[Mailman-Users] non-delivery to virtual domain
David Newman
dnewman at networktest.com
Mon Nov 1 20:06:53 CET 2010
On 10/31/10 10:22 PM, Mark Sapiro wrote:
> On 10/31/10 4:56 PM, David Newman wrote:
>> On 10/31/10 9:09 AM, Mark Sapiro wrote:
>>>
>>> What exactly does the Postfix log (maillog) say about the delivery to
>>> one of these addresses?
>>
>>
>> maillog says status is "sent" to all list subscribers. The test list,
>> called "s", has one subscriber in domain1.tld on this server (who got
>> the initial welcome to this list message from Mailman but not any
>> messages) and one subscriber in another domain somewhere else (who gets
>> all messages.
>>
>> Again, postfix tells the maillog that a message sent to the list address
>> is "status=sent" to both subscribers.
>
>
> And what is the rest of the information in those log messages, i.e. the
> remainder of the sent= and the relay= for example. Please post the
> entire log line.
Here's a log snapshot of a message sent to s at domain1.tld, a Mailman list
with subscribers 'dnewman at networktest.com' and 'dnewman at domain1.tld'.
This is after removing 'hash:/usr/local/mailman/data/domain1-tld' from
virtual_alias_maps as you suggested and reloading Mailman and postfix.
I'm embedded one comment and one question:
Nov 1 11:51:29 mail postfix/postfix-script[5384]: refreshing the
Postfix mail system
Nov 1 11:51:29 mail postfix/master[19348]: reload -- version 2.6.5,
configuration /etc/postfix
Nov 1 11:51:59 mail postfix/smtpd[32434]: connect from
mail3.networktest.com[69.55.234.104]
Nov 1 11:51:59 mail postfix/trivial-rewrite[29411]: warning: do not
list domain domain1.tld in BOTH mydestination and virtual_mailbox_domains
This is a possible clue. I think postfix is set up so that domain1.tld
*is* a virtual domain. The server -- Mailserver, an email server
appliance from Allard Software -- stores domain info in a SQL database
and postfix calls that database here:
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/domains.cf
Anyway, carrying on:
Nov 1 11:51:59 mail postfix/smtpd[32434]: A91E1130CB:
client=mail3.networktest.com[69.55.234.104]
Nov 1 11:51:59 mail postfix/cleanup[25359]: A91E1130CB:
message-id=<4CCF0C4E.8000704 at networktest.com>
Nov 1 11:51:59 mail postfix/smtpd[32434]: disconnect from
mail3.networktest.com[69.55.234.104]
Nov 1 11:51:59 mail postfix/qmgr[20853]: A91E1130CB:
from=<dnewman at networktest.com>, size=1495, nrcpt=1 (queue active)
Nov 1 11:51:59 mail spamd[10619]: spamd: connection from localhost
[127.0.0.1] at port 45013
Nov 1 11:51:59 mail spamd[10619]: spamd: processing message
<4CCF0C4E.8000704 at networktest.com> for s at mail.domain1.tld:62
Nov 1 11:52:00 mail spamd[10619]: spamd: clean message (-0.0/5.0) for
s at mail.domain1.tld:62 in 1.1 seconds, 1467 bytes.
