[Dovecot] Postfix, MySQL, Dovecot LDA and alias domains
Hi there,
I have a postfix/postfixadmin/mysql/dovecot install that was using 'virtual' for the LDA. I tried the 'dovecot' LDA to enable Sieve but ran into trouble with aliases. With domain "some-domain.com" being an alias to "somedomain.com", mail sent to *@somedomain.com would be delivered to the Maildir fine, but the 'dovecot' LDA tossed "unknown user" for anything sent to *@some-domain.com (the alias to the other domain).
My dovecot.sql:
driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=dovecot password=dovecot user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail, 5000 AS uid, 5000 AS gid, concat('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1' password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home, concat('maildir:/home/vmail/', maildir) as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
The problem is fairly simple: Dovecot isn't being told anything about the 'alias_domain' table that pairs alias domains with actual ones.
So the question is: do I add a second "user_query" in dovecot.sql, or is there an "alias_query" directive, or similar? And does anyone have a query that would point an alias domain to the real maildir?
- Darek
On 2010-06-22 7:06 AM, Darek M wrote:
I have a postfix/postfixadmin/mysql/dovecot install that was using 'virtual' for the LDA. I tried the 'dovecot' LDA to enable Sieve but ran into trouble with aliases. With domain "some-domain.com" being an alias to "somedomain.com", mail sent to *@somedomain.com would be delivered to the Maildir fine, but the 'dovecot' LDA tossed "unknown user" for anything sent to *@some-domain.com (the alias to the other domain).
The MTA is what does recipient validation...
postconf -n output would be helpful...
On Tue, Jun 22, 2010 at 7:08 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
On 2010-06-22 7:06 AM, Darek M wrote:
I have a postfix/postfixadmin/mysql/dovecot install that was using 'virtual' for the LDA. I tried the 'dovecot' LDA to enable Sieve but ran into trouble with aliases. With domain "some-domain.com" being an alias to "somedomain.com", mail sent to *@somedomain.com would be delivered to the Maildir fine, but the 'dovecot' LDA tossed "unknown user" for anything sent to *@some-domain.com (the alias to the other domain).
The MTA is what does recipient validation...
postconf -n output would be helpful...
I reverted back to 'virtual', so replace the "virtual_*" directives at the end with the 3 lines at the very bottom for what my config was when using the 'dovecot' LDA.
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases alternate_config_directories = /etc/postfix-in broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = localhost 1.2.3.4 inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 104857600 mydestination = localhost.$mydomain, localhost myhostname = domain.com mynetworks = 127.0.0.0/8 1.2.3.4/29 mynetworks_style = host newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.5/README_FILES sample_directory = /usr/share/doc/postfix-2.6.5/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_recipient_restrictions = reject_non_fqdn_recipient permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = domain.com smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf
virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf virtual_mailbox_limit = 209715200 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_uid_maps = static:5000
dovecot_destination_recipient_limit = 1 virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf virtual_transport = dovecot
master.cf:
# Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient}
Hello,
you must combine 2 queries (first for real domain, second for aliased domain), see my user_query
SELECT CONCAT('/home/mail/', d.domena, '/', u.uzivatel) AS home, 500 AS uid, 500 AS gid, u.quota AS quota_rule, 'Trash:ignore' AS quota_rule2 FROM uzivatele AS u JOIN domeny AS d ON d.id = u.domeny_id WHERE u.domeny_id = (SELECT a.domeny_id_realna FROM domeny_aliasy AS a JOIN domeny AS d ON d.id = a.domeny_id_alias JOIN domeny AS dd ON dd.id = a .domeny_id_realna WHERE d.domena = '%d' AND d.priznak & 2 = 2 AND d.priznak & 1 = 0 AND dd.priznak & 1 = 0 UNION SELECT id FROM domeny WHERE domena = '%d' AND priznak & 2 = 0 AND p riznak & 1 = 0) AND u.uzivatel = '%n' AND u.priznak & 1 = 0
tables: uzivatele = users domeny = domains domeny_aliasy = domain aliases
colums: domena = domain uzivatel = user domeny_id = domain_id domeny_id_realna = real_domain_id domeny_id_alias = alias_domain_id priznak = bit flags (for domain - disabled, alias, ...., for users - disabled)
2010/6/22 Darek M <fafaforza@gmail.com>:
On Tue, Jun 22, 2010 at 7:08 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
On 2010-06-22 7:06 AM, Darek M wrote:
I have a postfix/postfixadmin/mysql/dovecot install that was using 'virtual' for the LDA. I tried the 'dovecot' LDA to enable Sieve but ran into trouble with aliases. With domain "some-domain.com" being an alias to "somedomain.com", mail sent to *@somedomain.com would be delivered to the Maildir fine, but the 'dovecot' LDA tossed "unknown user" for anything sent to *@some-domain.com (the alias to the other domain).
