virtual domains?
Wyman Eric Miles
I have a postfix server with two interfaces, each interface in its own
domain:
interface1 -> domain1
interface2 -> domain2
This machine just Amavis scans mail and then passes it off to one of two
real mail servers behind the scenes.
How can I configure postfix on the scanning machine to understand that
connections at interface1 are domain1 and connections to interface2 are
domain2, share a single alias table, and route mail to the two real
servers as appropriate?
In particular, I want to prevent the following scenario:
user sends mail to foo@domain1 -> alias epxands to domain2 -> machine
sends mail to other interface -> mail gets virus scanned twice.
I'm unclear on the concept or application of virtual domains but what I do
understand leads me to believe that's the solution to our problem.
Ideas?
Wyman Miles
Manager of Infrastructure, Rice University, Texas.
(713) 348-5827, e-mail:wym...@rice.edu, pager:wym...@pager.rice.edu
Russell Mosemann
> On 7 Nov 2002 at 10:45, Wyman Eric Miles wrote:
>
> > I'm unclear on the concept or application of virtual domains but what
> > I do understand leads me to believe that's the solution to our
> > problem.
>
> Sections of this might help: http://www.freebsddiary.org/postfix.php
That reference does not include any information about virtual domains.
It only discusses virtual_maps for address mapping. Search this list for
articles that contain the exact phrase
Some notes on relay, local and virtual domains
----
Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
"Eschew obfuscation!"
Dan Langille
> On Thu, 7 Nov 2002, Dan Langille wrote:
>
> > On 7 Nov 2002 at 10:45, Wyman Eric Miles wrote:
> >
> > > I'm unclear on the concept or application of virtual domains but
> > > what I do understand leads me to believe that's the solution to
> > > our problem.
> >
> > Sections of this might help: http://www.freebsddiary.org/postfix.php
>
> That reference does not include any information about virtual domains.
> It only discusses virtual_maps for address mapping.
What is missing to make it actually discuss virtual domains? Initial
reading shows that I've forgotten to include the domain as a key in
the virtual maps.
> Search this list
> for articles that contain the exact phrase
>
> Some notes on relay, local and virtual domains
That's quite useful. Thanks.
--
Dan Langille : http://www.langille.org/
Dan Langille
> On Thu, 7 Nov 2002, Dan Langille wrote:
>
> > On 7 Nov 2002 at 10:45, Wyman Eric Miles wrote:
> >
> > > I'm unclear on the concept or application of virtual domains but
> > > what I do understand leads me to believe that's the solution to
> > > our problem.
> >
> > Sections of this might help: http://www.freebsddiary.org/postfix.php
>
> That reference does not include any information about virtual domains.
I'm concerned about this statement because if I'm not dealing with
virtual domains [correctly], then I need to repair that article.
Please elaborate upon why you believe it does not deal with virtual
domains. In short: the steps within that article will allow one to
set up postfix and receive mail for multiple domains. Does that not
fit into the definition of "virtual domains"?
> It only discusses virtual_maps for address mapping. Search this
> list for articles that contain the exact phrase
>
> Some notes on relay, local and virtual domains
AFAIK, virtual_maps for address mapping is one valid and widely used
method of implementing virtual domains. I know there are other ways
to implement, as demonstrated by the reference above. I chose one
and ran with it because it's quite simple to set up and very similar
to a strategy widely used with sendmail.
regards
Russell Mosemann
> In short: the steps within that article will allow one to
> set up postfix and receive mail for multiple domains. Does that not
> fit into the definition of "virtual domains"?
You are correct. That fits the general definition of virtual domains.
There is inherent confusion already with the overloaded word "virtual" as
it is used in postfix. It would be nice if your directions would help
clarify some of the aspects.
> AFAIK, virtual_maps for address mapping is one valid and widely used
> method of implementing virtual domains.
That proves my point. The statement is correct by itself, but that is not
really how virtual_maps are being used in your example.
> I know there are other ways
> to implement, as demonstrated by the reference above. I chose one
> and ran with it because it's quite simple to set up and very similar
> to a strategy widely used with sendmail.
Let me offer a suggestion, then. In your example, make it very clear that
you are demonstrating sendmail-style virtual domains where every local
account exists in all of the domains accepted by postfix. Your table has
headings "virtual address" and "real address". It's not really the real
address. It is the name of the local account where the email is
delivered.
