"virtual_mailbox_domain" vs (virtual) LDAP table "domain"
Douglas Maus
How do the domains specified in "virtual_mailbox_domains" in main.cf
and the "domain" parameter in an LDAP table configuration
differ and interact?
For a virtual w/LDAP mailbox, is one, the other, or both necessary?
To a relative novice reader, the documentation
http://www.postfix.org/postconf.5.html
http://www.postfix.org/ldap_table.5.html
seem to indicate that they both restrict the domain portion of
email addresses that should be accepted.
The examples at http://www.postfix.org/VIRTUAL_README.html and
http://www.postfix.org/LDAP_README.html
don't seem to have the "domain" parameter in the specific configuration
for the virtual or LDAP lookup table, so from the examples,
the "domain" parameter didn't seem obviously necessary.
I wanted to setup a "Postfix virtual mailbox, non-UNIX accounts"
similar to http://www.postfix.org/VIRTUAL_README.html, but with the
slightly different context of being the same domain as my localhost.
(this is using package postfix-2.6.5-ldap.tgz on OpenBSD 4.7 i386)
I read http://www.postfix.org/postconf.5.html
and first put into my main.cf file:
virtual_mailbox_maps = ldap:/etc/postfix/virtual_ldap.cf
virtual_mailbox_domains = example.org
(and virtual_mailbox_base, virtual_xid_maps, ...)
and in /etc/postfix/virtual_ldap.cf:
server_host = localhost
search_base = ou=accounts,dc=example,dc=org
query_filter = (&(objectClass=posixAccount)(uid=%u)
result_attribute = uid
This worked as I expected, accepting mail for an LDAP entry of
jd...@example.org,
but also accepted email for jd...@foreign.org and tried to relay it,
which I obviously don't want at all.
When I added to /etc/postfix/virtual_ldap.cf
domain = example.org
then it restricted to just jd...@example.org,
and denied jd...@foreign.org
now working correctly, and not relaying.
What I'd like to understand is the nuance of what
the main.cf parameter "virtual_mailbox_domains"
really means, and why it didn't restrict the domain
for virtual lookups.
Thanks
mouss
> How do the domains specified in "virtual_mailbox_domains" in main.cf
> and the "domain" parameter in an LDAP table configuration
> differ and interact?
virtual_mailbox_domains is a postfix parameter that staes which domains
are to "virtual mailbox domains", that is:
- postfix accepts to relay to these domains from any client
- address validation uses virtual_mailbox_maps
- the default transport is "virtual"
parameters in the ldap config file are a completely different thing:
they specify how the ldap query should be performed. this doesn't say
anything about how the result will be used (postfix can use ldap for a
lot of different things, that have nothing to do with virtual mailboxes).
> [snip]
>
>
> What I'd like to understand is the nuance of what
> the main.cf parameter "virtual_mailbox_domains"
> really means, and why it didn't restrict the domain
> for virtual lookups.
your last question is unclear. virtual_mailbox_domains doesn't restrict
anything. it specifies the list of domains that are to be delivered via
"virtual" (and by default, postfix will accept mail to these domains
from any client + postfix will use virtual_mailbox_maps to validate
addresses in such domains).
relay control is performed by smtpd_recipient_restrictions. by default:
- postfix accepts relay from mynetworks (permit_mynetworks)
- postfix accepts mail to domains listed in: mydestination,
relay_domains, virtual_mailbox_domains and virtual_alias_domains
- mail to other domains is rejected (reject_unauth_destination)
Please take a look at the welcome message you got when you subscribed.
if you lost it, it talked about reading
http://www.postfix.org/DEBUG_README.html
and in particular:
http://www.postfix.org/DEBUG_README.html#mail
the goal of this isn't to annoy you. the goal is to maximize your
chances of getting help quickly and efficiently; as well as to enhance
the docs.