virtual user list in a passwd file (without linux user)
Hi,
I am trying to have a virtual user list in a passwd file (without linux user) but it does not seem to work.
I have been trying to make this work for days reading the dovecot documentation and whatever I could find online...
Note that I did not enable imap since I only use pop3s to retrieve my emails.
I also tried to follow this guide: https://doc.dovecot.org/configuration_manual/howto/simple_virtual_install/
Note that once this works for dovecot, I plan to have postfix use the dovecot auth service to authenticate the virtual users and validate mail boxes.
# cat /proc/version Linux version 6.1.0-17-cloud-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30)
# dovecot version Feb 15 15:57:26 master: Info: Dovecot v2.3.19.1 (9b53102964) starting up for pop3, submission, lmtp
# doveconf -n
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 6.1.0-17-cloud-amd64 x86_64 Debian 12.5
# Hostname: 85e10e78339f
auth_verbose = yes
debug_log_path = /dev/stdout
first_valid_uid = 1000
info_log_path = /dev/stdout
last_valid_uid = 1000
listen = *
log_path = /dev/stdout
login_greeting = greeting.
mail_debug = yes
mail_gid = 1000
mail_home = /srv/vmail/%d/%n
mail_location = maildir:~/mail
mail_uid = 1000
namespace {
inbox = yes
location =
prefix =
separator = /
}
passdb {
args = username_format=%u /path/to/passwd
driver = passwd-file
}
pop3_uidl_format = %g
protocols = pop3 submission lmtp
service auth {
inet_listener {
address = <ip>
port = 12345
}
user = vmail
}
service lmtp {
inet_listener lmtp {
address = <ip>
port = 12344
}
user = vmail
}
service pop3-login {
client_limit = 1000
process_min_avail = 1
service_count = 0
}
service submission-login {
client_limit = 1000
process_min_avail = 1
service_count = 0
}
ssl_cert = The passwd file:
# user:password:uid:gid:(gecos):home:(shell):extra_fields
user1@site1.com{PLAIN}password1::::::
user2@site2.com{PLAIN}password2:::::: This is the log I am getting when trying to create an account with Thunderbird:
Feb 15 15:57:26 master: Info: Dovecot v2.3.19.1 (9b53102964) starting up for pop3, submission, lmtp
Feb 15 17:34:45 pop3-login: Info: Disconnected: Aborted login by logging out (no auth attempts in 0 secs): user=<>, rip=<ip>, lip=<ip>, TLS, session=<cMIeC28RVOImVwz3>
Feb 15 17:35:02 auth: Info: passwd-file(user1@site1.com,<ip>,<AIAjDG8RVuImVwz3>): unknown user
Feb 15 17:35:08 auth: Info: passwd-file(user1@site1.com,<ip>,<AIAjDG8RVuImVwz3>): unknown user
Feb 15 17:35:10 pop3-login: Info: Disconnected: Aborted login by logging out (auth failed, 2 attempts in 8 secs): user=user1@site1.com, method=PLAIN, rip=<ip>, lip=<ip>, TLS, session=<AIAjDG8RVuImVwz3> I tried using doveadm:
# doveadm user user1 userdb lookup: user user1 doesn't exist
field value # doveadm user user1@site1.com userdb lookup: user user1@site1.com doesn't exist
field value I also tried with the verbose on (removed all the 'usually intentional'): # doveadm -Dv user user1@site1.com
Feb 15 17:38:17 doveadm(user1@site1.com)<137><>: Debug: auth-master: userdb lookup(user1@site1.com): Started userdb lookup
Feb 15 17:38:17 doveadm(user1@site1.com)<137><>: Debug: auth-master: conn unix:/run/dovecot/auth-userdb: Connecting
Feb 15 17:38:17 doveadm(user1@site1.com)<137><>: Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=7,uid=0): Client connected (fd=9)
Feb 15 17:38:17 doveadm(user1@site1.com)<137><>: Debug: auth-master: userdb lookup(user1@site1.com): auth USER input:
Feb 15 17:38:17 doveadm(user1@site1.com)<137><>: Debug: auth-master: userdb lookup(user1@site1.com): Userdb lookup failed userdb lookup: user user1@site1.com doesn't exist
Feb 15 17:38:17 Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=7,uid=0): Disconnected: Connection closed (fd=9)
field value I could not find a way to list either the mailboxes or virtual user list that dovecot is using/serving.
