OK, I set notify_classes = resource, software, 2bounce
I tested with various bad email addresses in various scenarios.
The undeliverable notification always is sent to either:
the user's gmail mailbox.
the postmaster.
Here's how it works:
If localhost config is incorrect, then
postmaster gets the notification.
I fix it.
else
localhost is correctly configured.
Wordpress site sends to an invalid address.
/var/log/mail.log shows successful delivery to gmail.
user's gmail gets the notification, but not postmaster.
If I need to fix it, then
"billable hours"
This is exactly what I want.
Thanks again.
Regards,
Mike Donovan
On 12/14/2011 05:06 PM, Wietse Venema wrote:
> Michael Donovan:
>> Resolved!
>> That did the trick!
>> Thanks.
> Don't forget to set notify_classes as described in my reply, because
> otherwise undeliverable outbound mail may be lost (the notification
> has the null sender address, which does not match your per-sender
> table).
>
> My original reply was incomplete and talked inbound mail. In reality
> all undeliverable mail notification has the null sender address.
>
> By including 2bounce in the notify_classes setting, a copy of
> the undeliverable notification will be sent to postmaster.
>
> You will want to test what happens when you send a mail to a bad
> address from wordpress. It would be bad if the mail would go down
> a blackhole.
>
> Wietse
>
>> A little explanation:
>> This Postfix is for a Debian LAMP server that hosts mainly Wordpress blogs.
>> All of our customers have their mail set up with Google Apps,
>> so we don't need Postfix as an MX for their domains.
>> They all have mail addresses like u...@theirdomain.com rather than
>> u...@gmail.com
>>
>> Each blog runs under a different Linux user account, rather than
>> www-data. (Apache mpm-itk)
>> I don't want Postfix to ever send mail directly, always go through the
>> correct gmail account.
>> Basically, I'm making Postfix act like a multi-user Thunderbird email
>> client.
>>
>> I know there are plugins for Wordpress that can do this directly without
>> involving Postfix,
>> but I am trying to make life easier for my customers. We also have
>> non-Wordpress apps that use php_mail(),
>> and even an ancient perl cgi script that can't talk TLS.
>>
>> For anyone who wants to do this using gmail as the transport, here's
>> what I did on Debian Squeeze.
>>
>> Install Postfix. I chose "Satellite system"
>>
>> Generate the cacert.pem:
>> # cat /usr/lib/ssl/certs/Equifax_Secure_CA.pem>> /etc/postfix/cacert.pem
>> # cat /usr/lib/ssl/certs/Thawte_Premium_Server_CA.pem>>
>> /etc/postfix/cacert.pem
>>
>> I don't think you need the Thawte_Premium one anymore, but it doesn't
>> hurt anything.
>>
>> /etc/postfix/main.cf:
>>
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no
>> biff = no
>> config_directory = /etc/postfix
>> default_transport = error:you can't go there from here
>> html_directory = /usr/share/doc/postfix/html
>> inet_interfaces = loopback-only
>> inet_protocols = ipv4
>> mailbox_command = procmail -a "$EXTENSION"
>> mailbox_size_limit = 0
>> mydestination = $myhostname, localhost.localdomain, localhost
>> myhostname = myhost.mydomain.net
>> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>> myorigin = /etc/mailname
>> readme_directory = /usr/share/doc/postfix
>> recipient_delimiter = +
>> sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>> smtp_sasl_security_options = noanonymous
>> smtp_sender_dependent_authentication = yes
>> smtp_tls_CAfile = /etc/postfix/cacert.pem
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> smtp_use_tls = yes
>> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtpd_use_tls = yes
>>
>> /etc/mailname:
>> myhost.mydomain.net
>>
>> /etc/postfix/sender_transport
>> us...@myhost.mydomain.net??? smtp:[smtp.gmail.com]:587
>> us...@myhost.mydomain.net??? smtp:[smtp.gmail.com]:587
>>
>> /etc/postfix/sasl_passwd
>> us...@myhost.mydomain.net??? gmailus...@somedomain.com:gmailpassword1
>> us...@myhost.mydomain.net??? gmailus...@anotherdomain.org:gmailpassword2
>>
>> Hash the files with postmap:
>> # postmap sender_transport
>> # postmap sasl_passwd
>>
>> Restart:
>> # /etc/init.d/postfix restart
>>
>> user1 and user2 send mail through their respective gmail accounts.
>> user3 is a linux user, but not in the transport list, so any mail he sends
>> gets bounced back to his local mailbox /var/spool/mail/user3
>>
>> Regards,
>> Mike Donovan
>>
>> On 12/14/2011 01:18 PM, Wietse Venema wrote:
>>
>> Michael Donovan:
>>> What I want is for Postfix to NOT send the mail [when the sender
>>>> does not match sender_dependent_relayhost_maps] at all. Instead
>>>> immediately bounce it back to user3 as undeliverable.
>>>> This is easier with sender_dependent_default_transport_maps:
>>> What follows is untested, and may not work if you also have other
>>> transport overrides in place such as transport_maps or relayhost
>>> settings.
>>>
>>> /etc/postfix/main.cf:
>>> ???? default_transport = error:you can't go there from here
>>> ???? sender_dependent_default_transport_maps =
>>> hash:/etc/postfix/sender_relay
>>>
>>> /etc/postfix/sender_relay:
>>> ???? j...@example.com??? smtp:relayhost-for-joe
>>> ???? j...@example.com??? smtp:relayhost-for-jane
>>>
>>> Of course this means that any mail from outside that can't be
>>> delivered will be lost (the notification has a null sender which
>>> won't match your table).
>>>
>>> To avoid loss of bounces you turn on double-bounce notification:
>>>
>>> /etc/postfix/main.cf:
>>> ???? notify_classes = resource, software, 2bounce
>>>
>>> The priority order of Postfix routing is hard-coded (i.e. still to
>>> be made configurable) and the documentation is kind-of obscure.
>>> Read carefully.
>>>
>>> ????Wietse
>>>
>>>
>>>
>>
>> ----- Original Message -----
>> From: Wietse Venema<wie...@porcupine.org>
>> To: Postfix users<postfix-users@postfix.org>
>> Cc:
>> Sent: Wednesday, December 14, 2011 1:18 PM
>> Subject: Re: sender_dependent_relay_maps: what if sender does not match?
>>
>> Michael Donovan:
>>> What I want is for Postfix to NOT send the mail [when the sender
>>> does not match sender_dependent_relayhost_maps] at all. Instead
>>> immediately bounce it back to user3 as undeliverable.
>> This is easier with sender_dependent_default_transport_maps:
>>
>> What follows is untested, and may not work if you also have other
>> transport overrides in place such as transport_maps or relayhost
>> settings.
>>
>> /etc/postfix/main.cf:
>> ? ? default_transport = error:you can't go there from here
>> ? ? sender_dependent_default_transport_maps = hash:/etc/postfix/sender_relay
>>
>> /etc/postfix/sender_relay:
>> ? ? j...@example.com??? smtp:relayhost-for-joe
>> ? ? j...@example.com??? smtp:relayhost-for-jane
>>
>> Of course this means that any mail from outside that can't be
>> delivered will be lost (the notification has a null sender which
>> won't match your table).
>>
>> To avoid loss of bounces you turn on double-bounce notification:
>>
>> /etc/postfix/main.cf:
>> ? ? notify_classes = resource, software, 2bounce
>>
>> The priority order of Postfix routing is hard-coded (i.e. still to
>> be made configurable) and the documentation is kind-of obscure.
>> Read carefully.
>>
>> ??? Wietse
>>
>
