DevHeads.net

Which user lookup wins?

When postfix checks for a local user it looks at any local user (like /home/fred), I assume by checking /etc/passwd or similar (I have local users who can receive mail who are not mentioned in any /etc/postfix/* file, so postfix knows about them from somewhere outside of postfix’s config file) and then it also checks for virtual_mailbox_domains and virtual_alias_maps, yes?

If a user lookup matches in BOTH locations due to a misconfiguration, which one “wins”? Can I simply add user@$mydomain to the sql maps and they will trigger, or do I have to do something to tell postfix not to use the local home for that user first? (Not literally $mydomain, obvs).

Is it possible to prevent delivery to a local user and force the local domain to be resoled through virtual_mailbox_domains and virtual_alias_maps or does this require disabling local delivery to the entire $mydomain at once? Or, can I trick it by using virtual?

user@$mydomain user@<virtual domain managed by myslq>.tld

So, if I have <a href="mailto: ... at example dot com"> ... at example dot com</a> and <a href="mailto: ... at example dot net"> ... at example dot net</a> and .net is handled in mysql through virtual_mailbox* and <a href="mailto: ... at example dot com"> ... at example dot com</a> has mail put in /home/user because example.com is $mydomain how would I set postfix up so that even though /home/user is the user’s home folder, their mail would be in virtual_mailbox_base only and handled via MySQL? (And yes, I realize the user’s mail would not be available via a shell login, that is rather the point).

What I currently have that seems relevant:

virtual_alias_maps =
hash:$config_directory/virtual
proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_alias_domains = kreme.com
virtual_gid_maps = static:89
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 89
virtual_uid_maps = static:89
virtual_transport = dovecot

Hopefully I explained this question well enough.

Comments

Re: Which user lookup wins?

By Wietse Venema at 03/14/2018 - 20:14

The Postfix SMTP server always looks in virtual_alias_maps. Then,
it looks in the tables that depend on the address class of the
recipient domain. For that, I suggest that you look at
<a href="http://www.postfix.org/ADDRESS_CLASSS_README.html" title="http://www.postfix.org/ADDRESS_CLASSS_README.html">http://www.postfix.org/ADDRESS_CLASSS_README.html</a>

Wietse

Re: Which user lookup wins?

By Matus UHLAR - f... at 03/15/2018 - 05:43

On 14.03.18 20:14, Wietse Venema wrote:
Always? isn't that a contradiction to the referenced document that indicated
only domains in virtual_alias_domains are searched for virtual aliases?

Re: Which user lookup wins?

By Wietse Venema at 03/15/2018 - 09:20

Matus UHLAR - fantomas:
Please cite the text that says 'only domains in virtual_alias_domains
are searched for virtual aliases'.

Wietse

Re: Which user lookup wins?

By Matus UHLAR - f... at 03/15/2018 - 10:06

On 15.03.18 09:20, Wietse Venema wrote:
virtual_alias_domains and virtual_alias_maps are described in
"The virtual alias domain class." section.

* Domain names are listed in virtual_alias_domains. The default value is
$virtual_alias_maps for Postfix 1.1 compatibility.

* Valid recipient addresses are listed with the virtual_alias_maps parameter.
The Postfix SMTP server rejects invalid recipients with "User unknown in
virtual alias table". The default value is $virtual_maps for Postfix 1.1
compatibility.

That lead me to think that virtual_alias_maps does not apply to other classes.

Re: Which user lookup wins?

By Wietse Venema at 03/15/2018 - 20:18

Matus UHLAR - fantomas:
That text does not exclude other virtual_alias_maps lookups.

Wietse

Re: Which user lookup wins?

By Matus UHLAR - f... at 03/26/2018 - 11:21

On 15.03.18 20:18, Wietse Venema wrote:
there are 5 classes described on
<a href="http://www.postfix.org/ADDRESS_CLASS_README.html" title="http://www.postfix.org/ADDRESS_CLASS_README.html">http://www.postfix.org/ADDRESS_CLASS_README.html</a>

The local domain class.
The virtual alias domain class.
The virtual mailbox domain class.
The relay domain class.
The default domain class.

each of those sections describes different configuration variables used in
those classes.

virtual_alias_maps is only described in virtual alias domain class. if it
applies in other classes (as you said above, always), it should be probably
described outsideof those sections.

