Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
using a simpler form than transport_maps for forwarding mail -- what and where in main.cf does it go?
470 views
Skip to first unread message
aleph de
May 18, 2015, 9:44:49 AM5/18/15
to
I'm working on a 'front-end' Postfix server to receive and relay mail, forwarding it only to one, specific 'back-end' Postfix server.
It works using the following simple configurations
cat ./master.cf
...
local_transport = error:5.1.1 no local delivery
relay_domains = MYDOMAIN1.com MYDOMAIN2.com
relay_recipient_maps =
transport_maps = lmdb:/etc/postfix/transport
...
cat ./transport
MYDOMAIN1.com relayTEST:[10.2.0.17]:10015
MYDOMAIN2.com relayTEST:[10.2.0.17]:10015
cat ./main.cf
smtp inet n - n - 1 postscreen
-o smtpd_tls_security_level=may
smtpd pass - - n - - smtpd
relayTEST unix - - n - - smtp
-o smtpd_tls_loglevel=1
-o smtp_tls_cert_file=/etc/postfix/ssl/relay.crt
-o smtp_tls_key_file=/etc/postfix/ssl/relay.key
Since I will always and only relay to a single server, [10.2.0.17]:10015, for all domains, per-domain ./transport seems unncessary.
I want to use a simpler, general, !per-domain form, and tie it only to the relay-of-inbound-mail process since I'll be adding other, outbound process later.
So reading
http://www.postfix.org/postconf.5.html#relay_transport
relay_transport (default: relay)
The default mail delivery transport and next-hop destination for remote delivery to domains listed with $relay_domains. In order of decreasing precedence, the nexthop destination is taken from $relay_transport, $sender_dependent_relayhost_maps, $relayhost, or from the recipient domain. This information can be overruled with the transport(5) table.
I tried instead
cat ./master.cf
...
- transport_maps = lmdb:/etc/postfix/transport
+ #transport_maps = lmdb:/etc/postfix/transport
...
cat ./main.cf
...
smtpd pass - - n - - smtpd
+ -o relay_transport=relayTEST:[10.2.0.17]:10015
relayTEST unix - - n - - smtp
...
but on mail receipt it now fails with
May 18 05:14:22 yoda postfix/smtpd[20977]: NOQUEUE: reject: RCPT from d.mail.sonic.net[64.142.111.50]: 550 5.1.1 <postm...@MYDOMAIN1.com>: Recipient address rejected: local delivery is disabled; from=<MYN...@sonic.net> to=<postm...@MYDOMAIN1.com> proto=ESMTP helo=<d.mail.sonic.net>
I'm not sure if I'm using the wrong parameter, or the wrong location for it :-/
What's the right parameter & location in main.cf to do this override?
It works using the following simple configurations
cat ./master.cf
...
local_transport = error:5.1.1 no local delivery
relay_domains = MYDOMAIN1.com MYDOMAIN2.com
relay_recipient_maps =
transport_maps = lmdb:/etc/postfix/transport
...
cat ./transport
MYDOMAIN1.com relayTEST:[10.2.0.17]:10015
MYDOMAIN2.com relayTEST:[10.2.0.17]:10015
cat ./main.cf
smtp inet n - n - 1 postscreen
-o smtpd_tls_security_level=may
smtpd pass - - n - - smtpd
relayTEST unix - - n - - smtp
-o smtpd_tls_loglevel=1
-o smtp_tls_cert_file=/etc/postfix/ssl/relay.crt
-o smtp_tls_key_file=/etc/postfix/ssl/relay.key
Since I will always and only relay to a single server, [10.2.0.17]:10015, for all domains, per-domain ./transport seems unncessary.
I want to use a simpler, general, !per-domain form, and tie it only to the relay-of-inbound-mail process since I'll be adding other, outbound process later.
So reading
http://www.postfix.org/postconf.5.html#relay_transport
relay_transport (default: relay)
The default mail delivery transport and next-hop destination for remote delivery to domains listed with $relay_domains. In order of decreasing precedence, the nexthop destination is taken from $relay_transport, $sender_dependent_relayhost_maps, $relayhost, or from the recipient domain. This information can be overruled with the transport(5) table.
