Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

using a simpler form than transport_maps for forwarding mail -- what and where in main.cf does it go?

470 views
Skip to first unread message

aleph de

unread,
May 18, 2015, 9:44:49 AM5/18/15
to
I'm working on a 'front-end' Postfix server to receive and relay mail, forwarding it only to one, specific 'back-end' Postfix server.

It works using the following simple configurations

cat ./master.cf
...
local_transport = error:5.1.1 no local delivery
relay_domains = MYDOMAIN1.com MYDOMAIN2.com
relay_recipient_maps =
transport_maps = lmdb:/etc/postfix/transport
...

cat ./transport
MYDOMAIN1.com relayTEST:[10.2.0.17]:10015
MYDOMAIN2.com relayTEST:[10.2.0.17]:10015

cat ./main.cf
smtp inet n - n - 1 postscreen
-o smtpd_tls_security_level=may
smtpd pass - - n - - smtpd
relayTEST unix - - n - - smtp
-o smtpd_tls_loglevel=1
-o smtp_tls_cert_file=/etc/postfix/ssl/relay.crt
-o smtp_tls_key_file=/etc/postfix/ssl/relay.key


Since I will always and only relay to a single server, [10.2.0.17]:10015, for all domains, per-domain ./transport seems unncessary.

I want to use a simpler, general, !per-domain form, and tie it only to the relay-of-inbound-mail process since I'll be adding other, outbound process later.

So reading

http://www.postfix.org/postconf.5.html#relay_transport
relay_transport (default: relay)
The default mail delivery transport and next-hop destination for remote delivery to domains listed with $relay_domains. In order of decreasing precedence, the nexthop destination is taken from $relay_transport, $sender_dependent_relayhost_maps, $relayhost, or from the recipient domain. This information can be overruled with the transport(5) table.

I tried instead

cat ./master.cf
...
- transport_maps = lmdb:/etc/postfix/transport
+ #transport_maps = lmdb:/etc/postfix/transport
...

cat ./main.cf
...
smtpd pass - - n - - smtpd
+ -o relay_transport=relayTEST:[10.2.0.17]:10015
relayTEST unix - - n - - smtp
...

but on mail receipt it now fails with

May 18 05:14:22 yoda postfix/smtpd[20977]: NOQUEUE: reject: RCPT from d.mail.sonic.net[64.142.111.50]: 550 5.1.1 <postm...@MYDOMAIN1.com>: Recipient address rejected: local delivery is disabled; from=<MYN...@sonic.net> to=<postm...@MYDOMAIN1.com> proto=ESMTP helo=<d.mail.sonic.net>

I'm not sure if I'm using the wrong parameter, or the wrong location for it :-/

What's the right parameter & location in main.cf to do this override?

Wietse Venema

unread,
May 18, 2015, 12:55:31 PM5/18/15
to
aleph de:
> Since I will always and only relay to a single server, [10.2.0.17]:10015,
> for all domains, per-domain ./transport seems unncessary.
...
> local_transport = error:5.1.1 no local delivery
> relay_domains = MYDOMAIN1.com MYDOMAIN2.com

/etc/postfix/main.cf:
transport_maps = static:relay:[10.2.0.17]:10015

> relay_recipient_maps =

That is bad. Your server will accept mail for non-existent users,
and either will throw away email (which may break the law) or it
will be a backscatter source (which may cause your server to
become blacklisted).

Wietse

aleph de

unread,
May 18, 2015, 1:13:06 PM5/18/15
to
> /etc/postfix/main.cf:
> transport_maps = static:relay:[10.2.0.17]:10015

Okay. I thought the _maps would imply an external file. I clearly misunderstood that, and learned about the 'static:' too. Thanks.

What I'd actually intended to ask though is, if I wanted to add the

-o transport_maps=static:relay:[10.2.0.17]:10015

to MASTER.cf, which of the three services' sections would I add this under,

smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd

&/or

relayTEST unix - - n - - smtp

?

IIUC, if it's in main.cf it applies to multiple sections.

> relay_recipient_maps =
>
> That is bad. Your server will accept mail for non-existent users,
> and either will throw away email (which may break the law) or it
> will be a backscatter source (which may cause your server to
> become blacklisted).

My intention is to use automatic recipient validation by having the Postfix at the VPS contact the backend Postfix at the office to check for valid users.

IIUC from reading http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient and other posts, to do that you're supposed to leave blank

relay_recipient_maps =

and then set

smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination

But "That is bad" suggests I'm doing this wrong.

