DevHeads.net

Relay mail from virtual domains and issue when the sender and recipient is on same server

What I want to do:

I want to disable local delivery for e-mails from virtual domains / mailboxes when sender / recipient is on same server. I want these e-mails to pass through a relay.

My setup :

I have postfix and dovecot on server1.example.com and smtp.example.com acts as relay for server1.example.com. MX for example.com points to server1.example.com so incoming e-mails go to this server. Outgoing e-mails for domains not hosted in server1.example.com go through the relay. Now I want the e-mails that sender and recipient is on the same server (server1.example.com) to go through the relay (smtp.example.com). For example, currently I send e-mail from <a href="mailto: ... at example dot com"> ... at example dot com</a> to <a href="mailto: ... at example dot com"> ... at example dot com</a> and it does local delivery (e-mail does not leave server1.example.com). I want the e-mail to pass through relay smtp.example.com

The problem is that if I remove domain example.com from virtual_mailbox_domains then e-mails goes from server1.example.com to smtp.example.com but when it comes to server1.example.com it says "Relay denied" which I believe is related to postfix don't consider that is the server that actually hosts this domain (final destination).

/var/log/mailog :

Apr 12 19:49:08 server1 postfix/smtpd[24278]: connect from unknown[62.103.227.xxx]
Apr 12 19:49:08 server1 postfix/smtpd[24278]: Anonymous TLS connection established from unknown[62.103.227.xxx]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 12 19:49:08 server1 dovecot: auth: passwd-file( ... at example dot com,62.103.227.xxx): unknown user
Apr 12 19:49:09 server1 postfix/smtpd[24278]: 24B2A2730A: client=unknown[62.103.227.xxx], sasl_method=PLAIN, sasl_username= ... at example dot com
Apr 12 19:49:09 server1 postfix/cleanup[33817]: 24B2A2730A: message-id=<671AE13C-DBCE-449E-922C- ... at example dot com>
Apr 12 19:49:09 server1 postfix/qmgr[77128]: 24B2A2730A: from=< ... at example dot com>, size=740, nrcpt=1 (queue active)
Apr 12 19:49:09 server1 dovecot: lmtp(40507): Connect from local
Apr 12 19:49:09 server1 dovecot: lmtp(<a href="mailto: ... at example dot com"> ... at example dot com</a>)<40507><w+0rEgWOz1o7ngAAPz4RRA>: sieve: msgid=<671AE13C-DBCE-449E-922C- ... at example dot com>: stored mail into mailbox 'INBOX'
Apr 12 19:49:09 server1 dovecot: lmtp(40507): Disconnect from local: Client has quit the connection (state = READY)
Apr 12 19:49:09 server1 postfix/lmtp[34621]: 24B2A2730A: to=< ... at example dot com>, relay=server1.example.com[private/dovecot-lmtp], delay=0.24, delays=0.22/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 < ... at example dot com> w+0rEgWOz1o7ngAAPz4RRA Saved)
Apr 12 19:49:09 server1 postfix/qmgr[77128]: 24B2A2730A: removed

postconf -Mf:

smtp inet n - n - - smtpd
-o content_filter=filter:
-o receive_override_options=no_address_mappings
submission inet n - n - - smtpd
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
filter unix - n n - - pipe flags=Rq
user=filter argv=/usr/local/etc/bogofilter/postfix-filter.sh -f ${sender}
-- ${recipient}

postconf -n:

