Re: How to send mail to mailbox with disabled domain?
Thanks for all the replies. I didn't have time to reply earlier. I went with my first proposed solution. Everything else is simply too much hazzle. You would have to set this for every single exception/address/user and so on and you cannot be sure that it doesn't bite you some time later with a tiny problem you didn't imagine at that time. For instance with domain affiliation of users. Yes, this is a Postfix problem. I just thought first it belongs more to Dovecot because it is Dovecot's lmtp that does the final mailbox delivery. I changed the SQL code a few times and tried to convince Postfix to deliver to virtual users without a domain, but it didn't work. As soon as I remove the domain or have an account name like user@whatever Postfix uses user@$myorigin (even completely removing the whatever stub) and this might have created a problem differentiating users (for instance for domain quota). It only delivers to mailboxes without a domain that are transport "local". And I wanted to keep that domain "local", anyway. I setup a stub dummy zone of "mail.localdomain" in Unbound which works as a wildcard and setup a fitting domain for that client. This works just like a normal domain. I can now reuse this wildcard for any more I might need it for. Kai
Re: How to send mail to mailbox with disabled domain?
If you want to accept delivery for one address only and reject all other adresses in the domain, you can do this with postfix's access table: http://www.postfix.org/access.5.html A hint to transport tables: us...@example1.com lmtp:$HOW_TO_REACH_THE_MX us...@example1.com lmtp:[$HOW_TO_REACH_THE_MX] If you enclose the mx in [] postfix will just take the value as is and not force any MX lookups. Last but not least you could configure mail routing by sender if necessary: http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps Best regards, Gerald > Am 12.09.2018 um 10:58 schrieb Jochen Bern : > > On 09/11/2018 08:20 PM, Kai Schaetzl wrote: >> I have to disable mail acceptance for example1.com. >> If not, mail sent *from* that server (e.g. from a web form) to that domain >> will not leave the server. >> However, if I disable example1.com for mail dovecot lmtp will not deliver >> mail to this mail box anymore, although the mailbox still exists. > > First and foremost, you are describing a major routing problem *for the > MTA*. You want it to do local delivery (via LMTP) for > us...@example1.com, but forward mail addressed to foo...@example1.com to > that domain's current MX. Since MTAs usually(!) decide that based on the > *domain*, you have a need for some off-the-textbook tweaking right > there. And the config to make *dovecot* work as needed would need to > pick up from there. > > If we're talking postfix, my first idea would be to make example1.com a > virtual alias domain and set up a transport table with entries > us...@example1.com local: > # ... etc. etc. ... > example1.comsmtp:$HOW_TO_REACH_THE_MX > (with $HOW_TO_REACH_THE_MX being anything from "use the official MX from > DNS" to "contact this internal IP on this port, *without* DNS lookups", > whichever your (internal?) networking necessitates). > > http://www.postfix.org/transport.5.html > > With a bit of luck, that might already "contain" the weirdness to the > point that neither the MX nor dovecot need config hacks. > > Regards, > -- > Jochen Bern > Systemingenieur > > www.binect.de > www.facebook.de/binect >
Re: How to send mail to mailbox with disabled domain?