In the event that users in one virtual domain should be distinct from
users in another virtual domain (i.e., d...@example.net is different from
d...@example.com) and no local accounts exist for addresses in the virtual
domain, then postfix-style virtual domains need to be used.
Here is an overall picture. You have some of this in your directions. At
the top level, there are two types of virtual domains. One is a
sendmail-style virtual domain (which you use) and the other is the
postfix-style virtual domain.
There are two types of postfix-style virtual domains. There is the
"regular" virtual domain and the virtual mailbox domain. Regular virtual
domains have no local mailboxes (real or virtual) associated with them.
Consequently, virtual domains must eventually be mapped to an address
where the email can be delivered. Virtual mailbox domains and their
addresses are associated with virtual mailboxes (i.e., not a local
account) on the local computer.
virtual_maps serves two functions. It can map any address (real or
virtual) to any other address or addresses (real or virtual, local or
remote) regardless of any virtual domains (which is how you are using it).
For postfix-style virtual domains, virtual_maps store what I call the
domain marker and the entries for _all_ of the addresses in that virtual
domain. virtual_maps can used for both functions at the same time.
virtual_mailbox_maps stores the domain marker and the entries for _all_ of
the addresses in that domain that will be delivered to virtual mailboxes
on the local computer. virtual_mailbox_maps might even contain specific
information about the virtual mailbox, including its path, its size limit
and the uid/gid it is using.
If the pieces appropriate to your configuration can be incorporated in
your directions, then you will have a complete example that people can
follow and understand when configuring sendmail-style virtual domains.
On a side note, I agree with a previous poster that I would not encourage
people to separate their various files by domain unless it was to keep
text files that would be combined to form a single hash file.
----
Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
"There's a simple solution to every problem if you're just willing to
implement it." - Mark Lemke
Dan Langille
> On Fri, 8 Nov 2002, Dan Langille wrote:
>
> > In short: the steps within that article will allow one to
> > set up postfix and receive mail for multiple domains. Does that not
> > fit into the definition of "virtual domains"?
>
> You are correct. That fits the general definition of virtual domains.
> There is inherent confusion already with the overloaded word
> "virtual" as it is used in postfix. It would be nice if your
> directions would help clarify some of the aspects.
Practical examples are the goal.
> > AFAIK, virtual_maps for address mapping is one valid and widely used
> > method of implementing virtual domains.
>
> That proves my point. The statement is correct by itself, but that is
> not really how virtual_maps are being used in your example.
>
> > I know there are other ways
> > to implement, as demonstrated by the reference above. I chose one
> > and ran with it because it's quite simple to set up and very similar
> > to a strategy widely used with sendmail.
>
> Let me offer a suggestion, then. In your example, make it very clear
> that you are demonstrating sendmail-style virtual domains where every
> local account exists in all of the domains accepted by postfix. Your
> table has headings "virtual address" and "real address". It's not
> really the real address. It is the name of the local account where
> the email is delivered.
I will clarify that in the article. In fact, I meant to demonstrate
postfix style. That is what I use on my mail servers. The example
virtual_maps file should be:
example.net DOMAIN
d...@example.net dan
example.com DOMAIN
d...@example.com dtm@localhost
But point taken; I will explain the difference.
> In the event that users in one virtual domain should be distinct from
> users in another virtual domain (i.e., d...@example.net is different
> from d...@example.com) and no local accounts exist for addresses in the
> virtual domain, then postfix-style virtual domains need to be used.
Agreed.
> Here is an overall picture. You have some of this in your directions.
> At the top level, there are two types of virtual domains. One is a
> sendmail-style virtual domain (which you use) and the other is the
> postfix-style virtual domain.
>
> There are two types of postfix-style virtual domains. There is the
> "regular" virtual domain and the virtual mailbox domain. Regular
> virtual domains have no local mailboxes (real or virtual) associated
> with them. Consequently, virtual domains must eventually be mapped to
> an address where the email can be delivered. Virtual mailbox domains
> and their addresses are associated with virtual mailboxes (i.e., not a
> local account) on the local computer.
If I used this for virtual_maps, which type of postfix-style virtual
domain would I have:
example.net DOMAIN
d...@example.net dan@domain_not_hosted_here.org
ma...@example.net mark
example.com DOMAIN
d...@example.com dtm@localhost
> virtual_maps serves two functions. It can map any address (real or
> virtual) to any other address or addresses (real or virtual, local or
> remote) regardless of any virtual domains (which is how you are using
> it). For postfix-style virtual domains, virtual_maps store what I
> call the domain marker and the entries for _all_ of the addresses in
> that virtual domain. virtual_maps can used for both functions at the
> same time.
