horok/postfix
1
0
Fork 0
Code Activity
postfix/html/LOCAL_RECIPIENT_README.html
Daniel Baumann 75cf244379
Adding upstream version 3.10.2. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-21 14:19:32 +02:00

210 lines
10 KiB
HTML
Raw Permalink Blame History

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"https://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Rejecting Unknown Local Recipients with Postfix</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Rejecting Unknown Local Recipients with Postfix</h1>
<hr>
<h2>Introduction</h2>
<p> As of Postfix version 2.0, the Postfix SMTP server rejects mail
for unknown recipients in <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> (domains that match
$<a href="postconf.5.html#mydestination">mydestination</a> or the IP addresses in $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>) with "User unknown in local recipient table".
This feature was optional with earlier Postfix versions. </p>
<p> The good news is that this keeps undeliverable mail out of your
queue, so that your mail queue is not clogged up with undeliverable
MAILER-DAEMON messages. </p>
<p> The bad news is that it may cause mail to be rejected when you
upgrade from a Postfix system that was not configured to reject
mail for unknown local recipients. </p>
<p> This document describes what steps are needed in order to reject
unknown local recipients correctly. </p>
<ul>
<li><a href="#main_config">Configuring local_recipient_maps
in main.cf</a>
<li><a href="#change">When you need to change the local_recipient_maps
setting in main.cf</a>
<li><a href="#format">Local recipient table query format </a>
</ul>
<h2><a name="main_config">Configuring local_recipient_maps
in main.cf</a></h2>
<p> The <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter specifies lookup tables with
all names or addresses of local recipients. A recipient address is
local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. If a local username or address is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, then the Postfix SMTP server will reject
the address with "User unknown in local recipient table". Other
interfaces such as the Postfix <a href="sendmail.1.html">sendmail(1)</a> command may still accept
an "unknown" recipient. </p>
<p> The default setting, shown below, assumes that you use the
default Postfix <a href="local.8.html">local(8)</a> delivery agent for local delivery, where
recipients are either UNIX accounts (typically, in /etc/passwd) or
local aliases (typically, in /etc/aliases): </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
</pre>
</blockquote>
<p> To turn off unknown local recipient rejects by the SMTP server,
specify: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>
</blockquote>
<p> That is, an empty value. With this setting, the Postfix SMTP
server will not reject mail with "User unknown in local recipient
table". <b> Don't do this on systems that receive mail directly
from the Internet. With today's worms and viruses, Postfix will
become a backscatter source: it accepts mail for non-existent
recipients and then tries to return that mail as "undeliverable"
to the often forged sender address</b>. </p>
<h2><a name="change">When you need to change the local_recipient_maps
setting in main.cf</a></h2>
<ul>
<li> <p> Problem: you don't use the default Postfix <a href="local.8.html">local(8)</a>
delivery agent for domains matching $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. For example, you redefined the
"<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>. </p>
<p> Solution: your <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting needs to specify
a database that lists all the known user names or addresses
for that delivery agent. For example, if you deliver users in
$<a href="postconf.5.html#mydestination">mydestination</a> etc. domains via the <a href="virtual.8.html">virtual(8)</a> delivery agent,
specify: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost ...
<a href="postconf.5.html#local_transport">local_transport</a> = virtual
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
</pre>
<p> If you don't use the <a href="local.8.html">local(8)</a> or <a href="virtual.8.html">virtual(8)</a> delivery agent
for $<a href="postconf.5.html#mydestination">mydestination</a>
etc. domains, see the section "<a href="#format">Local recipient
table format</a>" below for a description of how the table
should be populated. </p>
<li> <p> Problem: you use the <a href="postconf.5.html#mailbox_transport">mailbox_transport</a> or <a href="postconf.5.html#fallback_transport">fallback_transport</a>
feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent in order to
deliver mail to non-UNIX recipients. </p>
<p> Solution: you need to add the database that lists the
non-UNIX recipients: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname, $<a href="postconf.5.html#alias_maps">alias_maps</a>,
&lt;the database with non-UNIX recipients&gt;
</pre>
<p> See the section "<a href="#format">Local recipient table
format</a>" below for a description of how the table should be
populated. </p>
<li> <p> Problem: you use the <a href="postconf.5.html#luser_relay">luser_relay</a> feature of the Postfix
local delivery agent. </p>
<p> Solution: you must disable the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> feature
completely, so that the Postfix SMTP server accepts mail for
all local addresses: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>
</ul>
<h2><a name="format">Local recipient table query format</a> </h2>
<p> If <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies local files, such as files in
<a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> format, then the Postfix SMTP server
generates the following queries: </p>
<ul>
<li> <p> The full recipient address. This query supports a non-default
<a href="postconf.5.html#local_transport">local_transport</a> setting with a delivery agent such as <a href="lmtp.8.html">lmtp(8)</a> or
virtual(8). See "<a href="#main_config">Configuring local_recipient_maps
in main.cf</a>: for additional guidance for what lookup tables to
specify. </p>
<li> <p> The recipient address local-part. This query supports the
default <a href="postconf.5.html#local_transport">local_transport</a> setting with the UNIX-compatible <a href="local.8.html">local(8)</a>
delivery agent; the Postfix SMTP server makes this query only when
the recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p>
<li> <p> The recipient @domain. This query supports a non-default
<a href="postconf.5.html#local_transport">local_transport</a> setting with a delivery agent such as <a href="virtual.8.html">virtual(8)</a>;
it is a wildcard for domains that do not have a valid recipient
list. </p>
</ul>
<p> NOTES: </p>
<ul>
<li> <p> A lookup table should return a non-empty result when the
address exists, and should return "not found" when the address does
not exist. In particular, a zero-length (empty) result does not
count as a "not found" result. </p>
<li> <p> When <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a lookup table based
on <a href="ldap_table.5.html">ldap</a>:, <a href="memcache_table.5.html">memcache</a>:, <a href="mongodb_table.5.html">mongodb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="sqlite_table.5.html">sqlite</a>:, or other
external database, then the Postfix SMTP server queries that lookup
table with the same queries as described at the start of this
section, and expects the same results. </p>
<li> <p> To suppress lookups for the <i>local-part</i> and the
<i>@domain</i> wild-card, specify the <b>domain</b> setting in a
Postfix <a href="ldap_table.5.html">ldap</a>:, <a href="memcache_table.5.html">memcache</a>:, <a href="mongodb_table.5.html">mongodb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="sqlite_table.5.html">sqlite</a>:, etc.,
database client configuration file. </p>
<li> <p> When <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a lookup table based
on <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>:, <a href="socketmap_table.html">socketmap</a>: or <a href="tcp_table.5.html">tcp</a>:, Postfix queries that table
only with the full recipient address, and not with the <i>local-part</i>
or the <i>@domain</i> wild-card. </p>
</ul>
</body>
</html>
View git blame Copy permalink