summaryrefslogtreecommitdiffstats
path: root/man/man5/virtual.5
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:46:30 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:46:30 +0000
commitb5896ba9f6047e7031e2bdee0622d543e11a6734 (patch)
treefd7b460593a2fee1be579bec5697e6d887ea3421 /man/man5/virtual.5
parentInitial commit. (diff)
downloadpostfix-upstream.tar.xz
postfix-upstream.zip
Adding upstream version 3.4.23.upstream/3.4.23upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/man5/virtual.5')
-rw-r--r--man/man5/virtual.5335
1 files changed, 335 insertions, 0 deletions
diff --git a/man/man5/virtual.5 b/man/man5/virtual.5
new file mode 100644
index 0000000..74fbcef
--- /dev/null
+++ b/man/man5/virtual.5
@@ -0,0 +1,335 @@
+.TH VIRTUAL 5
+.ad
+.fi
+.SH NAME
+virtual
+\-
+Postfix virtual alias table format
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap /etc/postfix/virtual\fR
+
+\fBpostmap \-q "\fIstring\fB" /etc/postfix/virtual\fR
+
+\fBpostmap \-q \- /etc/postfix/virtual <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The optional \fBvirtual\fR(5) alias table rewrites recipient
+addresses for all local, all virtual, and all remote mail
+destinations.
+This is unlike the \fBaliases\fR(5) table which is used
+only for \fBlocal\fR(8) delivery. Virtual aliasing is
+recursive, and is implemented by the Postfix \fBcleanup\fR(8)
+daemon before mail is queued.
+
+The main applications of virtual aliasing are:
+.IP \(bu
+To redirect mail for one address to one or more addresses.
+.IP \(bu
+To implement virtual alias domains where all addresses are aliased
+to addresses in other domains.
+.sp
+Virtual alias domains are not to be confused with the virtual mailbox
+domains that are implemented with the Postfix \fBvirtual\fR(8) mail
+delivery agent. With virtual mailbox domains, each recipient address
+can have its own mailbox.
+.PP
+Virtual aliasing is applied only to recipient
+envelope addresses, and does not affect message headers.
+Use \fBcanonical\fR(5)
+mapping to rewrite header and envelope addresses in general.
+
+Normally, the \fBvirtual\fR(5) alias table is specified as a text file
+that serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+is used for fast searching by the mail system. Execute the command
+"\fBpostmap /etc/postfix/virtual\fR" to rebuild an indexed
+file after changing the corresponding text file.
+
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular\-expression
+map where patterns are given as regular expressions, or lookups
+can be directed to TCP\-based server. In those case, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES".
+.SH "CASE FOLDING"
+.na
+.nf
+.ad
+.fi
+The search string is folded to lowercase before database
+lookup. As of Postfix 2.3, the search string is not case
+folded with database types such as regexp: or pcre: whose
+lookup fields can match both upper and lower case.
+.SH "TABLE FORMAT"
+.na
+.nf
+.ad
+.fi
+The input format for the \fBpostmap\fR(1) command is as follows:
+.IP "\fIpattern address, address, ...\fR"
+When \fIpattern\fR matches a mail address, replace it by the
+corresponding \fIaddress\fR.
+.IP "blank lines and comments"
+Empty lines and whitespace\-only lines are ignored, as
+are lines whose first non\-whitespace character is a `#'.
+.IP "multi\-line text"
+A logical line starts with non\-whitespace text. A line that
+starts with whitespace continues a logical line.
+.SH "TABLE SEARCH ORDER"
+.na
+.nf
+.ad
+.fi
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
+query produces a sequence of query patterns as described below.
+
+Each query pattern is sent to each specified lookup table
+before trying the next query pattern, until a match is
+found.
+.IP "\fIuser\fR@\fIdomain address, address, ...\fR"
+Redirect mail for \fIuser\fR@\fIdomain\fR to \fIaddress\fR.
+This form has the highest precedence.
+.IP "\fIuser address, address, ...\fR"
+Redirect mail for \fIuser\fR@\fIsite\fR to \fIaddress\fR when
+\fIsite\fR is equal to $\fBmyorigin\fR, when \fIsite\fR is listed in
+$\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR
+or $\fBproxy_interfaces\fR.
+.sp
+This functionality overlaps with functionality of the local
+\fIaliases\fR(5) database. The difference is that \fBvirtual\fR(5)
+mapping can be applied to non\-local addresses.
+.IP "@\fIdomain address, address, ...\fR"
+Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
+This form has the lowest precedence.
+.sp
+Note: @\fIdomain\fR is a wild\-card. With this form, the
+Postfix SMTP server accepts
+mail for any recipient in \fIdomain\fR, regardless of whether
+that recipient exists. This may turn your mail system into
+a backscatter source: Postfix first accepts mail for
+non\-existent recipients and then tries to return that mail
+as "undeliverable" to the often forged sender address.
+.sp
+To avoid backscatter with mail for a wild\-card domain,
+replace the wild\-card mapping with explicit 1:1 mappings,
+or add a reject_unverified_recipient restriction for that
+domain:
+
+.nf
+ smtpd_recipient_restrictions =
+ ...