Hi Paul,
On 15.02.24 18:55, paul@virtuadv.com wrote:
The passwd file: # user:password:uid:gid:(gecos):home:(shell):extra_fields user1@site1.com{PLAIN}password1:::::: user2@site2.com{PLAIN}password2::::::
on one of my servers:
foo:{plain}bar:5000:5000:::/bin/false:: ---^
Look at the difference: IMHO the colon ':' between username and password field is missing in your file. Maybe that's the reason for this error?
All in all I have the same set-up: Postfix together with Dovecot and both using the accounts in the users-file.
Regards, Markus
Thanks for helping!
Good find, for sure the ':' was missing.
I am surprised dovecot did not complain about the user names with a {plain} in them or that users did not have a password defined in the password file.
Now the query with doveadm works if I specify user1@site1.com.
I am still struggling with how postfix connects to dovecot.
I get these in the log: postfix/smtpd[]: warning: host or service srv_dovecot:12345 not found: Temporary failure in name resolution postfix/smtpd[]: warning: SASL: Connect to Dovecot auth socket 'inet:srv_dovecot:12345' failed: Cannot assign requested address postfix/smtpd[]: fatal: no SASL authentication mechanisms postfix/master[]: warning: process /usr/lib/postfix/sbin/smtpd pid 194 exit status 1 postfix/master[]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
I am not sure why postfix complains that it cannot find srv_dovecot since I can ping it and open a telnet of the IP/Port from where Postfix is running: Tried manually and I can connect to the dovecot SASL port: # telnet srv_dovecot 12345 Trying <IP>... Connected to srv_dovecot. Escape character is '^]'. VERSION 1 2 MECH PLAIN plaintext SPID 2118 CUID 4 COOKIE 7dc4cf7b8765bc594ff0cf051d99e6ee DONE ^] telnet> quit
Another line I am not understanding: postfix_log/error[]: CDC9DA5535: to=postmaster@localdomain, orig_to=<postmaster>, relay=none, delay=139002, delays=139002/0.04/0/0.01, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=localdomain type=MX: Host not found, try again)
It seems the problem was because I am running postfix with chroot so I need to perform this kind of fix: https://serverfault.com/questions/1003885/postfix-in-docker-host-or-domain-n...
After this fix, I am getting other errors, but the SASL errors are gone at least.
Hi Paul,
On 19.02.24 21:05, paul@virtuadv.com wrote:
Now the query with doveadm works if I specify user1@site1.com.
thanks for the feedback and glad to hear that it works. :)
I am still struggling with how postfix connects to dovecot.
As with Dovevot: beside the error logs, please send the output of 'postconf -n' and 'postconf -M'. Otherwise it's nearly impossible to help you.
Kind regards, Markus
Sorry for the delay but after debugging, I realized that Azure was blocking outgoing port 25 on my VM. I had to move my mail server to another hosting server which involved using Apache reverse proxy with mod_md to get the certificates on the new standalone mail server. So, this part works now, and I reverted to trying to make dovecot/postfix work.
I may have to go on therapy after all this, it is draining my morale completely... ;) All these things were so easy a while back using a control panel.
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
default_destination_recipient_limit = 10
inet_interfaces = all
inet_protocols = ipv4
lmtp_sasl_type = dovecot
lmtp_tcp_port = 24
mailbox_size_limit = 100123456
message_size_limit = 50123456
mydestination = mail.site1.com, mail.site2.com, $myhostname, localhost.$mydomain, localhost
mydomain = mail.site1.com
myhostname = mail.site1.com
mynetworks_style = host
myorigin = $mydomain
notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software
readme_directory = no
relay_domains =
relayhost =
smtp_sasl_security_options = noanonymous
smtp_tls_chain_files = /etc/apache2/md-ssl/domains/mail.site1.com/privkey.pem, /etc/apache2/md-ssl/domains/mail.site1.com/pubcert.pem
smtp_tls_security_level = may
smtpd_banner = mail.site1.com ESMTP
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_recipient_limit = 10
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = inet:srv_dovecot:12345
smtpd_sasl_security_options = noplaintext, noanonymous, nodictionary
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_tls_auth_only = yes
smtpd_tls_chain_files = /etc/apache2/md-ssl/domains/mail.site1.com/privkey.pem, /etc/apache2/md-ssl/domains/mail.site1.com/pubcert.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
smtpd_tls_security_level = may
syslog_name = srv/postfix
tls_server_sni_maps = texthash:/etc/postfix/domain_ssl_map
virtual_alias_maps = texthash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/web_sites
virtual_mailbox_domains = site2.com site1.com
virtual_mailbox_maps = texthash:/etc/postfix/virtual_mail_boxes
virtual_minimum_uid = 100
virtual_transport = lmtp:inet:srv_dovecot:12344
virtual_uid_maps = static:5000
postconf -M
smtp inet n - y - - smtpd -v
submission inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes
submissions inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp -o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
I tried some of the doveadm examples but got errors:
doveadm mailbox list
Fatal: USER environment is missing and -u option not used
doveadm mailbox status
Fatal: USER environment is missing and -u option not used
doveadm mailbox status -u *
Fatal: Unknown status field: boot
doveadm mailbox status -A
doveadm mailbox status [-u <user>|-A] [-S
Sending an email from gmail to site1, I do receive it. When I try to send an email from site1 to site2, the email works and I see the SASL authentication being performed in the log.
