344 lines
12 KiB
Groff
344 lines
12 KiB
Groff
.TH VIRTUAL 5
|
|
.ad
|
|
.fi
|
|
.SH NAME
|
|
virtual
|
|
\-
|
|
Postfix virtual alias table format
|
|
.SH "SYNOPSIS"
|
|
.na
|
|
.nf
|
|
\fBpostmap /etc/postfix/virtual\fR
|
|
|
|
\fBpostmap \-q "\fIstring\fB" /etc/postfix/virtual\fR
|
|
|
|
\fBpostmap \-q \- /etc/postfix/virtual <\fIinputfile\fR
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
The optional \fBvirtual\fR(5) alias table (virtual_alias_maps)
|
|
applies to all recipients: local(8), virtual, and remote.
|
|
This feature is implemented
|
|
in the Postfix \fBcleanup\fR(8) daemon before mail is queued.
|
|
These tables are often queried with a full email address
|
|
(including domain).
|
|
|
|
This is unlike the \fBaliases\fR(5) table (alias_maps) which
|
|
applies only to \fBlocal\fR(8) recipients. That table is
|
|
only queried with the email address localpart (no domain).
|
|
|
|
Virtual aliasing is recursive; to terminate recursion for
|
|
a specific address, alias that address to itself.
|
|
|
|
The main applications of virtual aliasing are:
|
|
.IP \(bu
|
|
To redirect mail for one address to one or more addresses.
|
|
.IP \(bu
|
|
To implement virtual alias domains where all addresses are aliased
|
|
to addresses in other domains.
|
|
.sp
|
|
Virtual alias domains are not to be confused with the virtual mailbox
|
|
domains that are implemented with the Postfix \fBvirtual\fR(8) mail
|
|
delivery agent. With virtual mailbox domains, each recipient address
|
|
can have its own mailbox.
|
|
.PP
|
|
Virtual aliasing is applied only to recipient
|
|
envelope addresses, and does not affect message headers.
|
|
Use \fBcanonical\fR(5)
|
|
mapping to rewrite header and envelope addresses in general.
|
|
|
|
Normally, the \fBvirtual\fR(5) alias table is specified as a text file
|
|
that serves as input to the \fBpostmap\fR(1) command.
|
|
The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
|
|
is used for fast searching by the mail system. Execute the command
|
|
"\fBpostmap /etc/postfix/virtual\fR" to rebuild an indexed
|
|
file after changing the corresponding text file.
|
|
|
|
When the table is provided via other means such as NIS, LDAP
|
|
or SQL, the same lookups are done as for ordinary indexed files.
|
|
|
|
Alternatively, the table can be provided as a regular\-expression
|
|
map where patterns are given as regular expressions, or lookups
|
|
can be directed to a TCP\-based server. In those case, the lookups
|
|
are done in a slightly different way as described below under
|
|
"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES".
|
|
.SH "CASE FOLDING"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The search string is folded to lowercase before database
|
|
lookup. As of Postfix 2.3, the search string is not case
|
|
folded with database types such as regexp: or pcre: whose
|
|
lookup fields can match both upper and lower case.
|
|
.SH "TABLE FORMAT"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The input format for the \fBpostmap\fR(1) command is as follows:
|
|
.IP "\fIpattern address, address, ...\fR"
|
|
When \fIpattern\fR matches a mail address, replace it by the
|
|
corresponding \fIaddress\fR.
|
|
.IP "blank lines and comments"
|
|
Empty lines and whitespace\-only lines are ignored, as
|
|
are lines whose first non\-whitespace character is a `#'.
|
|
.IP "multi\-line text"
|
|
A logical line starts with non\-whitespace text. A line that
|
|
starts with whitespace continues a logical line.
|
|
.SH "TABLE SEARCH ORDER"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
With lookups from indexed files such as DB or DBM, or from networked
|
|
tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
|
|
query produces a sequence of query patterns as described below.
|
|
|
|
Each query pattern is sent to each specified lookup table
|
|
before trying the next query pattern, until a match is
|
|
found.
|
|
.IP "\fIuser\fR@\fIdomain address, address, ...\fR"
|
|
Redirect mail for \fIuser\fR@\fIdomain\fR to \fIaddress\fR.
|
|
This form has the highest precedence.
|
|
.IP "\fIuser address, address, ...\fR"
|
|
Redirect mail for \fIuser\fR@\fIsite\fR to \fIaddress\fR when
|
|
\fIsite\fR is equal to $\fBmyorigin\fR, when \fIsite\fR is listed in
|
|
$\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR
|
|
or $\fBproxy_interfaces\fR.