The MTA is what does recipient validation...
postconf -n output would be helpful...
I reverted back to 'virtual', so replace the "virtual_*" directives at the end with the 3 lines at the very bottom for what my config was when using the 'dovecot' LDA.
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases alternate_config_directories = /etc/postfix-in broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = localhost 1.2.3.4 inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 104857600 mydestination = localhost.$mydomain, localhost myhostname = domain.com mynetworks = 127.0.0.0/8 1.2.3.4/29 mynetworks_style = host newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.5/README_FILES sample_directory = /usr/share/doc/postfix-2.6.5/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_recipient_restrictions = reject_non_fqdn_recipient permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = domain.com smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf
virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf virtual_mailbox_limit = 209715200 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_uid_maps = static:5000
dovecot_destination_recipient_limit = 1 virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf virtual_transport = dovecot
master.cf:
# Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient}
-- Lampa
On 2010-06-22 8:30 AM, Lampa wrote:
Hello,
you must combine 2 queries (first for real domain, second for aliased domain), see my user_query
I sure hope you're wrong about that... I haven't had any dovecot installations where I'm using aliased domains yet, but this sounds ridiculous to me. What if there were 3 aliased domain? 10?
My understanding is alias expansion should happen at the MTA, so when the message is handed to the LDA for delivery, it should be delivering to the final destination, not the original alias.
So, just adding the correct virtual_alias_domain and virtual_alias_maps should be all that is necessary, right?
--
Best regards,
Charles
On Tue, Jun 22, 2010 at 10:38 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
On 2010-06-22 8:30 AM, Lampa wrote:
Hello,
you must combine 2 queries (first for real domain, second for aliased domain), see my user_query
I sure hope you're wrong about that... I haven't had any dovecot installations where I'm using aliased domains yet, but this sounds ridiculous to me. What if there were 3 aliased domain? 10?
The two queries are to handle real domains and alias domains. I have 14 domains now and the single "user_query" in dovecot.sql takes care of all of them.
My understanding is alias expansion should happen at the MTA, so when the message is handed to the LDA for delivery, it should be delivering to the final destination, not the original alias.
So, just adding the correct virtual_alias_domain and virtual_alias_maps should be all that is necessary, right?
The bit of config where I specify the virtual_transport is straight from Dovecot's docs, and virtual_mailbox_domains only returns domain names.
I suppose I could edit this to return a real domain for an alias, but I don't think this would make a difference as dovecot still needs a directory to put a mail in, and none of the 3 lines that Dovecot lists for setting the LDA return a maildir location, except the dovecot.sql query.
Best regards,
Charles
2010/6/22 Charles Marcus <CMarcus@media-brokers.com>:
On 2010-06-22 8:30 AM, Lampa wrote:
Hello,
you must combine 2 queries (first for real domain, second for aliased domain), see my user_query
I sure hope you're wrong about that... I haven't had any dovecot installations where I'm using aliased domains yet, but this sounds ridiculous to me. What if there were 3 aliased domain? 10?
I'm using postfix + dovecot with aliased domains and working.
My understanding is alias expansion should happen at the MTA, so when the message is handed to the LDA for delivery, it should be delivering to the final destination, not the original alias.
It depenends on receive_override_options=no_address_mappings settings
So, just adding the correct virtual_alias_domain and virtual_alias_maps should be all that is necessary, right?
Yes if you are using receive_override_options=no_address_mappings, but if you are using amavis (content filter) you need original mail addresses (http://www.postfix.org/FILTER_README.html#advanced_filter)
MTA check only if mail is acceptable (know recipient for delivery) (postfix)-> content filter (amavis)-> rewrite (postfix) -> dovecot lda
Dovecot LDA don't know where mail should be delivered, so at least user query must be executed
-- Lampa
participants (3)
-
Charles Marcus
-
Darek M
-
Lampa