1

Topic: domain aliases don't work as expected

I'm a recent convert to iRedMail, and it works well, but it seems that I'm not getting any emails on the domain aliases that I've configured in iRedAdmin Pro.  individual account aliases work, where I have aliases of 'bob', 'joe' & 'paul' for the real account 'tom' @ domain.com emails are all coming through - but where I have aliases of domain.co.uk, domain2.com & domain3.com for domain.com everything is bouncing with the log reporting 'Relay Access Denied' - whether to real or alias acccounts.

From my reading it looks as if 0.7.1 was intended to fix this, but I've just installed it on a new test server, and it doesn't seem to make any difference.

Any thoughts?

2

Re: domain aliases don't work as expected

What's the "query =" setting in /etc/postfix/mysql/relay_domains?
It should be:

query       = SELECT domain FROM domain WHERE domain='%s' AND backupmx=1 AND active=1

3

Re: domain aliases don't work as expected

ZhangHuangbin wrote:

What's the "query =" setting in /etc/postfix/mysql/relay_domains?
It should be:

query       =(SELECT domain FROM domain WHERE domain='%s' AND backupmx=1 AND active=1

It's almost that - there is no opening bracket before 'SELECT' - other than that it is identical.

4

Re: domain aliases don't work as expected

I should perhaps also add that backupmx is set to 0 for all the domains whether they have aliases or not.

Cheers

John

5

Re: domain aliases don't work as expected

Ok, now you have edited it, it is identical.

I was perhaps a little optimistic about individual aliases though, as no aliases seem to work.  Which is worrying, as we use them quite heavily.

They were working with 0.7.0, but don't work on 0.7.1

For reasons too dull to go into this is now my production server - is there an imminent fix (as I appear not to be the only person suffering this problem), or do I need to rebuild?

Many thanks,

John

6

Re: domain aliases don't work as expected

I'm so sorry about this trouble, will test it tonight and let you know the result.

7

Re: domain aliases don't work as expected

Hi, johnsjs.

I tested alias domains with iRedMail-0.7.1 and iRedAdmin-Pro-MySQL-1.1.0, works fine for me here.
May i know how you added alias domains, and anything changes in your iRedMail server? Also, could you please paste detail error log in postfix mail log about this issue (not only "Relay Access Denied")?

Thanks.

8

Re: domain aliases don't work as expected

I don't know whether this is relevant, but I rebooted the server this morning to see whether it was related to the install not starting services, and Dovecot didn't start automatically.  When it started everything appeared fine.  On further inspection the user alias issue may be an id10t error (i.e. my fault) they are working now - sorry for the false report.  The domain alias issue is still present however, error reports follow;

I have the following domains (none of them critical, so not hiding them) - ac-wm.com - a 'real' domain, ac-wm.co.uk, an alias, john is a 'real' account on ac-wm.com and on the 'real' domain that ac-wm.co.uk is an alias of.  johns is an alias of john on the real domain.

I sent an email from a hotmail test account to john@ac-wm.com, johns@ac-wm.com john@ac-wm.co.uk johns@ac-wm.co.uk.  All should be delivered under the rule sets I have, all rulesets were created with iRedAdmin Pro.  The server was installed as 32 bit Ubuntu server, 10.10, as a basic install, and then configured as an iRedMail server with your script.

Error log:

for john@ac-wm.co.uk (real account on alias domain)

May  5 16:15:04 broadway149 postfix/smtpd[8629]: connect from blu0-omc2-s28.blu0.hotmail.com[65.55.111.103]
May  5 16:15:04 broadway149 postfix/smtpd[8629]: NOQUEUE: reject: RCPT from blu0-omc2-s28.blu0.hotmail.com[65.55.111.103]: 554 5.7.1 <john@ac-wm.co.uk>: Relay access denied; from=<actest@hotmail.co.uk> to=<john@ac-wm.co.uk> proto=ESMTP helo=<blu0-omc2-s28.blu0.hotmail.com>
May  5 16:15:04 broadway149 postfix/smtpd[8629]: disconnect from blu0-omc2-s28.blu0.hotmail.com[65.55.111.103]

johns@ac-wm.co.uk (alias account on alias domain)

