ArchLUG Kwiki - www.archlug.org

Download the RSS XML Feed for this site

Download the RSS XML Feed for this site

Subscribe to this channel with Amphetadesk

Subscribe to this channel with RadioUserland

Add to Google

PostfixProblem

A Postfix Problem

I'm having a bit of trouble getting my email straightened out, and want/need some help.

Here's the overview:

I have several domains hosted on a UML host. In my zone files it looks like the following:

In db.domain1.ext: 

domain1.ext. MX 0 domain1.ext.
www          MX 0 domain1.ext.
uml          MX 0 domain1.ext.

In db.domain2.ext: 

domain2.ext. MX 0 domain2.ext.
www          MX 0 domain2.ext.

Each "machine" in the domain is sent to the canonical domain host. All of the machines are really just "A" records for the same IP - that of the UML.

The canonical reverse-ip name for the UML is www.domain1.ext.

I really don't want to put www.domain1.ext. as the MX host for domain2.

I think I have postfix setup to accept SMTP email going to these domains, but a second set of eyes wouldn't hurt.

There's the usual aliases - info, sales, www, abuse, etc. that all go to my local account username in /etc/postfix/aliases.

In /etc/postfix/virtual: 

domain1.ext anything
webmaster@domain1.ext alice
info@domain1.ext      alice
domain2.ext anything
webmaster@domain2.ext alice
info@domain2.ext      alice
bob@domain2.ext       bob

I have a question about the interaction between aliases and virtual, and I think that the correct answer is that the aliases are only valid for the canonical hostname -- i.e. www.domain1.ext. Could someone verify/explain if different?

And here's the interesting bits from my main.cf: 

myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_maps = hash:/etc/postfix/virtual
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_client_restrictions = permit_mynetworks reject_unknown_client
smtpd_sender_restrictions = permit_mynetworks reject_unknown_client

And from master.cf: 

smtp  inet n - y - - smtpd
smtps inet n - n - - smtpd
  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Q1: What's the difference between alias_maps and alias_database?

Q2: I want users to connect with TLS and auth with their normal passwords, basically. I think the above does that, but only from localhost.

Q3: I want users for domain2.ext to use "domain2.ext" as their outgoing SMTP mailserver using TLS smtp (i.e. port 465). This isn't working. What do I need to do/change to make that happen?

Q4: I want users for domain2.ext to use "domain2.ext" as their incoming POP or IMAP server using TLS pop3 (pop3s, port 995) or TLS imap (imaps, port 993). This appears to be setup properly via proper xinetd.conf settings, so at this point the problem is apparently in the delivery to the proper mailbox. This doesn't appear to be working, per Q2.

Anyone want to help walk me through the settings/changes for postfix?

RussellHorn from MLUG wrote: 

mydestination = $myhostname, localhost.$mydomain $mydomain

In mydestination you can list all the domains postfix should accept mail for - domain1.com domain2.com domain3.net

Postfix should then accept mail addressed to any of those domains.

This is my TLS stuff: 

# TLS Stuff
smtpd_use_tls = yes
smtpd_tls_note_starttls_offer = yes
smtpd_tls_cert_file = /etc/postfix/certs/ssl.cert
smtpd_tls_key_file = /etc/postfix/certs/ssl.key
smtpd_tls_CAfile = /etc/postfix/certs/ssl.ca
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtp_tls_session_cache_database = sdbm:/etc/postfix/cache/smtp_scache
smtpd_tls_ask_ccert = yes
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 1

# SASL Stuff
smtpd_helo_required = yes
smtpd_delay_reject = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = paddington
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
sasl_pwcheck_method = auxprop
sasl_auxprop_plugin = sasldb
sasl_mech_list =  plain digest-md5 cram-md5

Responding to Q2:

The above works here allowing users to log in with their sasl2 username and password.

Responding to Q3:

The code I pasted above works here.

Valid XHTML 1.0! Valid CSS!
InterTran (www.tranexp.com)
InterTran (www.tranexp.com)

Please MOVE AND HOLD your MOUSE CURSOR over any WORD in the translated web page in order to see a pop-up window with ALTERNATIVE TRANSLATIONS. Translations provided by: www.tranexp.com