+ reject_unauth_destination
+ check_recipient_access
+ inline:{example.com=reject_unverified_recipient}
+ unverified_recipient_reject_code = 550
+.fi
+
+In the above example, Postfix may contact a remote server
+if the recipient is aliased to a remote address.
+.SH "RESULT ADDRESS REWRITING"
+.na
+.nf
+.ad
+.fi
+The lookup result is subject to address rewriting:
+.IP \(bu
+When the result has the form @\fIotherdomain\fR, the
+result becomes the same \fIuser\fR in \fIotherdomain\fR.
+This works only for the first address in a multi\-address
+lookup result.
+.IP \(bu
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
+.SH "ADDRESS EXTENSION"
+.na
+.nf
+.fi
+.ad
+When a mail address localpart contains the optional recipient delimiter
+(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
+\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
+\fIuser\fR, and @\fIdomain\fR.
+
+The \fBpropagate_unmatched_extensions\fR parameter controls whether
+an unmatched address extension (\fI+foo\fR) is propagated to the
+result of table lookup.
+.SH "VIRTUAL ALIAS DOMAINS"
+.na
+.nf
+.ad
+.fi
+Besides virtual aliases, the virtual alias table can also be used
+to implement virtual alias domains. With a virtual alias domain, all
+recipient addresses are aliased to addresses in other domains.
+
+Virtual alias domains are not to be confused with the virtual mailbox
+domains that are implemented with the Postfix \fBvirtual\fR(8) mail
+delivery agent. With virtual mailbox domains, each recipient address
+can have its own mailbox.
+
+With a virtual alias domain, the virtual domain has its
+own user name space. Local (i.e. non\-virtual) usernames are not
+visible in a virtual alias domain. In particular, local
+\fBaliases\fR(5) and local mailing lists are not visible as
+\fIlocalname@virtual\-alias.domain\fR.
+
+Support for a virtual alias domain looks like:
+
+.nf
+/etc/postfix/main.cf:
+ virtual_alias_maps = hash:/etc/postfix/virtual
+.fi
+
+Note: some systems use \fBdbm\fR databases instead of \fBhash\fR.
+See the output from "\fBpostconf \-m\fR" for available database types.
+
+.nf
+/etc/postfix/virtual:
+ \fIvirtual\-alias.domain anything\fR (right\-hand content does not matter)
+ \fIpostmaster@virtual\-alias.domain postmaster\fR
+ \fIuser1@virtual\-alias.domain address1\fR
+ \fIuser2@virtual\-alias.domain address2, address3\fR
+.fi
+.sp
+The \fIvirtual\-alias.domain anything\fR entry is required for a
+virtual alias domain. \fBWithout this entry, mail is rejected
+with "relay access denied", or bounces with
+"mail loops back to myself".\fR
+
+Do not specify virtual alias domain names in the \fBmain.cf
+mydestination\fR or \fBrelay_domains\fR configuration parameters.
+
+With a virtual alias domain, the Postfix SMTP server
+accepts mail for \fIknown\-user@virtual\-alias.domain\fR, and rejects
+mail for \fIunknown\-user\fR@\fIvirtual\-alias.domain\fR as undeliverable.
+
+Instead of specifying the virtual alias domain name via
+the \fBvirtual_alias_maps\fR table, you may also specify it via
+the \fBmain.cf virtual_alias_domains\fR configuration parameter.
+This latter parameter uses the same syntax as the \fBmain.cf
+mydestination\fR configuration parameter.
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
+.SH "TCP-BASED TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when lookups
+are directed to a TCP\-based server. For a description of the TCP
+client/server lookup protocol, see \fBtcp_table\fR(5).
+This feature is not available up to and including Postfix version 2.4.
+
+Each lookup operation uses the entire address once. Thus,
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fI@domain\fR constituent parts, nor is
+\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Results are the same as with indexed file lookups.
+.SH BUGS
+.ad
+.fi
+The table format does not understand quoting conventions.
+.SH "CONFIGURATION PARAMETERS"
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this topic. See the Postfix \fBmain.cf\fR file for syntax details
+and for default values. Use the "\fBpostfix reload\fR" command after
+a configuration change.
+.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
+Optional lookup tables that alias specific mail addresses or domains
+to other local or remote address.
+.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
+Postfix is final destination for the specified list of virtual
+alias domains, that is, domains for which all addresses are aliased
+to addresses in other local or remote domains.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+.PP
+Other parameters of interest:
+.IP "\fBinet_interfaces (all)\fR"
+The network interface addresses that this mail system receives
+mail on.
+.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+The list of domains that are delivered via the $local_transport
+mail delivery transport.
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBowner_request_special (yes)\fR"
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-".
+.IP "\fBproxy_interfaces (empty)\fR"
+The network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.SH "SEE ALSO"
+.na
+.nf
+cleanup(8), canonicalize and enqueue mail
+postmap(1), Postfix lookup table manager
+postconf(5), configuration parameters
+canonical(5), canonical address mapping
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+ADDRESS_REWRITING_README, address rewriting guide
+DATABASE_README, Postfix lookup table overview
+VIRTUAL_README, domain hosting guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA