Postfix not obeying my relay_recipient_maps table

[BulletSeed]

Hi!

I'm using postfix as a mail gateway, relaying everything to my back-end mail server. I have specified a relay_domain and have tested that it works perfectly. However, when I try to specify a relay_recipient_maps table it seems to have no effect.

Here's what I did:
1. Downloaded the address list from LDAP in the hash format "email-address <whitespace> OK".
2. Did a postmap on that file, creating the .db file.
3. Added the following line to the main.cf:
relay_recipient_maps = hash:/etc/postfix/relay_recipients
4. Did a postfix reload.
5. After noticing that this didnt have any effect blocking non-existent recipients, I also did a postfix upgrade-configuration.
6. I restarted the whole server. No effect.

What else do I have to do to make postfix block recipients that are not on the list? It seems to be completely ignoring it.

This is my main.cf file:

[tt]smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mailgw.bancoop.com
mydomain = bancoop.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, $mydomain
relayhost =
#relay_domains = $mydomain
mynetworks = 207.150.243.88/29, 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
append_at_myorigin = no
local_recipient_maps =
relay_recipient_maps = hash:/etc/postfix/relay_recipients
transport_maps = hash:/etc/postfix/transport
header_checks = regexp:/etc/postfix/header_checks
inet_protocols = all[/tt]

 

[jkupski]

My guess is this is a problem related to local_recipient_maps.

# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.

This link should provide the answer to your question:

http://www.postfix.org/LOCAL_RECIPIENT_README.html

 

[BulletSeed]

Ok, I got it working now. I had seen the page at the link you provided before, but I had an insight while reading it this time. Relaying to my back-end mail server's domain wasn't working because it has the same domain name as the postfix server. So thanks to you, I thought I should try to do the destination tables as local and not as relay and it worked!

All I did was comment out both the relay_domains and relay_recipient_maps options and assign the Exchange recipients file to the local_recipient_maps option instead. Now its blocking as it should.

Kinda off topic: BTW, the MailScanner/Postfix/Spamassassin combo is unbelievably efficient! I have gotten zero (0) spam in 5 days and no false positives as far as I know. About 87-91% of my incoming mail is spam. Way better than some other commercial software I was using before which was detecting about 80%.

Thanks jkupski!

 

[jkupski]

Ok, I got it working now. I had seen the page at the link you provided before, but I had an insight while reading it this time. Relaying to my back-end mail server's domain wasn't working because it has the same domain name as the postfix server.

Yes, this is what I was getting at. You were accepting local delivery for world+dog, when what you really wanted was to only accept mail for the relay host.

Kinda off topic: BTW, the MailScanner/Postfix/Spamassassin combo is unbelievably efficient!

Agreed. I'm running Postfix/Amavisd-new/Spamassassin (plus a few other goodies) which is front ending an Exchange 2k3 box. I also use the Postfix box to proxy https for Outlook Web Access, so no one on the internet ever gets to talk directly to the Exchange machine. This has been a very secure and reliable setup, and my users are very happy with the results.