On Thu, Mar 16, 2017 at 02:06:37AM +0000, Doug wrote:
> [ Trying this again as I think I sent to the wrong address the first time ]
FWIW, it got through both times.
On Thu, Mar 16, 2017 at 02:01:07AM +0000, Doug wrote:
> I'm on Ubuntu Server 16.04 (up to date) and using the stock postfix package
> (3.10-3).
There is no Postfix 3.10, did you mean 3.1.0-3? Instead of reporting
a vendor version string, it is better to report the output of:
$ postconf -d mail_version
> So according to all the tutorials I've read my assumption is that my next
> step is this in postfix' main.cf:
>
> virtual_transport = lmtp:unix:private/dovecot-lmtp
>
> which I did, and postfix restarts with no errors. But, it seems to avoid
> lmtp altogether, and it delivers straight to my Maildir Inbox every time.
>
> I have since learned that I probably don't want virtual_transport for
> this, but I probably do want local_transport. The problem is that if I
> put in local_transport = lmtp:unix:private/dovecot-lmtp I get a bounce
> every time:
>
> Mar 15 18:01:20 dougbarton postfix/lmtp[11793]: 8BCD38F:
> to=<[email protected]>, relay=dougbarton.us[private/dovecot-lmtp],
> delay=0.03, delays=0.01/0/0/0.01, dsn=5.1.1, status=bounced (host
> dougbarton.us[private/dovecot-lmtp] said: 550 5.1.1 <[email protected]>
> User doesn't exist: [email protected] (in reply to RCPT TO command))
>
> From further reading it seems that I need to add some sort of additional
> mapping, but it's not clear to me what. Adding my virtual_maps file to
> local_recipient_maps didn't work. I also tried 'local_recipient_maps = '
> to see if I could rule out a chroot issue, but that didn't work either.
>
> I've been working on this for two days, and I'm probably missing something
> really obvious, but I would appreciate your assistance. Testing has been
> difficult because the messages bounce hard and I get a lot of mail every
> day.
>
> Here is postconf -n with security-related and boring items removed.
>
> alias_maps = hash:/etc/aliases
> home_mailbox = Maildir/
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
> milter_default_action = accept
> mydestination = $mydomain, localhost.$mydomain, localhost
> mydomain = dougbarton.us
> virtual_maps = hash:/etc/postfix/virtual_addresses
> virtual_transport = lmtp:unix:private/dovecot-lmtp
>
> I'm sorry that this message is so long, but apparently my situation is
> somewhat unusual (I wasn't able to find any similar configurations after
> a lot of searching) and I wasn't sure what to include.
>
> Any help will be greatly appreciated.
I'll make you a deal, fix the TLSA records for your domains to
comply with both RFC7672 and what Postfix supports (as of Postfix
3.2, per RFC7672 PKIX-EE(1) records are treated as "unusable"),
and I'll help you with your LMTP transport problem!
Instead of:
_25._tcp.dougbarton.us. IN TLSA 1 0 2
af2e8ccb230fdac708245e9b63d43ed5f4704bb4d0d23d6be12bfce85bf503cfe114f4ada2196df67e37f2b0769f9647ec9030ef407fc16dea25c8a1aadda82c
Publish a sensible subset of:
_25._tcp.dougbarton.us. IN TLSA 3 1 1
a61dba3a98fdac5103a4995d9b2c2a06d5893de79ed222707345c00ab86a10e6
_25._tcp.dougbarton.us. IN TLSA 3 1 2
58ecab96a3b995ea6f01dcc5abf1eba4499741fc50028bc988602c8634392edf28ad4e10df2c893014f384548ea0dc1c152601ab363b5620dead76a6b8e89f3e
_25._tcp.dougbarton.us. IN TLSA 2 1 1
15bb3ea3e23154d4c70698cd4187d7fd3067c4f0be3962d8c502c4b6a92b01f3
_25._tcp.dougbarton.us. IN TLSA 2 1 2
59110926ac75a748e7fcf68b6baf420f2c7c7fd60824135b436e4e71e13f1f3d489ba4780f59fca779f18e9c604f7bf304c0f4ed69b9c21be271f5ef4e2370ff
I'd recommend the "3 1 1 + 2 1 1" combo, but perhaps "3 1 1" alone,
or all the above better suit your style. See
http://postfix.1071664.n5.nabble.com/WoSign-StartCom-CA-in-the-news-td86436.html#a86444
https://www.ietf.org/mail-archive/web/uta/current/msg01498.html
http://tools.ietf.org/html/rfc7671#section-8.1
http://tools.ietf.org/html/rfc7671#section-8.4
--
Viktor.