Is this the wrong approach to address verification?

Wietse Venema

unread,
May 18, 2015, 1:35:06 PM5/18/15
to
aleph de:
> > /etc/postfix/main.cf:
> > transport_maps = static:relay:[10.2.0.17]:10015
>
> Okay. I thought the _maps would imply an external file. I clearly misunderstood that, and learned about the 'static:' too. Thanks.
>
> What I'd actually intended to ask though is, if I wanted to add the
>
> -o transport_maps=static:relay:[10.2.0.17]:10015
>
> to MASTER.cf, which of the three services' sections would I add this under,
>
> smtp inet n - n - 1 postscreen
> smtpd pass - - n - - smtpd
>
> &/or
>
> relayTEST unix - - n - - smtp

The transport map specifies how to deliver mail. Therefore you need
to specify a master.cf service that delivers (not: receives) mail.

> > relay_recipient_maps =
> >
> > That is bad. Your server will accept mail for non-existent users,
> > and either will throw away email (which may break the law) or it
> > will be a backscatter source (which may cause your server to
> > become blacklisted).
>
> My intention is to use automatic recipient validation by having
> the Postfix at the VPS contact the backend Postfix at the office
> to check for valid users.
>
> IIUC from reading
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient and
> other posts, to do that you're supposed to leave blank

That is correct. You are using "reject_unverified_recipient"
to reject mail with an incorrect recipient address.

Wietse

aleph de

unread,
May 18, 2015, 1:54:40 PM5/18/15
to
> > What I'd actually intended to ask though is, if I wanted to add the
> >
> > -o transport_maps=static:relay:[10.2.0.17]:10015
> >
> > to MASTER.cf, which of the three services' sections would I add this under,
> >
> > smtp inet n - n - 1 postscreen
> > smtpd pass - - n - - smtpd
> >
> > &/or
> >
> > relayTEST unix - - n - - smtp
>
> The transport map specifies how to deliver mail. Therefore you need
> to specify a master.cf service that delivers (not: receives) mail.

I get the *general* advice

"Therefore you need to specify a master.cf service that delivers (not: receives) mail."

But I guess that's the point of my question.

I have 3 services:

(1) smtp ... postscreen
(2) smdpd ... smtpd
(3) relayTEST ... smtp

(1) receives mail AND delivers it to the 'internal' smptd instance, (2)

(2) delivers mail, but only to the instance (3), which forwards the mail on further

(3) is what delivers mail from my VPS to my office.


It doesn't make sensd to add to (2)

smdpd ... smtpd
-o transport_maps=static:relayTEST:[10.2.0.17]:10015

because it's not relaying to 10.2.0.17.

And, it doesn't make sense to add to (3)

relayTEST ... smtp
-o transport_maps=static:relayTEST:[10.2.0.17]:10015

because I have to tell something/somewhere FIRST to use the 'relayTEST' service.

So it seems to me that all three services *deliver* mail.

Which one, though, get's told somehow to use that external, static delivery route?

Wietse Venema

unread,
May 18, 2015, 2:14:25 PM5/18/15
to
aleph de:
> "Therefore you need to specify a master.cf service that delivers (not: receives) mail."
>
> But I guess that's the point of my question.
>
> I have 3 services:
>
> (1) smtp ... postscreen
> (2) smdpd ... smtpd
> (3) relayTEST ... smtp
>
> (1) receives mail AND delivers it to the 'internal' smptd instance, (2)

Nope.

> (2) delivers mail, but only to the instance (3), which forwards the mail on further
>
> (3) is what delivers mail from my VPS to my office.

Wietse

Wietse Venema

unread,
May 18, 2015, 2:23:03 PM5/18/15
to
Wietse Venema:
> aleph de:
> > "Therefore you need to specify a master.cf service that delivers (not: receives) mail."
> >
> > But I guess that's the point of my question.
> >
> > I have 3 services:
> >
> > (1) smtp ... postscreen
> > (2) smdpd ... smtpd
> > (3) relayTEST ... smtp
> >
> > (1) receives mail AND delivers it to the 'internal' smptd instance, (2)
>
> Nope.

postscreen neither receives nor delivers mail.

> > (2) delivers mail, but only to the instance (3), which forwards the mail on further

smtpd receives, but does not deliver, mail.

> > (3) is what delivers mail from my VPS to my office.

This is the only program of the three that delivers mail.