Nov 1 11:52:00 mail spamd[10619]: spamd: result: . 0 -
T_RP_MATCHES_RCVD
scantime=1.1,size=1467,user=s at mail.domain1.tld,uid=62,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=45013,mid=<4CCF0C4E.8000704 at networktest.com>,autolearn=ham
Nov 1 11:52:01 mail postfix/pickup[1233]: 03422130CD: uid=506
from=<dnewman at networktest.com>
Nov 1 11:52:01 mail postfix/pipe[16800]: A91E1130CB:
to=<s at mail.domain1.tld>, orig_to=<s at domain1.tld>, relay=spamassassin,
delay=1.6, delays=0.33/0.02/0/1.2, dsn=2.0.0, status=sent (delivered via
spamassassin service)
Nov 1 11:52:01 mail postfix/qmgr[20853]: A91E1130CB: removed
Nov 1 11:52:01 mail postfix/cleanup[25359]: 03422130CD:
message-id=<4CCF0C4E.8000704 at networktest.com>
Nov 1 11:52:01 mail postfix/qmgr[20853]: 03422130CD:
from=<dnewman at networktest.com>, size=1762, nrcpt=1 (queue active)
Nov 1 11:52:01 mail spamd[18056]: prefork: child states: II
Nov 1 11:52:01 mail postfix/local[28131]: 03422130CD:
to=<s at mail.domain1.tld>, relay=local, delay=0.32,
delays=0.03/0.02/0/0.26, dsn=2.0.0, status=sent (delivered to command:
/usr/local/mailman/mail/mailman post s)
Nov 1 11:52:01 mail postfix/qmgr[20853]: 03422130CD: removed
Nov 1 11:52:02 mail postfix/smtpd[32434]: connect from localhost[127.0.0.1]
Nov 1 11:52:02 mail postfix/trivial-rewrite[29411]: warning: do not
list domain domain1.tld in BOTH mydestination and virtual_mailbox_domains
Nov 1 11:52:02 mail postfix/smtpd[32434]: 80A72130CB:
client=localhost[127.0.0.1]
Nov 1 11:52:02 mail postfix/trivial-rewrite[29411]: warning: do not
list domain domain1.tld in BOTH mydestination and virtual_mailbox_domains
Nov 1 11:52:02 mail postfix/cleanup[25359]: 80A72130CB:
message-id=<4CCF0C4E.8000704 at networktest.com>
Nov 1 11:52:02 mail postfix/smtpd[32434]: disconnect from
localhost[127.0.0.1]
Nov 1 11:52:02 mail postfix/qmgr[20853]: 80A72130CB:
from=<s-bounces at domain1.tld>, size=2697, nrcpt=2 (queue active)
Nov 1 11:52:02 mail spamd[10619]: spamd: connection from localhost
[127.0.0.1] at port 5435
Nov 1 11:52:02 mail spamd[10619]: spamd: processing message
<4CCF0C4E.8000704 at networktest.com> for dnewman at domain1.tld:62
Nov 1 11:52:07 mail spamd[10619]: spamd: clean message (0.0/5.0) for
dnewman at domain1.tld:62 in 4.8 seconds, 2638 bytes.
Nov 1 11:52:07 mail spamd[10619]: spamd: result: . 0 -
scantime=4.8,size=2638,user=dnewman at domain1.tld,uid=62,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=5435,mid=<4CCF0C4E.8000704 at networktest.com>,autolearn=ham
Nov 1 11:52:07 mail postfix/pickup[1233]: 7027A130CD: uid=506
from=<s-bounces at domain1.tld>
Nov 1 11:52:07 mail postfix/cleanup[25359]: 7027A130CD:
message-id=<4CCF0C4E.8000704 at networktest.com>
Nov 1 11:52:07 mail postfix/pipe[16800]: 80A72130CB:
to=<dnewman at networktest.com>, relay=spamassassin, delay=4.9,
delays=0.04/0/0/4.9, dsn=2.0.0, status=sent (delivered via spamassassin
service)
Nov 1 11:52:07 mail postfix/pipe[16800]: 80A72130CB:
to=<dnewman at domain1.tld>, relay=spamassassin, delay=4.9,
delays=0.04/0/0/4.9, dsn=2.0.0, status=sent (delivered via spamassassin
service)
I don't understand this entry. Since 's at domain1.tld' never received the
message, and since postfix says it was delivered OK, and since there's
no indication of trouble in the Mailman logs, what happened to the message?
Nov 1 11:52:07 mail postfix/qmgr[20853]: 80A72130CB: removed
Nov 1 11:52:07 mail postfix/qmgr[20853]: 7027A130CD:
from=<s-bounces at domain1.tld>, size=2759, nrcpt=1 (queue active)
Nov 1 11:52:07 mail spamd[18056]: prefork: child states: II
Nov 1 11:52:11 mail postfix/smtp[7413]: 7027A130CD:
to=<dnewman at networktest.com>,
relay=mail3.networktest.com[69.55.234.104]:25, delay=3.6,
delays=0.03/0.04/0.39/3.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued
as EC0D3256A73)
Nov 1 11:52:11 mail postfix/qmgr[20853]: 7027A130CD: removed
>
>
>>>
>>>
>>>> I've followed the setup instructions here, doing section 6.1.2 before
>>>> 6.1.1 (given the link about doing virtual stuff first):
>>>>
>>>> http://mailman.sourceforge.net/mailman-install/postfix-virtual.html
>>>> http://mailman.sourceforge.net/mailman-install/postfix-integration.html
>>>
>>>
>>> This normally only affects delivery TO a list in a virtual domain. If
>>> done properly, it should not affect delivery to any non-list address
>>> in the virtual domains.
>>
>> Sorry if I was unclear. Mail delivery to and from non-list addresses in
>> virtual domains on this server works fine. The only messages that are
>> not being delivered are those to a subscriber in domain1.tld on this
>> server. (I haven't yet tried subscribing anyone in domain2.tld or
>> domain3.tld.)
>
>
> You were clear. I was only trying to say that those Postfix
> configurations only affect mail TO mailman. They don't affect the issue
> you are asking about.
>
>
>>>> I've pasted the config files below.
>>>>
>>>> Thanks in advance for clues on getting Mailman to deliver to virtual
>>>> addresses on this server.
>>>
>>>
>>> This is almost certainly a Postfix issue rather than a Mailman issue.
>>> If there is nothing in Mailman's smtp-failure log, Mailman has
>>> delivered the message whith the local virtual recipients included to
>>> Postfix and Postfix has accepted it.
>>>
>>> See additional comments inline below.
>>>
>>>
>>>> server hostname:
>>>> mail.domain1.tld
>>>>
>>>> virtual domains:
>>>> domain1.tld # (not its real name!)
>>>> domain2.tld
>>>> domain3.tld
>>
>> Just to clarify: domain1.tld is not virtual, in the sense that the
>> server's canonical hostname is mail.domain1.tld. However, addresses
>> defined in this domain are virtual -- these users do not have local
>> accounts on this server. Again, non-list mail to and from these users
>> works as expected.
>>
>>
>>>>
>>>> -----
>>>>
>>> >from /etc/postfix/main.cf:
>>>>
>>>> ..
>>>>
>>>> myhostname = mail.domain1.tld
>>>> mydomain = domain1.tld
>>>> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>>>>
>>>> ..
>>>>
>>>> alias_maps = hash:/etc/mail/aliases, hash:/usr/local/mailman/data/aliases
>>>>
>>>> virtual_alias_maps =
>>>> proxy:mysql:/etc/postfix/sql/forwardings.cf
>>>> proxy:mysql:/etc/postfix/sql/email2email.cf
>>>> hash:/usr/local/mailman/data/domain1-tld
>>>> hash:/usr/local/mailman/data/virtual-mailman
>>>
>>>
>>> Full output from "postconf -n" might help.
>>
>> Here you go:
>>
>> alias_database = hash:/etc/mail/aliases
>> alias_maps = hash:/etc/mail/aliases, hash:/usr/local/mailman/data/aliases
>> command_directory = /usr/local/sbin
>> config_directory = /etc/postfix
>> daemon_directory = /usr/local/libexec/postfix
>> header_checks = pcre:/etc/postfix/header_checks.pcre
>> mail_owner = _postfix
>> mailq_path = /usr/local/sbin/mailq
>> manpage_directory = /usr/local/man
>> message_size_limit = 27962027
>> milter_connect_macros = j {daemon_name} v _
>> milter_default_action = tempfail
>> milter_header_checks = pcre:/etc/postfix/milter_header_checks
>> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>> mydomain = domain1.tld
>> myhostname = mail.domain1.tld
>> mynetworks = 127.0.0.0/8
>> newaliases_path = /usr/bin/newaliases
>> proxy_read_maps = proxy:mysql:/etc/postfix/sql/routing.cf
>> proxy:mysql:/etc/postfix/sql/domains.cf
>> proxy:mysql:/etc/postfix/sql/mailboxes.cf
>> proxy:mysql:/etc/postfix/sql/user.cf
>> proxy:mysql:/etc/postfix/sql/group.cf
>> proxy:mysql:/etc/postfix/sql/forwardings.cf
>> proxy:mysql:/etc/postfix/sql/email2email.cf proxy:unix:passwd.byname
>> unix:passwd.byname
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/local/share/doc/postfix/readme
>> recipient_delimiter = +
>> relay_domains = proxy:mysql:/etc/postfix/sql/routing.cf
>> sample_directory = /etc/postfix
