1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Rejecting Unknown Local Recipients with Postfix</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Rejecting Unknown Local Recipients with Postfix</h1>
<hr>
<h2>Introduction</h2>
<p> As of Postfix version 2.0, the Postfix SMTP server rejects mail
for unknown recipients in <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> (domains that match
$<a href="postconf.5.html#mydestination">mydestination</a> or the IP addresses in $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>) with "User unknown in local recipient table".
This feature was optional with earlier Postfix versions. </p>
<p> The good news is that this keeps undeliverable mail out of your
queue, so that your mail queue is not clogged up with undeliverable
MAILER-DAEMON messages. </p>
<p> The bad news is that it may cause mail to be rejected when you
upgrade from a Postfix system that was not configured to reject
mail for unknown local recipients. </p>
<p> This document describes what steps are needed in order to reject
unknown local recipients correctly. </p>
<ul>
<li><a href="#main_config">Configuring local_recipient_maps
in main.cf</a>
<li><a href="#change">When you need to change the local_recipient_maps
setting in main.cf</a>
<li><a href="#format">Local recipient table format </a>
</ul>
<h2><a name="main_config">Configuring local_recipient_maps
in main.cf</a></h2>
<p> The <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter specifies lookup tables with
all names or addresses of local recipients. A recipient address is
local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. If a local username or address is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, then the Postfix SMTP server will reject
the address with "User unknown in local recipient table". Other
Postfix interfaces may still accept an "unknown" recipient. </p>
<p> The default setting, shown below, assumes that you use the
default Postfix <a href="local.8.html">local(8)</a> delivery agent for local delivery, where
recipients are either UNIX accounts or local aliases: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
</pre>
</blockquote>
<p> To turn off unknown local recipient rejects by the SMTP server,
specify: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>
</blockquote>
<p> That is, an empty value. With this setting, the Postfix SMTP
server will not reject mail with "User unknown in local recipient
table". <b> Don't do this on systems that receive mail directly
from the Internet. With today's worms and viruses, Postfix will
become a backscatter source: it accepts mail for non-existent
recipients and then tries to return that mail as "undeliverable"
to the often forged sender address</b>. </p>
<h2><a name="change">When you need to change the local_recipient_maps
setting in main.cf</a></h2>
<ul>
<li> <p> Problem: you don't use the default Postfix <a href="local.8.html">local(8)</a>
delivery agent for domains matching $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. For example, you redefined the
"<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>. </p>
<p> Solution: your <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting needs to specify
a database that lists all the known user names or addresses
for that delivery agent. For example, if you deliver users in
$<a href="postconf.5.html#mydestination">mydestination</a> etc. domains via the <a href="virtual.8.html">virtual(8)</a> delivery agent,
specify: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost ...
<a href="postconf.5.html#local_transport">local_transport</a> = virtual
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
</pre>
<p> If you use a different delivery agent for $<a href="postconf.5.html#mydestination">mydestination</a>
etc. domains, see the section "<a href="#format">Local recipient
table format</a>" below for a description of how the table
should be populated. </p>
<li> <p> Problem: you use the <a href="postconf.5.html#mailbox_transport">mailbox_transport</a> or <a href="postconf.5.html#fallback_transport">fallback_transport</a>
feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent in order to
deliver mail to non-UNIX accounts. </p>
<p> Solution: you need to add the database that lists the
non-UNIX users: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname, $<a href="postconf.5.html#alias_maps">alias_maps</a>,
<the database with non-UNIX accounts>
</pre>
<p> See the section "<a href="#format">Local recipient table
format</a>" below for a description of how the table should be
populated. </p>
<li> <p> Problem: you use the <a href="postconf.5.html#luser_relay">luser_relay</a> feature of the Postfix
local delivery agent. </p>
<p> Solution: you must disable the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> feature
completely, so that Postfix accepts mail for all local addresses:
</p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>
</ul>
<h2><a name="format">Local recipient table format</a> </h2>
<p> If you use local files in <a href="postmap.1.html">postmap(1)</a> format, then
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> expects the following table format: </p>
<ul>
<li> <p> In the left-hand side, specify a bare username, an
"@domain.tld" wild-card, or specify a complete "user@domain.tld"
address. </p>
<li> <p> You have to specify something on the right-hand side of
the table, but the value is ignored by <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>.
</ul>
<p> If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL,
then <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> does the same queries as for local files
in <a href="postmap.1.html">postmap(1)</a> format, and expects the same results. </p>
<p> With regular expression tables, Postfix only queries with the
full recipient address, and not with the bare username or the
"@domain.tld" wild-card. </p>
<p> NOTE: a lookup table should always return a result when the address
exists, and should always return "not found" when the address does
not exist. In particular, a zero-length result does not count as
a "not found" result. </p>
</body>
</html>
|