May  5 16:47:53 broadway149 postfix/smtpd[8939]: connect from blu0-omc3-s38.blu0.hotmail.com[65.55.116.113]
May  5 16:47:53 broadway149 postfix/smtpd[8939]: NOQUEUE: reject: RCPT from blu0-omc3-s38.blu0.hotmail.com[65.55.116.113]: 554 5.7.1 <johns@ac-wm.co.uk>: Relay access denied; from=<actest@hotmail.co.uk> to=<johns@ac-wm.co.uk> proto=ESMTP helo=<blu0-omc3-s38.blu0.hotmail.com>
May  5 16:47:53 broadway149 postfix/smtpd[8939]: disconnect from blu0-omc3-s38.blu0.hotmail.com[65.55.116.113]

john@ac-wm.com (real account, real domain)

delivered

johns@ac-wm.com (alias account, real domain)

delivered

As an entirely separate issue, I had to restart the mysql server because it was reporting 'too many connections' in mail.err.  I had already increased connections to 500, and have now increased it to 1000 - but we simply are not that busy a mail server, so somewhere connections are not being closed - if I track it down I'll let you know.

As a third issue, roundcubemail reported a failure when trying to connect to the sieve server, but on a subsequent attempt connected, so I don't know whether it was also not running, and trying to connect 'prompted' it to start, or whether it is more significant, but it has been working since, however as a tiny aside, on the vacation filter there is a box prompting for 'How often send messages (in days):' - should this read 'How long between sending your message to each sender (in days):' or are you actually asking how many times a day should the message be sent?

Anyway, thank you, and any answers greatly appreciated.

Best,

John

9 (edited by johnsjs 2011-05-07 03:24:52)

Re: domain aliases don't work as expected

As an entirely separate issue, I had to restart the mysql server because it was reporting 'too many connections' in mail.err.  I had already increased connections to 500, and have now increased it to 1000 - but we simply are not that busy a mail server, so somewhere connections are not being closed - if I track it down I'll let you know.

1000 was still crashing (or rather blocking) mysql after about 8 hours, however adding wait_timeout = 3600 to my.cnf appears to have fixed the problem - I now have a steady run of around 150 connections of which the half dozen or so crucial ones have their idle clock reset well within the hour, so not crashing the system, but all the 'dead' live ones get recycled hourly.  I have read that the default for wait_timeout is 8 hours, and also that it's 28800 seconds (which is consistent) so based on our system we would need (150x8) 1200 connections to avoid mysql going into a spin, which is probably a little too much considering we are a relatively quiet server.

The idle connections are all user vmail, and all just seem to sleep indefinitely.

Now the system will get quieter for the weekend it is quite possible that the 'crucial' ones (owned by postfix-policyd, amavisd and vmailadmin) will time out and get cancelled, so I'll keep a close eye and check whether everything needs restarting to work, but by Monday I'll know whether this fix works to keep the system functional.

I will search for the root cause as well, and let you know if I find it.

Cheers


John

10

Re: domain aliases don't work as expected

I have the same "Relay Access Denied" problem when I try to send a mail to a recipient address with a domain alias, from an external sender address (a @yahoo.com sender address, for example).
"reject_unauth_destination" is triggered in Postfix's smtpd_recipient_restrictions.

When the sender is SASL authenticated, the domain alias rewrite works. I guess "permit_sasl_authenticated" is triggered before "reject_unauth_destination" in Postfix's smtpd_recipient_restrictions.

11 (edited by comazzi 2011-05-27 20:01:45)

Re: domain aliases don't work as expected

I´m having the same problem here.

Did anyone found any workaround, quick fix or solution ?

12

Re: domain aliases don't work as expected

If you are using MySQL backend, you can edit the /etc/postfix/mysql/virtual_mailbox_domains.cf file, and replace the following line :

query       = SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1

by

query       = SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 UNION SELECT alias_domain FROM alias_domain WHERE alias_domain='%s' AND active=1

Hope this helps.

13

Re: domain aliases don't work as expected

cnIce wrote:

query       = SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 UNION SELECT alias_domain FROM alias_domain WHERE alias_domain='%s' AND active=1

This one is better, it will check backupmx and active status of target domain:

query       = SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 UNION SELECT alias_domain.alias_domain FROM alias_domain,domain WHERE alias_domain.alias_domain='%s' AND alias_domain.active=1 AND alias_domain.target_domain=domain.domain AND domain.active=1 AND domain.backupmx=0

14

Re: domain aliases don't work as expected

I solved the problem.

To make domain alias work I had to create a new domain and then update the alias field in the 'main' domain configuration panel.