Or should I expect all of maps described in those sections
(local_recipient_maps, virtual_alias_maps, virtual_mailbox_maps,
relay_recipient_maps) to apply in all cases?

Re: Which user lookup wins?

By Wietse Venema at 03/26/2018 - 14:15

Matus UHLAR - fantomas:
Again, it says that

If the domain matches virtual_alias_domains
then look up the user in virtual_alias_maps

The text does not say:

If the domain matches virtual_alias_domains
then look up the user in virtual_alias_maps
else don't use virtual_alias_maps

The program behaves as promised.

Wietse

Re: Which user lookup wins?

By Matus UHLAR - f... at 03/27/2018 - 12:37

On 26.03.18 14:15, Wietse Venema wrote:
but that is exactly what "if" means.
What you say here is a perfect example of misleading.

Using "if" in case where a condition does NOT have to be met only leads to
mistakes.

there are many ifs in postfix documentation, should I understand that
they are all useless and all "then" apply even when their "if" doesn't
succeed?

IMHO the documentation should make it more clear. I have only found this
information in:
<a href="http://www.postfix.org/ADDRESS_REWRITING_README.html#overview" title="http://www.postfix.org/ADDRESS_REWRITING_README.html#overview">http://www.postfix.org/ADDRESS_REWRITING_README.html#overview</a>
but the virtual_alias_maps is documented in other docs to.

Note that the original poster also did miss this information, that's why we
have this thread.

Re: Which user lookup wins?

By Wietse Venema at 03/27/2018 - 13:17

Matus UHLAR - fantomas:
Sorry, you are confusing 'if X then Y' with 'only if X then Y'
or 'if and only if X then Y'.

Wietse

Re: Which user lookup wins?

By Matus UHLAR - f... at 03/27/2018 - 13:22

On 27.03.18 13:17, Wietse Venema wrote:
people say this to trick others into Y saing that X is a condition even if
it's not.

Please don't do that.

Re: Which user lookup wins?

By Wietse Venema at 03/27/2018 - 13:50

Matus UHLAR - fantomas:
I'm abanding this thread because a) we don't agree on the meaning
of simple words, and b) you're maligning my attempts to educate.

Over and out.

Wietse

Re: Which user lookup wins?

By dev rob0 at 03/26/2018 - 12:53

On Mon, Mar 26, 2018 at 05:21:22PM +0200, Matus UHLAR - fantomas wrote:
Furthermore, the behavior of virtual_alias_maps is documented
completely, here:
<a href="http://www.postfix.org/postconf.5.html#virtual_alias_maps" title="http://www.postfix.org/postconf.5.html#virtual_alias_maps">http://www.postfix.org/postconf.5.html#virtual_alias_maps</a>

But the ADDRESS_CLASS_README is not intended to completely document
what virtual_alias_maps does. The postconf(5) manual does that. It
is nicely hyperlinked from ADDRESS_CLASS_README.html, BTW.

OTOH, perhaps your assumption about the ADDRESS_CLASS_README's
function was wrong.

The postconf(5) manual documents each of those, as well, each also
being nicely hyperlinked from ADDRESS_CLASS_README.html.

virtual_alias_maps apply to ALL addresses in ALL classes. Other
class address maps do not.

The virtual alias class is different in another way, too. There's
not a transport setting for that class. The reason is that a
virtual_alias_domains address must ultimately resolve via v_a_maps to
a valid address in some other class, and that class defines the
transport which will be used.

Re: Which user lookup wins?

By LuKreme at 03/15/2018 - 01:44

On 14 Mar 2018, at 18:14, Wietse Venema < ... at porcupine dot org> wrote:

Oh good, that makes things easier.

Thank you for the link, but I get "Not Found

The requested URL /ADDRESS_CLASSS_README.html was not found on this server.”

Oh, wait a minute, there’s an extra S up there. Did you type that from memory?

I’m impressed.

<http://www.postfix.org/ADDRESS_CLASS_README.html>