Akom's Tech Ruminations

Various tech outbursts - code and solutions to practical problems

Postfix satelite mail configuration with special needs Linux

Posted by Admin • Monday, February 15. 2010 • Category: Linux

OK so I have special needs. (Either that or I am just oblivious to a working example of this).

My needs are:
  1. Do not receive inbound mail
  2. Do not deliver mail locally at all
  3. Send all outbound mail through an upstream relay (ISP's smtp)
  4. Qualify local addresses with a valid domain name (ISP's smtp will reject invalid domains)
  5. Map some local addresses to convenient aliases (distribution lists in the real mail system - google apps in this case)


Doesn't seem so hard, right? So I started with the postfix "Satelite System" option in ubuntu installer, and then...

There are several issues. First of all, the system as-is will only process mail to local addresses for real linux user accounts. If you comment out mydestinations, this problem is solved, and it will send everything out. However, /etc/aliases will no longer apply since we're, well, not a destination. Here is where virtual maps come in.

Let's say my real domain is example.com ... My server is at myserver.example.com. All my mail should be qualified with @example.com unless it's a fully qualified email address (recipient and sender). For my needs, I want mail sent to some internal accounts to be sent to an external mailing list system-info@example.com .

  1. Forget your /etc/aliases contents, they no longer do anything
  2. Comment out mydestination
  3. Set myorigin to example.com (eg myorigin = /etc/mailname, and in /etc/mailname you have example.com)
  4. Create /etc/postfix/virtual: (list users you care to alias)
    root@example.com  system-info
    root system-info
    
    nagios@example.com system-info
    nagios system-info
    
    # and so on
    
  5. Add to main.cf : virtual_alias_maps = hash:/etc/postfix/virtual
  6. run: postmap /etc/postfix/virtual (to regenerate the db)
  7. Set Up your relayhost as appropriate if you haven't already
  8. Refresh postfix: service postfix reload (or restart posfix)


Everything should theoretically work now - you can now send mail to address@randomdomain.com, root, root@example.com, system-info, etc. In short, any unqualified address gets @example.com tacked on, and addresses listed in virtual map (root, nagios) get redirected to system-info@example.com. There is no local delivery. Mail for any address not specified in virtual map will be sent out as is, and hopefully your upstream system will deal with it correctly.

Here is my complete main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#AKOM: added this:
virtual_alias_maps = hash:/etc/postfix/virtual


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

#AKOM: optional, defaults to FQDN from dhcp/network settings
#myhostname = myserver.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
# AKOM: commented out:
#mydestination = example.com, myserver.example.com, localhost.example.com, localhost
relayhost = [outgoing.verizon.net]   #my isp's mail server
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only

0 Trackbacks

  1. No Trackbacks

0 Comments

Display comments as (Linear | Threaded)
  1. No comments

Add Comment


You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

What is the primary language of this blog? (Anti-SPAM question)


Submitted comments will be subject to moderation before being displayed.