On 09/11/2018 08:20 PM, Kai Schaetzl wrote: > I have to disable mail acceptance for example1.com. > If not, mail sent *from* that server (e.g. from a web form) to that domain > will not leave the server. > However, if I disable example1.com for mail dovecot lmtp will not deliver > mail to this mail box anymore, although the mailbox still exists. First and foremost, you are describing a major routing problem *for the MTA*. You want it to do local delivery (via LMTP) for us...@example1.com, but forward mail addressed to foo...@example1.com to that domain's current MX. Since MTAs usually(!) decide that based on the *domain*, you have a need for some off-the-textbook tweaking right there. And the config to make *dovecot* work as needed would need to pick up from there. If we're talking postfix, my first idea would be to make example1.com a virtual alias domain and set up a transport table with entries us...@example1.com local: # ... etc. etc. ... example1.comsmtp:$HOW_TO_REACH_THE_MX (with $HOW_TO_REACH_THE_MX being anything from "use the official MX from DNS" to "contact this internal IP on this port, *without* DNS lookups", whichever your (internal?) networking necessitates). http://www.postfix.org/transport.5.html With a bit of luck, that might already "contain" the weirdness to the point that neither the MX nor dovecot need config hacks. Regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect smime.p7s Description: S/MIME Cryptographic Signature
Re: How to send mail to mailbox with disabled domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 11 Sep 2018, Kai Schaetzl wrote: Gerald Galster wrote on Tue, 11 Sep 2018 20:49:17 +0200: Is this a dovecot problem on your side? dovecot usually accepts mail from MTA like postfix, so it would be better to remove example1.com from postfix relaydomains (mailbox domains, alias domains, ...). Then there is no delivery to dovecot. Most MTAs ignore MX records - if a domain is configured locally, it gets delivered. Thanks for your reply. I don't want the MTA to deliver that domain. As an email address. But I want to deliver to the virtual mailbox of that name. That's the point. I make a distinction. lmtp doesn't ;-) I don't want some.addr...@example1.com getting delivered. But I want some.otheraddr...@example2.com getting delivered. Which just happens to be aliased to the mailbox "us...@example1.com". And example1.com is disabled for mail. "aliased to" seems to be a job for the MTA, hence, it will never deliver to Dovecot, if the domain is disabled there. I used to have mailbox names of "user1" (system accounts), not of "us...@example1.com" (virtual mailboxes). There doesn't seem to be a way to have virtual mailbox names like "user1". Not a problem - until you remove the mailbox domain from the accepted domains. Then it suddenly doesn't deliver although it's not getting used as an email address. Delivery is done via postfix/lmtp which actually is dovecot lmtp if I understand correctly. And lmtp resolves "everything". I can't deliver to a virtual mailbox named only "user1" it seems (I tried it some months ago and hit several weird problems, so I stopped that). I have to use a "user@domain" combination mailbox and the domain has to be in the local- host-names table or postfix/lmtp won't understand it's local. But then it will try to file all mail for this domain locally and it will also accept mail for this domain from outside. You can configure multiple userdb's in Dovecot. Also, a userdb of LDAP or SQL can use %u, %n and %d. Hence, you can configure Dovecot to "find" the user by "user1" and "us...@example1.com". However, you must ensure that only one entry is found. However, can you configure Postfix to pass one kind of users without domain and the other kind with domain? So far I came up with two ways to work around this problem: 1. use another domain for example1.com mailbox names (for instance example1.localmail) and put everything in place that it resolves locally and is in the local-host-names table. It works, I tested it. But this requires changing all the already created mailbox names. And change the code behind the web interface. This depends on the userdb. You can use the dummy domain as key and return specific mail locations. 2. set example1.com to be deliverable again and don't setup any addresses (aliases) for this domain. As the mailboxes are not directly deliverable to, only if they are aliased, there is no way to send to this domain from outside. And I have to put up a few aliases for it that forward mail externally to some subdomain that isn't locally configured. Or just have it sent right-away this way. Both things are not the real deal, though. Kai - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW5ijTMQnQQNheMxiAQKBOQgAtxitoGR1lHLIEGi7WANWDa/N7QbrRypt LVel1D6xrbEyDZva8eRiapuf9O0LRpjEdOCPLkxQZPu45a/kzL7/ohcYnYsP7zW+ 7Xt0zKArFvQ/NS+7wrYL6gh/mYQwtpF53/R1jnOG6qvR1T6MZtvDfcTl8FTWftG5 WVdafzUka20caxicRHX/zLSYhpOBpycCoUezEm3msXb1RrTywat8qiagFhS2Ui5q teHwwQQUPDCizhkoLi1rOrgn715oNQKI+5YkTMVgmrCygYCsURRN5M0p6uyOzJAp GNYFGjbgbWqCtrYXPkac5/y9PCuhPQn/yUHVIraLjzGd/1OL8wyK/Q== =Z5Mu -END PGP SIGNATURE-
Re: How to send mail to mailbox with disabled domain?