But when I try to send an email to yahoo/gmail, in the log, I see that the email gets rejected even before performing the SASL authentication: postfix/smtpd[86594]: connect from unknown[myIP] postfix/smtpd[86594]: NOQUEUE: reject: RCPT from unknown[myIP]: 554 5.7.1 an_email@yahoo.com: Relay access denied; from=an_email@site1.com to=an_email@yahoo.com proto=ESMTP helo=<[192.168....]>
I tried adding 192.168... to mynetwork just for a test since I don't think this is a good idea but I got this anyway: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mynetwork=127.0.0.0/8 192.168.1.0/8
My last post does not appear after a few days so I will post it again in several posts in case it was too big?
Sorry for the delay but after debugging, I realized that Azure was blocking outgoing port 25 on my VM. I had to move my mail server to another hosting server which involved using Apache reverse proxy with mod_md to get the certificates on the new standalone mail server. So, this part works now, and I reverted to trying to make dovecot/postfix work.
I may have to go on therapy after all this, it is draining my morale completely... ;) All these things were so easy a while back using a control panel.
Here is the output of postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
default_destination_recipient_limit = 10
inet_interfaces = all
inet_protocols = ipv4
lmtp_sasl_type = dovecot
lmtp_tcp_port = 24
mailbox_size_limit = 100123456
message_size_limit = 50123456
mydestination = mail.site1.com, mail.site2.com, $myhostname, localhost.$mydomain, localhost
mydomain = mail.site1.com
myhostname = mail.site1.com
mynetworks_style = host
myorigin = $mydomain
notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software
readme_directory = no
relay_domains =
relayhost =
smtp_sasl_security_options = noanonymous
smtp_tls_chain_files = /etc/apache2/md-ssl/domains/mail.site1.com/privkey.pem, /etc/apache2/md-ssl/domains/mail.site1.com/pubcert.pem
smtp_tls_security_level = may
smtpd_banner = mail.site1.com ESMTP
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_recipient_limit = 10
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = inet:srv_dovecot:12345
smtpd_sasl_security_options = noplaintext, noanonymous, nodictionary
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_tls_auth_only = yes
smtpd_tls_chain_files = /etc/apache2/md-ssl/domains/mail.site1.com/privkey.pem, /etc/apache2/md-ssl/domains/mail.site1.com/pubcert.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3
smtpd_tls_security_level = may
syslog_name = srv/postfix
tls_server_sni_maps = texthash:/etc/postfix/domain_ssl_map
virtual_alias_maps = texthash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/web_sites
virtual_mailbox_domains = site2.com site1.com
virtual_mailbox_maps = texthash:/etc/postfix/virtual_mail_boxes
virtual_minimum_uid = 100
virtual_transport = lmtp:inet:srv_dovecot:12344
virtual_uid_maps = static:5000
Here is the output of postconf -M
smtp inet n - y - - smtpd -v
submission inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes
submissions inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp -o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
I tried some of the doveadm examples but got errors:
doveadm mailbox list
Fatal: USER environment is missing and -u option not used
doveadm mailbox status
Fatal: USER environment is missing and -u option not used
doveadm mailbox status -u *
Fatal: Unknown status field: boot
doveadm mailbox status -A
doveadm mailbox status [-u <user>|-A] [-S
Sending an email from gmail to site1, I do receive it. When I try to send an email from site1 to site2, the email works and I see the SASL authentication being performed in the log.
But when I try to send an email to yahoo/gmail, in the log, I see that the email gets rejected even before performing the SASL authentication: postfix/smtpd[86594]: connect from unknown[myIP] postfix/smtpd[86594]: NOQUEUE: reject: RCPT from unknown[myIP]: 554 5.7.1 an_email@yahoo.com: Relay access denied; from=an_email@site1.com to=an_email@yahoo.com proto=ESMTP helo=<[192.168....]>
I tried adding 192.168... to mynetwork just for a test since I don't think this is a good idea but I got this anyway: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mynetwork=127.0.0.0/8 192.168.1.0/8
It took me a while to understand that smtpd parameters affect both incoming and outgoing mail, and in my case, they need to be different. I needed to override the parameters from main.cf.