authorized_mailq_users =
authorized_submit_users = root, filter
body_checks = regexp:/usr/local/etc/postfix/body_checks
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 2
default_destination_rate_delay = 1s
default_extra_recipient_limit = 10
header_checks = pcre:/usr/local/etc/postfix/header_checks
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 25600000
myhostname = server1.example.com
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relayhost = [smtp.example.com]
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_bind_address = 138.201.248.xxx
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10
smtp_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtp_tls_cert_file = /etc/ssl/certs/mail.pem
smtp_tls_key_file = /etc/ssl/private/mail.pem
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_banner = $myhostname
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_restrictions = check_recipient_access hash:/usr/local/etc/postfix/recipient_access, check_policy_service { inet:127.0.0.1:10040, timeout=10s, default_action=dunno }, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client bad.psky.me, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client truncate.gbudb.net, reject_rbl_client bl.blocklist.de, reject_rbl_client dnsbl.dronebl.org, check_policy_service inet:127.0.0.1:10023, permit
smtpd_relay_restrictions = permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unlisted_sender, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_unknown_sender_domain, permit
smtpd_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/recipient_transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = hash:/usr/local/etc/postfix/virtual_uids
virtual_mailbox_base = /home/mail
virtual_mailbox_domains = hash:/usr/local/etc/postfix/domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = hash:/usr/local/etc/postfix/virtual_uids
% postconf -nf
authorized_mailq_users =
authorized_submit_users = root, filter
body_checks = regexp:/usr/local/etc/postfix/body_checks
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
$daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 2
default_destination_rate_delay = 1s
default_extra_recipient_limit = 10
header_checks = pcre:/usr/local/etc/postfix/header_checks
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 25600000
myhostname = server1.example.com
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relayhost = [smtp.example.com]
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_bind_address = 138.201.248.xxx
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10
smtp_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtp_tls_cert_file = /etc/ssl/certs/mail.pem
smtp_tls_key_file = /etc/ssl/private/mail.pem
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_banner = $myhostname
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_restrictions = check_recipient_access
hash:/usr/local/etc/postfix/recipient_access, check_policy_service {
inet:127.0.0.1:10040, timeout=10s, default_action=dunno },
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_helo_hostname, reject_rbl_client zen.spamhaus.org,
reject_rbl_client bad.psky.me, reject_rbl_client b.barracudacentral.org,
reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org,
reject_rbl_client truncate.gbudb.net, reject_rbl_client bl.blocklist.de,
reject_rbl_client dnsbl.dronebl.org, check_policy_service
inet:127.0.0.1:10023, permit
smtpd_relay_restrictions = permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unlisted_sender, permit_sasl_authenticated,
reject_non_fqdn_sender, check_sender_access
hash:/usr/local/etc/postfix/sender_access, reject_unknown_sender_domain,
permit
smtpd_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/recipient_transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = hash:/usr/local/etc/postfix/virtual_uids
virtual_mailbox_base = /home/mail
virtual_mailbox_domains = hash:/usr/local/etc/postfix/domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = hash:/usr/local/etc/postfix/virtual_uids
% postconf -nf
authorized_mailq_users =
authorized_submit_users = root, filter
body_checks = regexp:/usr/local/etc/postfix/body_checks
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
$daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 2
default_destination_rate_delay = 1s
default_extra_recipient_limit = 10
header_checks = pcre:/usr/local/etc/postfix/header_checks
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 25600000
myhostname = server1.example.com
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relayhost = [smtp.example.com]
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_bind_address = 138.201.248.xxx
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10
smtp_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtp_tls_cert_file = /etc/ssl/certs/mail.pem
smtp_tls_key_file = /etc/ssl/private/mail.pem
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_banner = $myhostname
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_recipient_restrictions = check_recipient_access
hash:/usr/local/etc/postfix/recipient_access, check_policy_service {
inet:127.0.0.1:10040, timeout=10s, default_action=dunno },
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_helo_hostname, reject_rbl_client zen.spamhaus.org,
reject_rbl_client bad.psky.me, reject_rbl_client b.barracudacentral.org,
reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org,
reject_rbl_client truncate.gbudb.net, reject_rbl_client bl.blocklist.de,
reject_rbl_client dnsbl.dronebl.org, check_policy_service
inet:127.0.0.1:10023, permit
smtpd_relay_restrictions = permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unlisted_sender, permit_sasl_authenticated,
reject_non_fqdn_sender, check_sender_access
hash:/usr/local/etc/postfix/sender_access, reject_unknown_sender_domain,
permit
smtpd_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/recipient_transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = hash:/usr/local/etc/postfix/virtual_uids
virtual_mailbox_base = /home/mail
virtual_mailbox_domains = hash:/usr/local/etc/postfix/domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = hash:/usr/local/etc/postfix/virtual_uids