Hi, I have two Postfix mailservers, a stand-alone production server (mail.example.com), and a FreeBSD jail (mailjail.example.com) which acts as a relay for other jails (dbjail.example.com etc) on the same host (bsd.example.com) and forwards administrative mails for local accounts to the production mailserver.
The setup works well for the other jails and for bsd.example.com, such that the output of periodic jobs (e.g. to [email protected]) ends up in a mailbox on mail.example.com. To map local accounts, I use a global pattern (/.+/ [email protected]) referenced in /usr/local/etc/postfix/main.cf (alias_maps = pcre:/usr/local/etc/postfix/aliases_pattern). For local account names, both this pattern and a traditional aliases file deliver the same results: ================================================== # postmap -q "root" hash:/etc/aliases [email protected] # root@mailjail:~ # postmap -q "root" pcre:/usr/local/etc/postfix/aliases_pattern [email protected] ================================================== But when mails are sent to the root user of mailjail.example.com with the aliases_pattern in place, both mailjail.example.com and mail.example.com enter a loop. On mailjail.example.com, the initial message (to [email protected]) is not aliased and sent to [email protected], but is somehow sent locally and bounced. This triggers a message to [email protected] etc: ================================================== Dec 3 13:35:13 mailjail postfix/pickup[91366]: AD17B7587221: uid=0 from=<root> Dec 3 13:35:13 mailjail postfix/cleanup[91372]: AD17B7587221: message-id=<[email protected]> Dec 3 13:35:13 mailjail postfix/qmgr[91367]: AD17B7587221: from=<[email protected]>, size=301, nrcpt=1 (queue active) Dec 3 13:35:13 mailjail postfix/cleanup[91372]: B05367587223: message-id=<[email protected]> Dec 3 13:35:13 mailjail postfix/local[91374]: AD17B7587221: to=<[email protected]>, orig_to=<root>, relay=local, delay=0.02, delays=0.02/0.01/0/0, dsn=2.0.0, status=sent (forwarded as B05367587223) Dec 3 13:35:13 mailjail postfix/qmgr[91367]: B05367587223: from=<[email protected]>, size=438, nrcpt=1 (queue active) Dec 3 13:35:13 mailjail postfix/qmgr[91367]: AD17B7587221: removed Dec 3 13:35:13 mailjail postfix/smtp[91375]: B05367587223: to=<[email protected]>, relay=mail.example.com[2a01:239:295:c900::1]:587, delay=0.22, delays=0/0.02/0.17/0.03, dsn=5.7.1, status=bounced (host mail.example.com[2a01:239:295:c900::1] said: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected] (in reply to RCPT TO command)) ================================================== On mail.example.com, only the bounced messages ([email protected], [email protected] etc) arrive, and are also bounced, because my controlled_envelope_senders only allows messages from addresses like root@[subdomain].example.com for the SASL user: ================================================== 2025-12-03T13:35:13.921432+01:00 mail postfix/submission/smtpd[228787]: NOQUEUE: reject: RCPT from bsd.example.com[2a0a:4cc0:c1:5ba9:b43b:46ff:fe58:9660]: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailjail.example.com> 2025-12-03T13:35:13.942713+01:00 mail postfix/submission/smtpd[228787]: disconnect from bsd.example.com[2a0a:4cc0:c1:5ba9:b43b:46ff:fe58:9660] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=7/9 2025-12-03T13:35:14.001017+01:00 mail postfix/submission/smtpd[228787]: connect from bsd.example.com[159.195.29.106] 2025-12-03T13:35:14.091816+01:00 mail postfix/submission/smtpd[228787]: NOQUEUE: reject: RCPT from bsd.example.com[159.195.29.106]: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailjail.example.com> 2025-12-03T13:35:14.105269+01:00 mail postfix/submission/smtpd[228787]: disconnect from bsd.example.com[159.195.29.106] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=7/9 ================================================== When using the traditional aliases file (which maps only root to [email protected]), the recursive bouncing does not happen, and the first mssage is delivered to the mailbox of [email protected]: ================================================== # mailjail.example.com Dec 3 13:29:26 mailjail postfix/qmgr[90968]: 443157587227: from=<[email protected]>, size=438, nrcpt=1 (queue active) Dec 3 13:29:26 mailjail postfix/qmgr[90968]: 40B067587223: removed Dec 3 13:29:26 mailjail postfix/smtp[91152]: 443157587227: to=<[email protected]>, orig_to=<root>, relay=mail.example.com[217.154.195.8]:587, delay=0.3, delays=0/0.02/0.2/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7CA90800BE) Dec 3 13:29:26 mailjail postfix/qmgr[90968]: 443157587227: removed # mail.example.com 2025-12-03T13:29:26.407503+01:00 mail postfix/submission/smtpd[228705]: connect from bsd.example.com[159.195.29.106] 2025-12-03T13:29:26.510791+01:00 mail postfix/submission/smtpd[228705]: 7CA90800BE: client=bsd.example.com[159.195.29.106], sasl_method=PLAIN, [email protected] 2025-12-03T13:29:26.511711+01:00 mail postsrsd[228708]: srs_forward: <[email protected]> rewritten as <[email protected]> 2025-12-03T13:29:26.511796+01:00 mail postsrsd[228708]: srs_forward: <[email protected]> not rewritten: Valid SRS address for <[email protected]> 2025-12-03T13:29:26.524610+01:00 mail postfix/cleanup[228707]: 7CA90800BE: message-id=<[email protected]> 2025-12-03T13:29:26.573656+01:00 mail postfix/qmgr[195195]: 7CA90800BE: from=<[email protected]>, size=844, nrcpt=1 (queue active) 2025-12-03T13:29:26.573741+01:00 mail postfix/submission/smtpd[228705]: disconnect from bsd.example.com[159.195.29.106] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 2025-12-03T13:29:26.590118+01:00 mail dovecot: lmtp(228711): Connect from local 2025-12-03T13:29:26.593551+01:00 mail dovecot: lmtp([email protected])<228711><9J0mIyYtMGlnfQMAMvUbEA>: msgid=<[email protected]>: saved mail to INBOX 2025-12-03T13:29:26.594031+01:00 mail postfix/lmtp[228710]: 7CA90800BE: to=<[email protected]>, relay=mail.example.com[private/dovecot-lmtp], delay=0.09, delays=0.07/0.01/0.01/0, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> 9J0mIyYtMGlnfQMAMvUbEA Saved) 2025-12-03T13:29:26.594124+01:00 mail dovecot: lmtp(228711): Disconnect from local: Logged out (state=READY) 2025-12-03T13:29:26.594175+01:00 mail postfix/qmgr[195195]: 7CA90800BE: removed ================================================== My question is: Why is the first message from mailjail.example.com handled differently, depending on the alias_map setting? These are my settings for Postfix on mailjail.example.com: ================================================== myhostname = mailjail.example.com mydestination = $myhostname, localhost.localdomain, localhost alias_maps = hash:/etc/aliases relayhost = [mail.example.com]:587 ================================================== On mail.example.com (where the PCRE pattern has always worked well for alias_maps), the setup looks like this (no relayhost, and example.com as a virtual mailbox domain: ================================================== myhostname = mail.example.com mydestination = $myhostname, localhost.localdomain, localhost alias_maps = pcre:/etc/postfix/aliases_pcre virtual_mailbox_domains = example.com virtual_mailbox_maps = hash:/etc/postfix/mailbox_users ================================================== I am grateful for any explanation. - Jan _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
