> On Oct 27, 2017, at 9:32 AM, 9acca9 <erdosa...@gmail.com> wrote: > > Recipient address rejected: User unknown in local recipient table > > of course the "user" is not know by postfix or that server, I want postfix > to deliver this mail to zimbra, who knows them.
Remove the recipient domain from "mydestination" and add it to "relay_domains". On a pure relay system, with no local mailboxes main.cf: # Convenience macro indexed = ${default_database_type}:${config_directory}/ mydestination = alias_database = alias_maps = $alias_database local_recipient_maps = local_transport = error:5.1.2 Mailbox unavailable # One or more relayed domains # relay_domains = example.com # If inbound relaying is not always MX based, use a # transport table # # transport_maps = ${indexed}transport # Alternatively, if all inbound domains hit the same relay # Just specify the relay in main.cf: # # relay_transport = relay:[relay.example.com] # Consider mandatory TLS for relay traffic # smtp_tls_policy_maps = ${indexed}tls-policy smtp_tls_loglevel = 1 smtp_tls_security_level = may # Or instead: # # smtp_tls_security_level = dane ## Ensure /etc/resolv.conf has just: nameserver 127.0.0.1 ## And resolver is doing DNSSEC validation, and tracks ## RFC5011 root KSK rollovers reliably. ## See: ## ## https://www.icann.org/news/announcement-2017-09-27-en # # smtp_dns_support_level = dnssec # See http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains # Consider setting entirely empty at the cost of adding each blocked subtree # of DNS twice: "example.com REJECT ..." and ".example.com REJECT ..." # parent_domain_matches_subdomains = smtpd_access_maps transport: example.com relay:[relay.example.com] tls-policy: # Or "secure" if you're comfortable enough with PKI, # or even "dane" or "dane-only" # [relay.example.com] encrypt -- Viktor.