|
|
.sp
|
|
This functionality overlaps with the functionality of the local
|
|
\fIaliases\fR(5) database. The difference is that \fBvirtual\fR(5)
|
|
mapping can be applied to non\-local addresses.
|
|
.IP "@\fIdomain address, address, ...\fR"
|
|
Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
|
|
This form has the lowest precedence.
|
|
.sp
|
|
Note: @\fIdomain\fR is a wild\-card. With this form, the
|
|
Postfix SMTP server accepts
|
|
mail for any recipient in \fIdomain\fR, regardless of whether
|
|
that recipient exists. This may turn your mail system into
|
|
a backscatter source: Postfix first accepts mail for
|
|
non\-existent recipients and then tries to return that mail
|
|
as "undeliverable" to the often forged sender address.
|
|
.sp
|
|
To avoid backscatter with mail for a wild\-card domain,
|
|
replace the wild\-card mapping with explicit 1:1 mappings,
|
|
or add a reject_unverified_recipient restriction for that
|
|
domain:
|
|
|
|
.nf
|
|
smtpd_recipient_restrictions =
|
|
...
|
|
reject_unauth_destination
|
|
check_recipient_access
|
|
inline:{example.com=reject_unverified_recipient}
|
|
unverified_recipient_reject_code = 550
|
|
.fi
|
|
|
|
In the above example, Postfix may contact a remote server
|
|
if the recipient is aliased to a remote address.
|
|
.SH "RESULT ADDRESS REWRITING"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The lookup result is subject to address rewriting:
|
|
.IP \(bu
|
|
When the result has the form @\fIotherdomain\fR, the
|
|
result becomes the same \fIuser\fR in \fIotherdomain\fR.
|
|
This works only for the first address in a multi\-address
|
|
lookup result.
|
|
.IP \(bu
|
|
When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
|
|
to addresses without "@domain".
|
|
.IP \(bu
|
|
When "\fBappend_dot_mydomain=yes\fR", append
|
|
"\fB.$mydomain\fR" to addresses without ".domain".
|
|
.SH "ADDRESS EXTENSION"
|
|
.na
|
|
.nf
|
|
.fi
|
|
.ad
|
|
When a mail address localpart contains the optional recipient delimiter
|
|
(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
|
|
\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
|
|
\fIuser\fR, and @\fIdomain\fR.
|
|
|
|
The \fBpropagate_unmatched_extensions\fR parameter controls whether
|
|
an unmatched address extension (\fI+foo\fR) is propagated to the
|
|
result of a table lookup.
|
|
.SH "VIRTUAL ALIAS DOMAINS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Besides virtual aliases, the virtual alias table can also be used
|
|
to implement virtual alias domains. With a virtual alias domain, all
|
|
recipient addresses are aliased to addresses in other domains.
|
|
|
|
Virtual alias domains are not to be confused with the virtual mailbox
|
|
domains that are implemented with the Postfix \fBvirtual\fR(8) mail
|
|
delivery agent. With virtual mailbox domains, each recipient address
|
|
can have its own mailbox.
|
|
|
|
With a virtual alias domain, the virtual domain has its
|
|
own user name space. Local (i.e. non\-virtual) usernames are not
|
|
visible in a virtual alias domain. In particular, local
|
|
\fBaliases\fR(5) and local mailing lists are not visible as
|
|
\fIlocalname@virtual\-alias.domain\fR.
|
|
|
|
Support for a virtual alias domain looks like:
|
|
|
|
.nf
|
|
/etc/postfix/main.cf:
|
|
virtual_alias_maps = hash:/etc/postfix/virtual
|
|
.fi
|
|
|
|
Note: some systems use \fBdbm\fR databases instead of \fBhash\fR.
|
|
See the output from "\fBpostconf \-m\fR" for available database types.
|
|
|
|
.nf
|
|
/etc/postfix/virtual:
|
|
\fIvirtual\-alias.domain anything\fR (right\-hand content does not matter)
|
|
\fIpostmaster@virtual\-alias.domain postmaster\fR
|
|
\fIuser1@virtual\-alias.domain address1\fR
|
|
\fIuser2@virtual\-alias.domain address2, address3\fR
|
|
.fi
|
|
.sp
|
|
The \fIvirtual\-alias.domain anything\fR entry is required for a
|
|
virtual alias domain. \fBWithout this entry, mail is rejected
|
|
with "relay access denied", or bounces with
|
|
"mail loops back to myself".\fR
|
|
|
|
Do not specify virtual alias domain names in the \fBmain.cf
|
|
mydestination\fR or \fBrelay_domains\fR configuration parameters.
|
|
|
|
With a virtual alias domain, the Postfix SMTP server
|
|
accepts mail for \fIknown\-user@virtual\-alias.domain\fR, and rejects
|
|
mail for \fIunknown\-user\fR@\fIvirtual\-alias.domain\fR as undeliverable.
