"Unknown user" bounce from Postfix with multiple domains on a single server instance

Question

I'm setting up a Ubuntu server and am using Postfix for my email accounts. This server will host several different domains which I've set up each with a corresponding virtual server and home directory. Everything is working great on the web hosting side, but I'm running into email troubles that I don't understand at all.

Let's say my primary domain is example1.com. Originally I setup a user "chris" and that user could receive email at chris@example1.com, however when I replied from that user, the from address is chris@ip-123-45-43-21.ec2.internal (IP altered for demo purposes). On other servers I've used, my username was actually an email address, so I thought I'd change this user to chris@example1.com and I discovered that it actually works perfectly. I can still receive email and now when I reply the correct domain is used!

The problem occurs with my next user. I created "pat" and their domain is example2.com. This user can receive email just the same as "chris" initially did and the from email is the internal "domain" again. But now when I change this username to "pat@example2.com" I get mailer daemon replies that say: This is the mail system at host ip-123-45-43-21.ec2.internal. I'm sorry to have to inform you that your message could not be delivered... <pat@example2.com>: unknown user: "pat".

Cut to 9 hours later of pulling my hair out and I don't know what I'm doing. Here's what I've tried with various combinations therein (all with the exact same message)– and I did restart postfix after each one (and did newaliases when appropriate:

• Messing for hours with DNS records (thinking that the domain needed to be different)
• Modifying the main.cf Postfix config file (changing things like mydestinations and myorigin with different combinations of $mydomain and example1.com, example2.com)
• Setting up an alias (pat to pat@example2.com)
• Setting up a virtual domain map (pat pat@example2.com)

I've been looking at various log files but it's so hard to tell what is actually going on. One of the lines has ...Relay access denied... in it, but I don't know if that was from a test email I sent or something else. The timestamps are tough because there's a few minute delay between when I send the test email from Gmail and when I get the daemon response.

Ultimately, I renamed the user back to just "pat" and it can receive emails again (thank god) but the from address is wrong (pat@ip-123-45-43-21.ec2.internal).

I feel like this is a very common setup (multiple domains on a single server instance) and would be a straightforward task for a typical network admin, but I've trudged through hundreds of forums, tutorials, and question/answers posts and they all just focus on a single domain.

Here are some of my various config files and log messages (keep in mind this is where they ended up after 9 hours of throwing spaghetti at the wall, so I'm sure there are potential conflicts and remnants). Is anything obviously out of place? Would other config files be more helpful?

Setup: AWS Lightsail, Ubuntu, Webmin, Postfix

/etc/postfix/main.cf

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ip-123-45-43-21.ec2.internal
alias_maps = hash:/etc/aliases
myorigin = localhost
mydestination = $myhostname, ip-123-45-43-21.ec2.internal, localhost.ec2.internal, localhost, localhost.$mydomain, $mydomain, example1.com, example2.com
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 192.168.1.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

virtual_alias_maps = hash:/etc/postfix/virtual

/etc/aliases

...
pat: pat@example2.com

mail.log (Before I reverted back to just the "pat" username)

Jul  7 21:24:04 ip-123-45-43-21 postfix/local[3842]: F19DA2EE6AF: to=<pat@example2.com>, relay=local, delay=0.27, delays=0.26/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "pat")
...
Jul  7 21:27:20 ip-123-45-43-21 postfix/smtpd[4829]: NOQUEUE: reject: RCPT from mail-lj1-f170.google.com[209.85.208.170]: 454 4.7.1 <pat@example2.com>: Relay access denied; from=<whatever@gmail.com> to=<pat@example2.com> proto=ESMTP helo=<mail-lj1-f170.google.com>

Can anyone point me in the right direction with something simple I can follow and understand?

Ultimately I want to have chris@example1.com and pat@example2.com (and even john@example3.com down the road) to be able to receive and send email from this same server.

Answer 1

Ok with thanks to @yoonix (plus a few more hours of troubleshooting) I was able to come up with a combination that is working and will work for future users.

For anyone else that stumbles upon this question, this worked for me but as you probably know all servers are different and your mileage will most certainly vary.

• I use what I want the full email address to be as the username. In my example above this would be pat@example2.com.
• Then I create an alias for just the "name" and direct it specifically to the file I want. So pat would alias to /var/mail/pat@example2.com (this file should create itself automatically when you make your user, but you would be fine to manually make it)
• I ran into permission issues with this file. I'm going to do more troubleshooting because it's probably a group thing, but I chmod'd it to 666 and it's working.

Now I can receive and send email to and from the correct domain.

I'm sure others will state that changing the permissions on that mail file to 666 is not the best way to do it– and I would certainly agree with them. If I find a better way to handle the user groups that works with the default 660 I will update this answer.