I tried instead
cat ./master.cf
...
- transport_maps = lmdb:/etc/postfix/transport
+ #transport_maps = lmdb:/etc/postfix/transport
...
cat ./main.cf
...
smtpd pass - - n - - smtpd
+ -o relay_transport=relayTEST:[10.2.0.17]:10015
relayTEST unix - - n - - smtp
...
but on mail receipt it now fails with
May 18 05:14:22 yoda postfix/smtpd[20977]: NOQUEUE: reject: RCPT from d.mail.sonic.net[64.142.111.50]: 550 5.1.1 <postm...@MYDOMAIN1.com>: Recipient address rejected: local delivery is disabled; from=<MYN...@sonic.net> to=<postm...@MYDOMAIN1.com> proto=ESMTP helo=<d.mail.sonic.net>
I'm not sure if I'm using the wrong parameter, or the wrong location for it :-/
What's the right parameter & location in main.cf to do this override?
Wietse Venema
May 18, 2015, 12:55:31 PM5/18/15
to
aleph de:
transport_maps = static:relay:[10.2.0.17]:10015
> relay_recipient_maps =
That is bad. Your server will accept mail for non-existent users,
and either will throw away email (which may break the law) or it
will be a backscatter source (which may cause your server to
become blacklisted).
Wietse
> Since I will always and only relay to a single server, [10.2.0.17]:10015,
> for all domains, per-domain ./transport seems unncessary.
> for all domains, per-domain ./transport seems unncessary.
...
> local_transport = error:5.1.1 no local delivery
> relay_domains = MYDOMAIN1.com MYDOMAIN2.com
/etc/postfix/main.cf:
> local_transport = error:5.1.1 no local delivery
> relay_domains = MYDOMAIN1.com MYDOMAIN2.com
transport_maps = static:relay:[10.2.0.17]:10015
> relay_recipient_maps =
That is bad. Your server will accept mail for non-existent users,
and either will throw away email (which may break the law) or it
will be a backscatter source (which may cause your server to
become blacklisted).
Wietse
aleph de
May 18, 2015, 1:13:06 PM5/18/15
to
Okay. I thought the _maps would imply an external file. I clearly misunderstood that, and learned about the 'static:' too. Thanks.
What I'd actually intended to ask though is, if I wanted to add the
-o transport_maps=static:relay:[10.2.0.17]:10015
to MASTER.cf, which of the three services' sections would I add this under,
smtp inet n - n - 1 postscreen
relayTEST unix - - n - - smtp
?
IIUC, if it's in main.cf it applies to multiple sections.
> relay_recipient_maps =
>
> That is bad. Your server will accept mail for non-existent users,
> and either will throw away email (which may break the law) or it
> will be a backscatter source (which may cause your server to
> become blacklisted).
My intention is to use automatic recipient validation by having the Postfix at the VPS contact the backend Postfix at the office to check for valid users.
IIUC from reading http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient and other posts, to do that you're supposed to leave blank
relay_recipient_maps =
and then set
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination
But "That is bad" suggests I'm doing this wrong.
Is this the wrong approach to address verification?
What I'd actually intended to ask though is, if I wanted to add the
-o transport_maps=static:relay:[10.2.0.17]:10015
to MASTER.cf, which of the three services' sections would I add this under,
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
&/or
relayTEST unix - - n - - smtp
IIUC, if it's in main.cf it applies to multiple sections.
> relay_recipient_maps =
>
> That is bad. Your server will accept mail for non-existent users,
> and either will throw away email (which may break the law) or it
> will be a backscatter source (which may cause your server to
> become blacklisted).
IIUC from reading http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient and other posts, to do that you're supposed to leave blank
relay_recipient_maps =
and then set
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination
But "That is bad" suggests I'm doing this wrong.
Is this the wrong approach to address verification?
Wietse Venema
May 18, 2015, 1:35:06 PM5/18/15
to
aleph de:
to specify a master.cf service that delivers (not: receives) mail.
> > relay_recipient_maps =
> >
> > That is bad. Your server will accept mail for non-existent users,
> > and either will throw away email (which may break the law) or it
> > will be a backscatter source (which may cause your server to
> > become blacklisted).