The above is what I do in practice. This was not reflect in the
example provided by omitting the domain marker.
> virtual_mailbox_maps stores the domain marker and the entries for
> _all_ of the addresses in that domain that will be delivered to
> virtual mailboxes on the local computer. virtual_mailbox_maps might
> even contain specific information about the virtual mailbox, including
> its path, its size limit and the uid/gid it is using.
I will have to investiage virtual_mailbox_maps and do some test
scenarios. That looks very interesting.
> If the pieces appropriate to your configuration can be incorporated in
> your directions, then you will have a complete example that people can
> follow and understand when configuring sendmail-style virtual domains.
I plan to do that ASAP. With my current workload, it'll be sometime
next week.
> On a side note, I agree with a previous poster that I would not
> encourage people to separate their various files by domain unless it
> was to keep text files that would be combined to form a single hash
> file.
Reasons? I suspect performance, but for a small number of
users/domains, with a low volume mail server, that may not be an
issue. It would be fairly easy to cat them all together and run
portmap on the resulting file.
Thank you for the information.
Russell Mosemann
> I will clarify that in the article. In fact, I meant to demonstrate
> postfix style. That is what I use on my mail servers. The example
> virtual_maps file should be:
>
> example.net DOMAIN
> d...@example.net dan
I always specify full addresses. I think this would redirect email for
d...@example.net to dan@$myorigin, but I'm not sure. Assuming that postfix
accepts email for $myorigin (i.e., it's part of mydestination), then it
would be delivered to the alias or local account with the name dan.
> example.com DOMAIN
> d...@example.com dtm@localhost
Same as above. Assuming that postfix accepts email for localhost, it will
be delivered to the alias or local account named dtm.
> If I used this for virtual_maps, which type of postfix-style virtual
> domain would I have:
>
> example.net DOMAIN
> d...@example.net dan@domain_not_hosted_here.org
> ma...@example.net mark
>
> example.com DOMAIN
> d...@example.com dtm@localhost
Since you use the terms "virtual_maps" and "postfix-style", it would have
to be a "regular" postfix-style virtual domain. It can't be anything
else.
> I will have to investiage virtual_mailbox_maps and do some test
> scenarios. That looks very interesting.
Once it's understood, it works very well. The confusing part is that the
word "virtual" is used in virtual_maps and virtual_mailbox_maps. People
think that they must be the same thing or closely connected, which is not
the case at all. The implement separate concepts.
> > On a side note, I agree with a previous poster that I would not
> > encourage people to separate their various files by domain unless it
> > was to keep text files that would be combined to form a single hash
> > file.
>
> Reasons? I suspect performance,
Performance could be a factor. Instead of one lookup, it would be one
lookup per domain. There's also the buffer space and number of open
files. One file is simpler to maintain than 10. Either something is in
the table or it is not. It may be easier to distribute one file to
slave/backup postfix machines. We put almost everything in LDAP and use
slave servers for distribution to solve those problems.
> but for a small number of
> users/domains, with a low volume mail server, that may not be an
> issue.
I agree with you. That's the ultimate decision, anyway. If that
configuration does what you want and you are comfortable with the
performance, then go for it. One of the nice features of postfix is its
flexibility. We are doing some clever things with LDAP that would never
fly with some of the places that pump tens of thousands of messages
through an hour or host thousands of domains. It does what we want, and
the performance is excellent for our load.
----
Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
"If Teflon is non-stick, how do they get it to stick to the pan?"
Ralf Hildebrandt
> On Fri, 8 Nov 2002, Dan Langille wrote:
>
> > I will clarify that in the article. In fact, I meant to demonstrate
> > postfix style. That is what I use on my mail servers. The example
> > virtual_maps file should be:
> >
> > example.net DOMAIN
> > d...@example.net dan
>
> I always specify full addresses. I think this would redirect email for
> d...@example.net to dan@$myorigin, but I'm not sure.
You're correct
--
Ralf Hildebrandt Ralf.Hil...@charite.de
Postfix Tips: http://www.arschkrebs.de/postfix/ Tel. +49 (0)30-450 570-155
Ich habe hier Windows 2000 spontan fällt mir dazu die Szene aus das
"Leben des Brian" ein, in der der Mitgefangene im Kerker Brian als
Günstling bezeichnet, weil er vom Kerkermeister angespuckt wurde.