Re: randmap getting precedence in transport_maps?

Thu, 24 Feb 2022 08:42:37 -0800 

Hi Wietse,
Thanks for your quick answer!

Wietse Venema:

/etc/postfix/local_transport_map

     my.domain ?? :
     .my.domain ? :

(where myhostname = myorigin = virtual_mailbox_domains = my.domain)

Did notice any warnings from Postfix with "do not list domain XXX
in both YYY and ZZZ"?
Not with this configuration. Some time ago I did, but the "do not list" warning message was about not including /mydestination/ in /virtual_mailbox_domains/ if I remember correctly-- very useful by the way. 


   * How do I make sure that incoming mail for locally-managed domains is
     delivered locally, not relayed?

With ":" lookup results in a transport map before the randmap.

The transport map must return ":" for the recipient domain AFTER
canonical and virtual alias mapping. As documented, canonical and
virtual alias mapping happen before transport map lookup.

Have you verified that the recipient domain after canonical and
virtual alias mapping matches the transport map? Does the lookup
return ":"? Postfix logs the recipient domain as "to-<xxx>".
In this case there should be no canonical or virtual alias for the recipient email address. It's a plain mailbox defined in the virtual_mailbox_maps file as "contact@my.domain my.domain/contact/". 

Here is the complete log output of the smtp session:
Feb 24 15:18:37 my.domain postfix/smtpd[4622]: B08949E76C: client=unknown[7.7.7.7] Feb 24 15:18:37 my.domain postfix/cleanup[4627]: B08949E76C: message-id=<9bc3be89-b254-08b4-c00f-3afc30101...@external.com> Feb 24 15:18:37 my.domain postfix/qmgr[4621]: B08949E76C: from=<some...@external.com>, size=2764, nrcpt=1 (queue active) Feb 24 15:18:37 my.domain postfix/smtpd[4622]: disconnect from unknown[7.7.7.7] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Feb 24 15:18:38 my.domain postfix/smtp[4628]: Untrusted TLS connection established to relay2.com[2.2.2.2]:587: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Feb 24 15:18:38 my.domain postfix/smtp[4628]: B08949E76C: to=<contact@my.domain>, relay=relay2.com[2.2.2.2]:587, delay=0.76, delays=0.04/0.01/0.38/0.33, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 29A7484FC6) 
Feb 24 15:18:38 my.domain postfix/qmgr[4621]: B08949E76C: removed
If I'm correct, the contact@my.domain wasn't modified by any alias (as shown by 'to=<'). But this final email address still doesn't match against the "my.domain :" entry in /etc/postfix/local_transport_map, for some reason. 
And so the email gets relayed to relay2.com from the randmap.
I'm running short of ideas as to what I'm doing wrong, so any idea is welcome. 

Nico

Attachment: OpenPGP_0x23459069119D37B6.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to