>
> My intention is to use automatic recipient validation by having
> the Postfix at the VPS contact the backend Postfix at the office
> to check for valid users.
>
> IIUC from reading
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient and
> other posts, to do that you're supposed to leave blank
That is correct. You are using "reject_unverified_recipient"
to reject mail with an incorrect recipient address.
Wietse
> > /etc/postfix/main.cf:
> > transport_maps = static:relay:[10.2.0.17]:10015
>
> Okay. I thought the _maps would imply an external file. I clearly misunderstood that, and learned about the 'static:' too. Thanks.
>
> What I'd actually intended to ask though is, if I wanted to add the
>
> -o transport_maps=static:relay:[10.2.0.17]:10015
>
> to MASTER.cf, which of the three services' sections would I add this under,
>
> smtp inet n - n - 1 postscreen
> smtpd pass - - n - - smtpd
>
> &/or
>
> relayTEST unix - - n - - smtp
The transport map specifies how to deliver mail. Therefore you need
> > transport_maps = static:relay:[10.2.0.17]:10015
>
> Okay. I thought the _maps would imply an external file. I clearly misunderstood that, and learned about the 'static:' too. Thanks.
>
> What I'd actually intended to ask though is, if I wanted to add the
>
> -o transport_maps=static:relay:[10.2.0.17]:10015
>
> to MASTER.cf, which of the three services' sections would I add this under,
>
> smtp inet n - n - 1 postscreen
> smtpd pass - - n - - smtpd
>
> &/or
>
> relayTEST unix - - n - - smtp
to specify a master.cf service that delivers (not: receives) mail.
> > relay_recipient_maps =
> >
> > That is bad. Your server will accept mail for non-existent users,
> > and either will throw away email (which may break the law) or it
> > will be a backscatter source (which may cause your server to
> > become blacklisted).
>
> My intention is to use automatic recipient validation by having
> the Postfix at the VPS contact the backend Postfix at the office
> to check for valid users.
>
> IIUC from reading
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient and
> other posts, to do that you're supposed to leave blank
to reject mail with an incorrect recipient address.
Wietse
aleph de
May 18, 2015, 1:54:40 PM5/18/15
to
> > What I'd actually intended to ask though is, if I wanted to add the
> >
> > -o transport_maps=static:relay:[10.2.0.17]:10015
> >
> > to MASTER.cf, which of the three services' sections would I add this under,
> >
> > smtp inet n - n - 1 postscreen
> > smtpd pass - - n - - smtpd
> >
> > &/or
> >
> > relayTEST unix - - n - - smtp
>
> The transport map specifies how to deliver mail. Therefore you need
> to specify a master.cf service that delivers (not: receives) mail.
I get the *general* advice
> >
> > -o transport_maps=static:relay:[10.2.0.17]:10015
> >
> > to MASTER.cf, which of the three services' sections would I add this under,
> >
> > smtp inet n - n - 1 postscreen
> > smtpd pass - - n - - smtpd
> >
> > &/or
> >
> > relayTEST unix - - n - - smtp
>
> The transport map specifies how to deliver mail. Therefore you need
> to specify a master.cf service that delivers (not: receives) mail.
But I guess that's the point of my question.
I have 3 services:
(1) smtp ... postscreen
(2) smdpd ... smtpd
(3) relayTEST ... smtp
(1) receives mail AND delivers it to the 'internal' smptd instance, (2)
(2) delivers mail, but only to the instance (3), which forwards the mail on further
(3) is what delivers mail from my VPS to my office.
It doesn't make sensd to add to (2)
smdpd ... smtpd
-o transport_maps=static:relayTEST:[10.2.0.17]:10015
because it's not relaying to 10.2.0.17.
And, it doesn't make sense to add to (3)
relayTEST ... smtp
-o transport_maps=static:relayTEST:[10.2.0.17]:10015
because I have to tell something/somewhere FIRST to use the 'relayTEST' service.
So it seems to me that all three services *deliver* mail.
Which one, though, get's told somehow to use that external, static delivery route?
Wietse Venema
May 18, 2015, 2:14:25 PM5/18/15
to
aleph de:
> (2) delivers mail, but only to the instance (3), which forwards the mail on further
>
> (3) is what delivers mail from my VPS to my office.