In case someone is having similar issues, I was able to fix my in/out mails by changing the following in master.cf:
# port 25 incoming mail from other servers
smtp inet n - y - - smtpd -v
-o smtpd_relay_restrictions=defer_unauth_destination
-o smtpd_recipient_restrictions=permit_auth_destination,reject
# port 587 outgoing mail from thunderbird client
submission inet n - y - - smtpd -v
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated
-o smtpd_helo_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_sasl_authenticated
Now I am trying to get postfix/dovecot to get my internal mail from/to postmaster & root. Right now I have this in my file 'aliases':
postmaster: root
Hi Paul,
thanks for the information last week and today. I was/am quite busy and couldn't reply earlier.
On 21.03.24 16:04, paul@virtuadv.com wrote:
It took me a while to understand that smtpd parameters affect both incoming and outgoing mail, and in my case, they need to be different. I needed to override the parameters from main.cf.
In case someone is having similar issues, I was able to fix my in/out mails by changing the following in master.cf:
# port 25 incoming mail from other servers smtp inet n - y - - smtpd -v -o smtpd_relay_restrictions=defer_unauth_destination -o smtpd_recipient_restrictions=permit_auth_destination,reject # port 587 outgoing mail from thunderbird client submission inet n - y - - smtpd -v -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated -o smtpd_helo_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated
just in case you're interested in, here's a snippet of my master.cf:
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd
[...]
################################################################################## ### ### STARTTLS, port 587 ### submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o broken_sasl_auth_clients=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
################################################################################## ### ### SMTPS, port 465 ### smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o broken_sasl_auth_clients=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
[...]
In my case all the restrictions for port 25 are in main.cf. And in general I don't offer client authentication on port 25 but use it only for mail transfer from/to other MTAs.
Two questions:
Did you get your sending problem to yahoo/gmail solved?
What's exactly the problem with this?:
Now I am trying to get postfix/dovecot to get my internal mail from/to postmaster & root. Right now I have this in my file 'aliases':postmaster: root
Your /etc/aliases looks good. Are there any errors while sending/receiving mails to/for these aliases? What does not work and in which cases?
Best regards, Markus
Thanks for your continued help and for sharing your config.
I got the yahoo/gmail solved but my emails go to their spam... I will try to add DKIM and DMARC next to see if it helps. Hotmail is tougher, they refuse my email based on some IP filtering they have for my hosting provider. So, I am trying to add some abuse@siteX.com and postmaster@siteX.com in order to join their SNDS and JMRP as they suggested. Not sure if it will help.
I am trying different ways to create those abuse and postmaster emails for all my web sites with the least amount of email accounts.
I think aliases worked for site1 when I added:
postmaster: postmaster@site1.com
abuse: postmaster@site1.com
But I am having trouble forwarding the other sites to site1 in order to have only one email account for all these. I tried different things and the latest I tried is by adding this in file virtual:
abuse@site2.com abuse
postmaster@site2.com postmaster
abuse@site3.com abuse
postmaster@site3.com postmaster
It seems like it is trying to send to postmaster@mail.site1.com which dovecot does not find, and it discards those emails. Not sure what is the easiest way of doing this.
On 22/03/2024 04:58 EET paul@virtuadv.com wrote:
Thanks for your continued help and for sharing your config.
I got the yahoo/gmail solved but my emails go to their spam... I will try to add DKIM and DMARC next to see if it helps. Hotmail is tougher, they refuse my email based on some IP filtering they have for my hosting provider. So, I am trying to add some abuse@siteX.com and postmaster@siteX.com in order to join their SNDS and JMRP as they suggested. Not sure if it will help.
I am trying different ways to create those abuse and postmaster emails for all my web sites with the least amount of email accounts.
I think aliases worked for site1 when I added:postmaster: postmaster@site1.com abuse: postmaster@site1.comBut I am having trouble forwarding the other sites to site1 in order to have only one email account for all these. I tried different things and the latest I tried is by adding this in file virtual:
abuse@site2.com abuse postmaster@site2.com postmaster abuse@site3.com abuse postmaster@site3.com postmasterIt seems like it is trying to send to postmaster@mail.site1.com which dovecot does not find, and it discards those emails. Not sure what is the easiest way of doing this.
The recommended way to deal with aliases is on the MTA/MX level, not in Dovecot.
