| Main Archive Page > Month Archives > postfix-users archives |
Re: Mail to root user on gateway behind security appliance
From: mouss <mouss_at_nospam>Date: Sat Nov 20 2010 - 14:18:44 GMT
To: postfix-users@postfix.org
Le 19/11/2010 21:14, Stan Hoeppner a écrit :
>
>
>> Why is Postfix ignoring the alias entry for root?
First, /etc/aliases only applies to "local" domains. but OP has
mydestination =
local_transport = error:local mail delivery is disabled
Second, non fqdn addresses get "fixed" by postfix. In particular, OP has
# postconf myorigin
myorigin = $myhostname
# postconf myhostname
myhostname = mail.example.org
so mail for <root> goes to <root@mail.example.org>
>> I have run newaliases and restarted postfix and I can see that the
>> aliases.db has been updated.
>
> This is really hard to say without seeing the actual contents of
> /etc/aliases, /usr/bin/newaliases.postfix, and
> /etc/postfix/relay_recipients, and unobfuscated log entries.
>
OP has (at least) two options:
Option 1)
deliver mail for root to a remote account (joe@example.net). This is
achieved by adding the following entry to virtual_alias_maps:
root@mail.example.org joe@example.net
This way, mail for <root> will get sent to <joe@example.net>
Option 2)
deliver such mail to a local account.
for this, OP needs to remove his local_transport setting and set
mydestination = localhost.example.com
and keep
relay_domains =
and the virtual alias would be
root@mail.example.org root@localhost.example.com
addon:
to avoid accepting mail for *@localhost.example.com via smtp, simply add
an access check to smtpd restrictions. for example:
smtpd_sender_restrictions =
check_recipient_access pcre:/etc/postfix/access_recipient.pcre
== access_recipient.pcre
/@localhost\.example\.com$/ REJECT blah blah
# block mail to our IPs
/@\[127/ REJECT blah blah
/@\[10\./ REJECT blah blah
This won't stop mail to joe@[local.ip]
you can use a pcre access check if that really matters...