk      %1@domain.com

Currently the smtp relay 'mx5.foo-mailfilter.com' is rejecting email as its being delivered to user1@domain.co.uk.



Thank you in advance for any help or advice on this matter.

4

Re: Relaying email from an aliased domain

Then you need this:
http://www.postfix.org/ADDRESS_REWRITIN … #canonical