0

I am trying to recreate a mail-gateway for spam/antivirus-checks on a new debian system (Postfix 2.11.3) coming from an older OpenSuse Installation (Postfix 2.6.5). I tried to test it with "telnet localhost 25". When sending test email to the postmaster adress on the local server, everything works fine, however, if i use an existing adress on one of the mailservers managing the user accounts it returns the error 550 "Recipient address rejected: User unknown in local recipient table".

I built a new configuration trying to adapt it to the version changes. I already rebuilt the transport maps and checked the domains in it so this is probably not the issue.

main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
masquerade_classes = envelope_sender, header_sender, header_recipient

myhostname = spamfilter.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, domain1.tld, domain2.tld, domain3.othertld
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24 10.0.0.0/24 192.111.112.5/32
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

canonical_maps =
virtual_alias_maps =
virtual_alias_domains =
relocated_maps =
sender_canonical_maps =

relay_host = $mydestination

transport_maps = hash:/etc/postfix/transport_maps

smtpd_recipient_restrictions =
#  check_policy_service inet:127.0.0.1:10023
  permit_mynetworks,
  reject_unauth_destination,
  permit_sasl_authenticated,
  reject_invalid_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
  reject_rbl_client cbl.abuseat.org,
  reject_rbl_client sbl-xbl.spamhaus.org,
  reject_rbl_client dul.dnsbl.sorbs.net,
  reject_rbl_client zen.spamhaus.org,
  reject_unverified_recipient,
  permit

message_size_limit = 50000000

smtpd_proxy_filter=localhost:10024
unlulau
  • 15
  • 1
  • 2
  • 5
  • Check if the recipient domain is not added in the local domain list. I hope you are aware that the mail server is checking the local domain list first to deliver the mail. If the domain is found in that list, it will not check for the remote server. – mohemmadAli Jul 22 '16 at 15:14
  • Do you mean mydestination or myhostname? Or something completely different? The recipient domain is only present in mydestination an there is a corresponding entry for the mailserver in transport_maps. – unlulau Jul 22 '16 at 15:25
  • I am assuming that the recipient domain is hosted on another server.. If it is, you should remove the the recipient domain from the "mydestination". As per my knowledge, the mydestination contents only local domains.. – mohemmadAli Jul 22 '16 at 15:57
  • If the recipient domain is also hosted on the same server, you should specify "local_recipient_maps =" . – mohemmadAli Jul 22 '16 at 16:00
  • You are right, the recipient domains are hosted on other servers. The old configuration worked as long as local_recipient_maps was left empty. Bit your proposal is probably the better way to do it. – unlulau Jul 25 '16 at 13:31

1 Answers1

0

As this is a mail gateway, I think you should use the relay_domains parameter:

relay_domains = domain1.tld, domain2.tld, etc

In order to accept only valid users, you need to add a relay_recipient_map parameter as well.

natxo asenjo
  • 5,739
  • 2
  • 26
  • 27