Explain user@domain format of postfix $virtual_mailbox_maps parameter value

Question

I am trying to setup a mail server using this article. Basically using postfix & dovecot.

I have a test setup which works, but I don't understand some (a lot) of stuff and am trying to rectify that before migrating.

Of the many things, this is the most confusing: I don't understand how the second parameter part of $virtual_mailbox_maps works.

I have the following in main.cf:

virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-users

My /etc/postfix/virtual-mailbox-users looks like

user@domain1.com    user@domain1.com
user@domain2.com    user@domain2.com
etc, etc.

First, where can I find documentation of the second parameter user@domain1.com format, most formats are of the form of a file or directory (as in /a/b/c).

If I replace the second parameter by something else, for example,

user@domain1.com    /tmp/foo

then I can send mail to user@domain1.com, but not from, which leads to:

My second question: Is SMTP using the $virtual_mailbox_maps? (And why, since it already has the email address as the key parameter?). Does dovecot use $virtual_mailbox_maps?

(I have lots more questions, but this may help me unravel some. For example, can I have all mail to user@domain*.com delivered to one of the mail boxes, say user@domain1.com?)

(Excuse the declarative nature of the title, my original started with 'How to' but was rejected.)

---

I did an experiment where I replaced the $virtual_mailbox_maps entry by, for example, user@domain1.com OK, and delivery worked, but sending email failed (with Sender address rejected: not owned by user). So, the right hand side (value) matters. This is what my first question was about. (I have read the various documents describing format, etc., but can find nothing that talks specifically about the interaction with SMTP.

Addendum: Thanks to @masegaloeh for tracking this down. The relevant configuration is as follows, and 'googling' smtpd_sender_login_maps explains the rest.

root@generic:/etc/postfix# postconf -n| grep smtpd_sender
smtpd_sender_login_maps = $virtual_mailbox_maps
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_sender_login_mismatch

Answer 1

When postfix receives incoming email, basically it can be divided into three processes:

1. Receive email by doing SMTP transaction with sender mail server and apply SMTP restrictions, for example: check if recipient exist
2. Store email by sending it into one of delivery agents (dovecot, local, virtual)

Based on two processes above, parameter virtual_mailbox_maps has (at least) two functions:

1. As recipient validation when postfix receiving email so postfix can reject unexisted recipient. This checks was performed when reject_unauth_destination called.
2. The parameter where virtual(8) delivery agent lookup the location of mailbox. Parameter $virtual_mailbox_base is unconditionally prepended to this path, so the absolute path of maildir storage is $virtual_mailbox_base$virtual_mailbox_maps.

The second function only be used if you configured postfix to send email to virtual delivery agent. Based on tutorial you posted above, postfix will use dovecot delivery agent instead virtual.

virtual_transport = dovecot

Because it's dovecot-lda who delivers the email, then virtual_mailbox_maps was unused in this stage (storing email). Instead of postfix configuration, dovecot will use this parameter

mail_location = maildir:/var/mail/vmail/%d/%n/mail:LAYOUT=fs

to determines where to store the email.

---

Where is it documented that the format of the $virtual_mailbox_maps file is "address address" and that the second must match the first in order for SMTP to work (note: This is based on my empirical observations)?

Parameter virtual_mailbox_maps must be consists of one or more lookup tables. . All Postfix lookup tables store information as (key, value) pairs. So that's why the virtual_mailbox_maps file consists of two columns: left side is for key and the right one is for value.

Most Postfix lookup tables are used to look up information. For example, virtual delivery agent uses virtual_mailbox_maps to look up where the path of recipient mailbox. So the right side of your hash table must specify the path.

With some tables, however, Postfix needs to know only if the lookup key exists . Any non-empty lookup result value may be used here: the lookup result is not used. For example, smtpd uses virtual_mailbox_maps to check if recipient was exist.

So actually you can put whatever entry in right side of virtual_mailbox_maps as postfix won't use it. There are no format like "address address" in this case.

---

When I replaced the $virtual_mailbox_maps entry by, for example, user@domain1.com OK, and delivery worked, but sending email failed (with Sender address rejected: not owned by user)

That's because you have this parameter in main.cf

smtpd_sender_restrictions = reject_unknown_sender_domain,
    reject_sender_login_mismatch
smtpd_sender_login_maps = $virtual_mailbox_maps

When you have reject_sender_login_mismatch and smtpd_sender_login_maps on it, postfix will check if your SASL username mapped to the sender provided when you send the email. So the format of smtpd_sender_login_maps = $virtual_mailbox_maps must consists of:

my.real.email@example.com   my.sasl.username@example.com

In your case, my.real.email@example.com = my.sasl.username@example.com, that's why you need to put "address address" in your $virtual_mailbox_maps.

Of course you can provide smtpd_sender_login_maps with different table with virtual_mailbox_maps. But the article author decided unify them. Perhaps the reason is you only need to change one file to adding/removing valid recipient