Aki
Aki Tuomi via dovecot skrev den 2024-03-22 08:47:
The recommended way to deal with aliases is on the MTA/MX level, not in Dovecot.
would be nice to see lmtp in dovecot can expand virtual_alias tables in postfix config, this will elimate postmaster on dovecot is unknown user, or even root is unknown and possible reject in dovecot quota policy with is check in postfix :/
hope for the better
the OP might dkim sign postmaster with will be invalid when postfix add @ to this address :/
Hi Paul,
On Fri, 22 Mar 2024 at 02:58:00AM -0000, paul@virtuadv.com wrote:
- I got the yahoo/gmail solved but my emails go to their spam... I will try to add DKIM and DMARC next to see if it helps.
yes, and if it not already exists: an SPF record is also helpful.
- I am trying different ways to create those abuse and postmaster emails for all my web sites with the least amount of email accounts. I think aliases worked for site1 when I added:
postmaster: postmaster@site1.com abuse: postmaster@site1.com
Please remember that /etc/aliases (alias_maps) has aliases that apply only for local recipients on the machine itself.
But I am having trouble forwarding the other sites to site1 in order to have only one email account for all these. I tried different things and the latest I tried is by adding this in file virtual:
abuse@site2.com abuse postmaster@site2.com postmaster abuse@site3.com abuse postmaster@site3.com postmasterIt seems like it is trying to send to postmaster@mail.site1.com which dovecot does not find, and it discards those emails. Not sure what is the easiest way of doing this.
Yes, if you only use 'postmaster' in virtual it will expand to this address as you have 'mydomain = mail.site1.com', and so Dovecot cannot find it.
I'd suggest the following, based on your current config:
(1)
Extend your main.cf -> virtual_alias_maps this way:
virtual_alias_maps = hash:/etc/postfix/virtual, pcre:/etc/postfix/virtual_rfc
(BTW, I suggest to use 'hash' instead of 'texthash' you used as with the former Postfix is able to automatically detect changes of these maps and a 'Postfix reload' isn't necessary.)
In virtual_rfc something like this:
/^postmaster@/ postmaster@site1.com /^abuse@/ postmaster@site1.com /^hostmaster@/ postmaster@site1.com /^webmaster@/ postmaster@site1.com
(Hint: in contrast to hashed tables (see above) pcre lookup tables are simple text files, so you have to do a 'Postfix reload' after changing them.)
or
(2)
Alternatively and instead of such a pcre map you could still use:
virtual_alias_maps = hash:/etc/postfix/virtual
and put all these aliases in the virtual file:
abuse@site1.com postmaster@site1.com abuse@site2.com postmaster@site1.com postmaster@site2.com postmaster@site1.com abuse@site3.com postmaster@site1.com postmaster@site3.com postmaster@site1.com abuse@site4.com postmaster@site1.com postmaster@site4.com postmaster@site1.com [...]
--> after editing of course a 'postmap /etc/postfix/virtual'
It depends on the number of domains which option is less expensive.
As this all is mostly MTA/Postfix related and so quite off-topic here maybe it's better to switch to direkt e-mail if we have to look at it further?
Best regards, Markus
Thanks again for your help. It is really appreciated.
Thanks for the reminder, I did implement the SPF part already.
So, I got it to work by following your suggestion (2).
I also changed a few things based on warnings I got in the logs and after more reading:
/etc/aliases
postmaster: root
nobody: root
"root@localhost": root
# redirect all root mails to this:
root: postmaster@site1.com
/etc/postfix/main.cf
# changed the following
myhostname = mail.site1.com
mydomain = site1.com
myorigin = $mydomain
# removed all domains that were already in virtual_mailbox_domains
mydestination = localhost.$mydomain, localhost
virtual_mailbox_domains = site1.com, site2.com, site3.com, mail.site1.com, mail.site3.com, mail.site2.com
Well it is only off-topic when your are an expert at both. In my case, I am not always sure if I have to change something in dovecot or postfix since they work together in my setup.
Now on to DKIM...
Hi Paul,
On 22.03.24 22:38, paul@virtuadv.com wrote:
So, I got it to work by following your suggestion (2).
I'm glad to hear that it works - thank you for the feedback! :)
# removed all domains that were already in virtual_mailbox_domains mydestination = localhost.$mydomain, localhost
That's good because a domain can only be either in mydestination or in virtual_mailbox_domains.
Now on to DKIM...
Good luck and regards :) Markus
participants (4)
-
Aki Tuomi
-
Benny Pedersen
-
Markus Winkler
-
paul@virtuadv.com