Wietse

aleph de

unread,
May 18, 2015, 2:32:25 PM5/18/15
to
> > > (3) relayTEST ... smtp

> > > (3) is what delivers mail from my VPS to my office.
>
> This is the only program of the three that delivers mail.

Since I still don't have an example of what DOES work in this instance, again this

relayTEST ... smtp
-o transport_maps=static:relayTEST:[10.2.0.17]:10015

Telling service relayTEST to use service relayTEST doens't make sense.

Since relayTEST "is the only program of the three that delivers mail" what specifically needs to be configure to

(a) tell postfix to USE relayTEST

AND

(b) tell relayTEST to use the 10.2.0.17:10015 delivery.

Wietse Venema

unread,
May 18, 2015, 2:46:13 PM5/18/15
to
aleph de:
> > > > (3) relayTEST ... smtp
>
> > > > (3) is what delivers mail from my VPS to my office.
> >
> > This is the only program of the three that delivers mail.
>
> Since I still don't have an example of what DOES work in this
> instance, again this
>
> relayTEST ... smtp
> -o transport_maps=static:relayTEST:[10.2.0.17]:10015

transport_maps is not documented as an smtp(8) feature. If is,
however, documented as a qmgr(8) feature.

I do not understand why you insist on putting this in master.cf.
If you had put this in main.cf it would already have worked.

Wietse

aleph de

unread,
May 18, 2015, 2:56:04 PM5/18/15
to


> Sent: Monday, May 18, 2015 at 6:45 PM
> From: "Wietse Venema" <wie...@porcupine.org>
> To: "Postfix users" <postfi...@postfix.org>
> Subject: Re: using a simpler form than transport_maps for forwarding mail -- what and where in main.cf does it go?
And I don't understand what's so hard about providing a clear answer/example for someone obviously so experienced in this.

I'm not "inisting" on anything. I'm asking questions that arise from doing my homework, working through 100s of pages of documentation, trying to actually understand what piece does what and when, and putting it into practice one step at a time.

May come as a surprise, but that's not the easiest thing in the world for someone newish to this application.

Personally I think it's generally silly advice to just "hope for the best" and make assumptions about how stuff works.

Wietse Venema

unread,
May 18, 2015, 4:08:51 PM5/18/15
to
aleph de:
> > > relayTEST ... smtp
> > > -o transport_maps=static:relayTEST:[10.2.0.17]:10015
...
> > I do not understand why you insist on putting this in master.cf.
> > If you had put this in main.cf it would already have worked.
>
> And I don't understand what's so hard about providing a clear
> answer/example for someone obviously so experienced in this.

I posted a reply with a CLEAR EXAMPLE that has the transport_maps
setting in MAIN.cf. But you knew better, and chose to put it in
MASTER.cf instead. You have demonstrated that you cannot implement
even a simple one-line configuration change.

Over and out.

Wietse

alep...@gmx.com

unread,
May 18, 2015, 4:17:58 PM5/18/15
to
> I posted a reply with a CLEAR EXAMPLE

Well, since you PUT IT IN ALL CAPS that *must* it was clear.

> that has the transport_maps
> setting in MAIN.cf. But you knew better, and chose to put it in
> MASTER.cf instead. You have demonstrated that you cannot implement
> even a simple one-line configuration change.

Hehe. Yeah, *I'M* the problem. Hint: take a read through some of your posting history here. Look for patterns. Oops, I mean PATTERNS.

> Over and out.

Amen to that.

Your reputation is well deserved.

Viktor Dukhovni

unread,
May 19, 2015, 7:32:20 PM5/19/15
to
On Mon, May 18, 2015 at 03:44:23PM +0200, aleph de wrote:

> cat ./master.cf [sic, really main.cf]
> ...
> - transport_maps = lmdb:/etc/postfix/transport
> + #transport_maps = lmdb:/etc/postfix/transport
> ...
>
> cat ./main.cf [sic, really master.cf]
> ...
> smtpd pass - - n - - smtpd
> + -o relay_transport=relayTEST:[10.2.0.17]:10015
> relayTEST unix - - n - - smtp


You can't specify relay_transport via smtpd(8) master.cf overrides.
That's because this parameter is not used by smtpd(8) directly.
It is instead used by the trivial-rewrite(8) service, which performs
transport resolution on behalf of smtpd(8) and qmgr(8). This is
important, because inconsistent resolution would be rather a problem.

Thus relay_transport is fundamentally a global setting. It can't be
configured per listen endpoint unless you use multiple Postfix
instances, each with their main.cf files, queue-diretories, ...

--
Viktor.

0 new messages