Gerald Galster wrote on Tue, 11 Sep 2018 20:49:17 +0200: > Is this a dovecot problem on your side? dovecot usually accepts mail > from MTA like postfix, so it would be better to remove example1.com from > postfix relaydomains (mailbox domains, alias domains, ...). Then there > is no delivery to dovecot. Most MTAs ignore MX records - if a domain is > configured locally, it gets delivered. Thanks for your reply. I don't want the MTA to deliver that domain. As an email address. But I want to deliver to the virtual mailbox of that name. That's the point. I make a distinction. lmtp doesn't ;-) I don't want some.addr...@example1.com getting delivered. But I want some.otheraddr...@example2.com getting delivered. Which just happens to be aliased to the mailbox "us...@example1.com". And example1.com is disabled for mail. I used to have mailbox names of "user1" (system accounts), not of "us...@example1.com" (virtual mailboxes). There doesn't seem to be a way to have virtual mailbox names like "user1". Not a problem - until you remove the mailbox domain from the accepted domains. Then it suddenly doesn't deliver although it's not getting used as an email address. Delivery is done via postfix/lmtp which actually is dovecot lmtp if I understand correctly. And lmtp resolves "everything". I can't deliver to a virtual mailbox named only "user1" it seems (I tried it some months ago and hit several weird problems, so I stopped that). I have to use a "user@domain" combination mailbox and the domain has to be in the local- host-names table or postfix/lmtp won't understand it's local. But then it will try to file all mail for this domain locally and it will also accept mail for this domain from outside. So far I came up with two ways to work around this problem: 1. use another domain for example1.com mailbox names (for instance example1.localmail) and put everything in place that it resolves locally and is in the local-host-names table. It works, I tested it. But this requires changing all the already created mailbox names. And change the code behind the web interface. 2. set example1.com to be deliverable again and don't setup any addresses (aliases) for this domain. As the mailboxes are not directly deliverable to, only if they are aliased, there is no way to send to this domain from outside. And I have to put up a few aliases for it that forward mail externally to some subdomain that isn't locally configured. Or just have it sent right-away this way. Both things are not the real deal, though. Kai
Re: How to send mail to mailbox with disabled domain?
Is this a dovecot problem on your side? dovecot usually accepts mail from MTA like postfix, so it would be better to remove example1.com from postfix relaydomains (mailbox domains, alias domains, ...). Then there is no delivery to dovecot. Most MTAs ignore MX records - if a domain is configured locally, it gets delivered. Best regards Gerald > Am 11.09.2018 um 20:20 schrieb Kai Schaetzl : > > Given the following: > > mailboxes: > us...@example1.com > us...@example1.com > us...@example1.com > etc. > > aliases: > whate...@example1.com -> us...@example1.com > whate...@example2.com -> us...@example1.com > whate...@example3.com -> us...@example1.com > > Now the problem: > example1.com MX goes elsewhere (doesn't point to this server anymore). > Domains example2.com and example3.com still point to that server and > should be able to accept mail. > I have to disable mail acceptance for example1.com. > If not, mail sent *from* that server (e.g. from a web form) to that domain > will not leave the server. > However, if I disable example1.com for mail dovecot lmtp will not deliver > mail to this mail box anymore, although the mailbox still exists. > > How can I solve this? Is there a way of solving this, but keeping the > domain example1.com in the name for these mailboxes? > Or is there a way to tell dovecot to ignore domains for mailbox names? > e.g. deliver to "user1"? (All user localparts are unique.) > > Thanks for any hints. > > Kai > >
How to send mail to mailbox with disabled domain?
Given the following: mailboxes: us...@example1.com us...@example1.com us...@example1.com etc. aliases: whate...@example1.com -> us...@example1.com whate...@example2.com -> us...@example1.com whate...@example3.com -> us...@example1.com Now the problem: example1.com MX goes elsewhere (doesn't point to this server anymore). Domains example2.com and example3.com still point to that server and should be able to accept mail. I have to disable mail acceptance for example1.com. If not, mail sent *from* that server (e.g. from a web form) to that domain will not leave the server. However, if I disable example1.com for mail dovecot lmtp will not deliver mail to this mail box anymore, although the mailbox still exists. How can I solve this? Is there a way of solving this, but keeping the domain example1.com in the name for these mailboxes? Or is there a way to tell dovecot to ignore domains for mailbox names? e.g. deliver to "user1"? (All user localparts are unique.) Thanks for any hints. Kai