Wietse
> "Therefore you need to specify a master.cf service that delivers (not: receives) mail."
>
> But I guess that's the point of my question.
>
> I have 3 services:
>
> (1) smtp ... postscreen
> (2) smdpd ... smtpd
> (3) relayTEST ... smtp
>
> (1) receives mail AND delivers it to the 'internal' smptd instance, (2)
Nope.
>
> But I guess that's the point of my question.
>
> I have 3 services:
>
> (1) smtp ... postscreen
> (2) smdpd ... smtpd
> (3) relayTEST ... smtp
>
> (1) receives mail AND delivers it to the 'internal' smptd instance, (2)
> (2) delivers mail, but only to the instance (3), which forwards the mail on further
>
> (3) is what delivers mail from my VPS to my office.
Wietse Venema
May 18, 2015, 2:23:03 PM5/18/15
to
Wietse Venema:
> > (2) delivers mail, but only to the instance (3), which forwards the mail on further
smtpd receives, but does not deliver, mail.
> > (3) is what delivers mail from my VPS to my office.
This is the only program of the three that delivers mail.
Wietse
> aleph de:
> > "Therefore you need to specify a master.cf service that delivers (not: receives) mail."
> >
> > But I guess that's the point of my question.
> >
> > I have 3 services:
> >
> > (1) smtp ... postscreen
> > (2) smdpd ... smtpd
> > (3) relayTEST ... smtp
> >
> > (1) receives mail AND delivers it to the 'internal' smptd instance, (2)
>
> Nope.
postscreen neither receives nor delivers mail.
> > "Therefore you need to specify a master.cf service that delivers (not: receives) mail."
> >
> > But I guess that's the point of my question.
> >
> > I have 3 services:
> >
> > (1) smtp ... postscreen
> > (2) smdpd ... smtpd
> > (3) relayTEST ... smtp
> >
> > (1) receives mail AND delivers it to the 'internal' smptd instance, (2)
>
> Nope.
> > (2) delivers mail, but only to the instance (3), which forwards the mail on further
> > (3) is what delivers mail from my VPS to my office.
Wietse
aleph de
May 18, 2015, 2:32:25 PM5/18/15
to
> > > (3) relayTEST ... smtp
> > > (3) is what delivers mail from my VPS to my office.
>
> This is the only program of the three that delivers mail.
Since I still don't have an example of what DOES work in this instance, again this
relayTEST ... smtp
-o transport_maps=static:relayTEST:[10.2.0.17]:10015
Telling service relayTEST to use service relayTEST doens't make sense.
Since relayTEST "is the only program of the three that delivers mail" what specifically needs to be configure to
(a) tell postfix to USE relayTEST
AND
(b) tell relayTEST to use the 10.2.0.17:10015 delivery.
> > > (3) is what delivers mail from my VPS to my office.
>
> This is the only program of the three that delivers mail.
relayTEST ... smtp
-o transport_maps=static:relayTEST:[10.2.0.17]:10015
Since relayTEST "is the only program of the three that delivers mail" what specifically needs to be configure to
(a) tell postfix to USE relayTEST
AND
(b) tell relayTEST to use the 10.2.0.17:10015 delivery.
Wietse Venema
May 18, 2015, 2:46:13 PM5/18/15
to
aleph de:
however, documented as a qmgr(8) feature.
I do not understand why you insist on putting this in master.cf.
If you had put this in main.cf it would already have worked.
Wietse
> > > > (3) relayTEST ... smtp
>
> > > > (3) is what delivers mail from my VPS to my office.
> >
> > This is the only program of the three that delivers mail.
>
> Since I still don't have an example of what DOES work in this
> instance, again this
>
> relayTEST ... smtp
> -o transport_maps=static:relayTEST:[10.2.0.17]:10015
transport_maps is not documented as an smtp(8) feature. If is,
>
> > > > (3) is what delivers mail from my VPS to my office.
> >
> > This is the only program of the three that delivers mail.
>
> Since I still don't have an example of what DOES work in this
> instance, again this
>
> relayTEST ... smtp
> -o transport_maps=static:relayTEST:[10.2.0.17]:10015
however, documented as a qmgr(8) feature.
