3

After having dig for hours on SF/SO and googled a lot, I still can't figure out how /etc/aliases is used by postfix.

  1. I use an Amazon Linux EC2 server (kind of Centos6)
  2. My server hostname is set to srv.example.com
  3. I have setup postfix 2.6.6 with a null-client config (only to send mails for my website and send reports to my personal mail)
  4. I set up /etc/aliases with rules including root: mymail@gmail.com
  5. I run newaliases to take into account the changes in /etc/aliases
  6. I restarted postfix sudo service postfix restart
  7. echo "something" | mailx -s D"subject" root sends a mail to root@example.com instead of mymail@gmail.com

I traced this in /var/log/maillog :

Mar 13 17:21:23 srv postfix/smtpd[14462]: A27B540A87: client=localhost[127.0.0.1]
Mar 13 17:21:23 srv postfix/cleanup[14466]: A27B540A87: message-id=<55031c93.Il7wUJmrkLu/WLNL%srv@example.com>
Mar 13 17:21:23 srv opendkim[2065]: A27B540A87: DKIM-Signature field added (s=prod-key-swf, d=example.com)
Mar 13 17:21:23 srv postfix/qmgr[14458]: A27B540A87: from=<srv@example.com>, size=820, nrcpt=1 (queue active)
Mar 13 17:21:23 srv sendmail[14461]: t2DHLNlC014461: to=root, ctladdr=srv@example.com (serveur srv) (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30309, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as A27B540A87)
Mar 13 17:21:25 srv postfix/smtp[14467]: A27B540A87: to=<root@srv.example.com>, relay=aspmx.l.google.com[64.233.186.27]:25, delay=2, delays=0.1/0.01/1.4/0.48, dsn=5.1.1, status=bounced (host aspmx.l.google.com[64.233.186.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 f78si2479139qkh.47 - gsmtp (in reply to RCPT TO command))
Mar 13 17:21:26 srv postfix/bounce[14468]: A27B540A87: sender non-delivery notification: 2297E40A86
Mar 13 17:21:26 srv postfix/qmgr[14458]: A27B540A87: removed

My only postfix configuration modifications are (null-client config):

  • myhostname = srv.example.com
  • myorigin = $mydomain
  • relayhost = $mydomain
  • inet_interfaces = loopback-only
  • mydestination =

Which step am I missing in order to have /etc/aliases statements applied as expected ?

My sudo postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = loopback-only
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
mydestination =
myhostname = srv.example.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relayhost = $mydomain
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_milters = inet:127.0.0.1:8891
unknown_local_recipient_reject_code = 550
kheraud
  • 263
  • 2
  • 11
  • 3
    /etc/aliases only affect *LOCAL* deliveries. If you configured your server as a null client (which you have) then you aren't doing any local deliveries. –  Mar 13 '15 at 20:16
  • Can you update tr maillog entry to include the whole line? Does it include any more information on the reasons for 5.1.1.? – Esa Jokinen Mar 14 '15 at 07:20
  • Edit the question and add the output of `grep A27B540A87 /var/log/maillog` – masegaloeh Mar 14 '15 at 13:34
  • As somewhat alluded to by @yoonix, I think you want to look at the virtual user table rather than /etc/aliases. – user Mar 14 '15 at 13:52
  • 1
    Don't cut off the log entry. You left out the important bits! – Michael Hampton Mar 14 '15 at 16:48
  • @masegaloeh, I edited the post. But as yoonix points out it's probably my miss understanding of "null client"... – kheraud Mar 14 '15 at 21:00
  • It seems like it's trying to send the mail to Gmail, but without modifying the address used in `RCPT TO`. Google doesn't know anything about `@srv.example.com`, thus giving error 5.1.1 it cannot be found. I'd just switch to `virtual_alias_domains` and `virtual_alias_maps` that are really made for this kind of functionality. – Esa Jokinen Mar 14 '15 at 21:40
  • I finally end up with a "canonical map". A virtual alias woul'd work also. I'll post an answer tomorrow to explain what I understood. – kheraud Mar 14 '15 at 21:54
  • Anyway, the sendmail is still running with postfix --> `Mar 13 17:21:23 srv sendmail[14461]: t2DHLNlC014461: to=root, ctladdr=srv@example.com...`. You should consider to uninstall the sendmail so it wouldn't conflict with postfix – masegaloeh Mar 15 '15 at 17:10

1 Answers1

6

After having understood that a "null client" is a null client, I dig a bit more to understand postfix virtual domain how to.

In a nutshell

  1. A null client is ideal for a "send only" mail server (the one I need for my website)
  2. Configuring a "null client" requires defining myorigin to server hostname
  3. myorigin also specifies the default domain name that is appended to recipient addresses that have no @domain part (taken from /et/postfix/main.cf).
  4. Postfix won't use my /etc/aliases to route my local mails as my mails to root / fail2ban / me ... will be rewritten to root@srv.example.com / fail2ban@srv.example.com ...
  5. Then, I need postfix to rewrite xxx@srv.example.com to mymail@gmail.com
  6. Add @srv.example.com mymail@gmail.com in /etc/postfix/canonical
  7. Add canonical_maps = hash:/etc/postfix/canonical in /etc/postfix/main.cf
  8. Run postmap /etc/postfix/canonical and restart postfix (sudo service postfix restart)

Rewritting local mail with regex

I went a little bit further to keep information of the original target user. You can use regular expression for that :

  • In /etc/postfix/main.cf, instead of canonical_maps = hash:/etc/postfix/canonical, use canonical_maps = regexp:/etc/postfix/canonical
  • In /etc/postfix/canonical, instead of @srv.example.com mymail@gmail.com, I used (.+)@(.+).example.com mymail+$1.$2@gmail.com to receive mail to mymail+fail2ban.srv@gmail.com (I will have srv2, srv3, srvx later...)

I asked for help too early, hope this answer will help others stuck with the same issue.

kheraud
  • 263
  • 2
  • 11