|
|
|
|
Instead of specifying the virtual alias domain name via
|
|
the \fBvirtual_alias_maps\fR table, you may also specify it via
|
|
the \fBmain.cf virtual_alias_domains\fR configuration parameter.
|
|
This latter parameter uses the same syntax as the \fBmain.cf
|
|
mydestination\fR configuration parameter.
|
|
.SH "REGULAR EXPRESSION TABLES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
This section describes how the table lookups change when the table
|
|
is given in the form of regular expressions. For a description of
|
|
regular expression lookup table syntax, see \fBregexp_table\fR(5)
|
|
or \fBpcre_table\fR(5).
|
|
|
|
Each pattern is a regular expression that is applied to the entire
|
|
address being looked up. Thus, \fIuser@domain\fR mail addresses are not
|
|
broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
|
|
nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
|
|
|
|
Patterns are applied in the order as specified in the table, until a
|
|
pattern is found that matches the search string.
|
|
|
|
Results are the same as with indexed file lookups, with
|
|
the additional feature that parenthesized substrings from the
|
|
pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
|
|
.SH "TCP-BASED TABLES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
This section describes how the table lookups change when lookups
|
|
are directed to a TCP\-based server. For a description of the TCP
|
|
client/server lookup protocol, see \fBtcp_table\fR(5).
|
|
This feature is available in Postfix 2.5 and later.
|
|
|
|
Each lookup operation uses the entire address once. Thus,
|
|
\fIuser@domain\fR mail addresses are not broken up into their
|
|
\fIuser\fR and \fI@domain\fR constituent parts, nor is
|
|
\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
|
|
|
|
Results are the same as with indexed file lookups.
|
|
.SH BUGS
|
|
.ad
|
|
.fi
|
|
The table format does not understand quoting conventions.
|
|
.SH "CONFIGURATION PARAMETERS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following \fBmain.cf\fR parameters are especially relevant to
|
|
this topic. See the Postfix \fBmain.cf\fR file for syntax details
|
|
and for default values. Use the "\fBpostfix reload\fR" command after
|
|
a configuration change.
|
|
.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
|
|
Optional lookup tables that are often searched with a full email
|
|
address (including domain) and that apply to all recipients: \fBlocal\fR(8),
|
|
virtual, and remote; this is unlike alias_maps that are only searched
|
|
with an email address localpart (no domain) and that apply
|
|
only to \fBlocal\fR(8) recipients.
|
|
.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
|
|
Postfix is the final destination for the specified list of virtual
|
|
alias domains, that is, domains for which all addresses are aliased
|
|
to addresses in other local or remote domains.
|
|
.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
|
|
What address lookup tables copy an address extension from the lookup
|
|
key to the lookup result.
|
|
.PP
|
|
Other parameters of interest:
|
|
.IP "\fBinet_interfaces (all)\fR"
|
|
The local network interface addresses that this mail system
|
|
receives mail on.
|
|
.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
|
|
The list of domains that are delivered via the $local_transport
|
|
mail delivery transport.
|
|
.IP "\fBmyorigin ($myhostname)\fR"
|
|
The domain name that locally\-posted mail appears to come
|
|
from, and that locally posted mail is delivered to.
|
|
.IP "\fBowner_request_special (yes)\fR"
|
|
Enable special treatment for owner\-\fIlistname\fR entries in the
|
|
\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
|
|
\fIlistname\fR\-request address localparts when the recipient_delimiter
|
|
is set to "\-".
|
|
.IP "\fBproxy_interfaces (empty)\fR"
|
|
The remote network interface addresses that this mail system receives mail
|
|
on by way of a proxy or network address translation unit.
|
|
.SH "SEE ALSO"
|
|
.na
|
|
.nf
|
|
cleanup(8), canonicalize and enqueue mail
|
|
postmap(1), Postfix lookup table manager
|
|
postconf(5), configuration parameters
|
|
canonical(5), canonical address mapping
|
|
.SH "README FILES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Use "\fBpostconf readme_directory\fR" or
|
|
"\fBpostconf html_directory\fR" to locate this information.
|
|
.na
|
|
.nf
|
|
ADDRESS_REWRITING_README, address rewriting guide
|
|
DATABASE_README, Postfix lookup table overview
|
|
VIRTUAL_README, domain hosting guide
|
|
.SH "LICENSE"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The Secure Mailer license must be distributed with this software.
|
|
.SH "AUTHOR(S)"
|
|
.na
|
|
.nf
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|
|
|
|
Wietse Venema
|
|
Google, Inc.
|
|
111 8th Avenue
|
|
New York, NY 10011, USA
|