I do not understand why you insist on putting this in master.cf.
If you had put this in main.cf it would already have worked.
Wietse
aleph de
May 18, 2015, 2:56:04 PM5/18/15
to
> Sent: Monday, May 18, 2015 at 6:45 PM
> From: "Wietse Venema" <wie...@porcupine.org>
> To: "Postfix users" <postfi...@postfix.org>
> Subject: Re: using a simpler form than transport_maps for forwarding mail -- what and where in main.cf does it go?
I'm not "inisting" on anything. I'm asking questions that arise from doing my homework, working through 100s of pages of documentation, trying to actually understand what piece does what and when, and putting it into practice one step at a time.
May come as a surprise, but that's not the easiest thing in the world for someone newish to this application.
Personally I think it's generally silly advice to just "hope for the best" and make assumptions about how stuff works.
Wietse Venema
May 18, 2015, 4:08:51 PM5/18/15
to
aleph de:
setting in MAIN.cf. But you knew better, and chose to put it in
MASTER.cf instead. You have demonstrated that you cannot implement
even a simple one-line configuration change.
Over and out.
Wietse
> > > relayTEST ... smtp
> > > -o transport_maps=static:relayTEST:[10.2.0.17]:10015
...
> > > -o transport_maps=static:relayTEST:[10.2.0.17]:10015
> > I do not understand why you insist on putting this in master.cf.
> > If you had put this in main.cf it would already have worked.
>
> > If you had put this in main.cf it would already have worked.
>
> And I don't understand what's so hard about providing a clear
> answer/example for someone obviously so experienced in this.
I posted a reply with a CLEAR EXAMPLE that has the transport_maps
> answer/example for someone obviously so experienced in this.
setting in MAIN.cf. But you knew better, and chose to put it in
MASTER.cf instead. You have demonstrated that you cannot implement
even a simple one-line configuration change.
Over and out.
Wietse
alep...@gmx.com
May 18, 2015, 4:17:58 PM5/18/15
to
> I posted a reply with a CLEAR EXAMPLE
Well, since you PUT IT IN ALL CAPS that *must* it was clear.
> that has the transport_maps
> setting in MAIN.cf. But you knew better, and chose to put it in
> MASTER.cf instead. You have demonstrated that you cannot implement
> even a simple one-line configuration change.
> Over and out.
Amen to that.
Your reputation is well deserved.
Viktor Dukhovni
May 19, 2015, 7:32:20 PM5/19/15
to
On Mon, May 18, 2015 at 03:44:23PM +0200, aleph de wrote:
> cat ./master.cf [sic, really main.cf]
> ...
That's because this parameter is not used by smtpd(8) directly.
It is instead used by the trivial-rewrite(8) service, which performs
transport resolution on behalf of smtpd(8) and qmgr(8). This is
important, because inconsistent resolution would be rather a problem.
Thus relay_transport is fundamentally a global setting. It can't be
configured per listen endpoint unless you use multiple Postfix
instances, each with their main.cf files, queue-diretories, ...
--
Viktor.
> cat ./master.cf [sic, really main.cf]
> ...
> - transport_maps = lmdb:/etc/postfix/transport
> + #transport_maps = lmdb:/etc/postfix/transport
> ...
>
> cat ./main.cf [sic, really master.cf]
> - transport_maps = lmdb:/etc/postfix/transport
> + #transport_maps = lmdb:/etc/postfix/transport
> ...
>
> ...
> smtpd pass - - n - - smtpd
> + -o relay_transport=relayTEST:[10.2.0.17]:10015
> relayTEST unix - - n - - smtp
You can't specify relay_transport via smtpd(8) master.cf overrides.
That's because this parameter is not used by smtpd(8) directly.
It is instead used by the trivial-rewrite(8) service, which performs
transport resolution on behalf of smtpd(8) and qmgr(8). This is
important, because inconsistent resolution would be rather a problem.
Thus relay_transport is fundamentally a global setting. It can't be
configured per listen endpoint unless you use multiple Postfix
instances, each with their main.cf files, queue-diretories, ...
--
Viktor.
0 new messages