>> sendmail_path = /usr/local/sbin/sendmail
>> setgid_group = _postdrop
>> smtp_tls_cert_file = /etc/ssl/server.crt
>> smtp_tls_key_file = /etc/ssl/private/server.key
>> smtp_tls_security_level = may
>> smtpd_delay_reject = yes
>> smtpd_helo_required = yes
>> smtpd_milters = unix:/tmp/clamav-milter.sock
>> smtpd_recipient_restrictions = permit_mynetworks,
>> permit_sasl_authenticated, reject_unauth_destination,
>> reject_unauth_pipelining, reject_invalid_hostname,
>> reject_unknown_sender_domain, reject_unknown_recipient_domain,
>> reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client
>> zen.spamhaus.org
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain =
>> smtpd_sasl_security_options = noanonymous
>> smtpd_tls_auth_only = yes
>> smtpd_tls_cert_file = /etc/ssl/server.crt
>> smtpd_tls_key_file = /etc/ssl/private/server.key
>> smtpd_tls_received_header = yes
>> smtpd_tls_security_level = may
>> smtpd_use_tls = yes
>> strict_rfc821_envelopes = yes
>> transport_maps = proxy:mysql:/etc/postfix/sql/routing.cf
>> unknown_local_recipient_reject_code = 550
>> virtual_alias_domains =
>
>
> Here you want
>
> virtual_alias_domains = domain2.tld, domain3.tld
>
>
>> virtual_alias_maps = proxy:mysql:/etc/postfix/sql/forwardings.cf
>> proxy:mysql:/etc/postfix/sql/email2email.cf
>> hash:/usr/local/mailman/data/domain1.tld
>
> and remove the above which may possibly fix your problem.
>
>
>> hash:/usr/local/mailman/data/virtual-mailman
>> virtual_gid_maps = proxy:mysql:/etc/postfix/sql/group.cf
>> virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/domains.cf
>> virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mailboxes.cf
>> virtual_minimum_uid = 1000
>> virtual_transport = dovecot
>> virtual_uid_maps = proxy:mysql:/etc/postfix/sql/user.cf
>>
>>
>>>
>>>
>>>> -----
>>>>
>>> >from /usr/local/mailman/Mailman/mm_cfg.py:
>>>>
>>>> MTA = 'Postfix'
>>>> MAILMAN_SITE_LIST = 'mailman'
>>>> DEFAULT_EMAIL_HOST = 'domain1.tld'
>>>> DEFAULT_URL_HOST = 'mail.domain1.tld'
>>>> DEFAULT_URL_PATTERN = 'https://%s/mailman/'
>>>> PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
>>>> IMAGE_LOGOS = '/icons/'
>>>> POSTFIX_ALIAS_CMD = '/usr/local/sbin/postalias'
>>>> POSTFIX_MAP_CMD = '/usr/local/sbin/postmap'
>>>> POSTFIX_STYLE_VIRTUAL_DOMAINS = [ 'domain2.tld', 'domain3.tld' ]
>>>> # Clear the Defaults.py VIRTUAL_HOSTS entry
>>>> VIRTUAL_HOSTS.clear()
>>>> add_virtualhost('DEFAULT_EMAIL_HOST', 'DEFAULT_URL_HOST')
>>>
>>>
>>> The above is backwards. It should be
>>>
>>> add_virtualhost('DEFAULT_URL_HOST', 'DEFAULT_EMAIL_HOST')
>>>
>>>
>>>> add_virtualhost('domain2.tld', 'domain2.tld')
>>>> add_virtualhost('domain3.tld', 'domain3.tld')
>>>
>>>
>>> However, nothing here affects delivery of mail FROM mailman.
>>>
>>
>> OK
>>
>>>
>>>> -----
>>>>
>>>> /usr/local/mailman/data/aliases
>>>>
>>>>
>>>> # The ultimate loop stopper address
>>>> mailman-loop: /usr/local/mailman/data/owner-bounces.mbox
>>>>
>>>> # STANZA START: mailman
>>>> # CREATED: Sat Oct 30 11:23:37 2010
>>>> mailman: "|/usr/local/mailman/mail/mailman post mailman"
>>>> mailman-admin: "|/usr/local/mailman/mail/mailman admin mailman"
>>>> mailman-bounces: "|/usr/local/mailman/mail/mailman bounces mailman"
>>>> mailman-confirm: "|/usr/local/mailman/mail/mailman confirm mailman"
>>>> mailman-join: "|/usr/local/mailman/mail/mailman join mailman"
>>>> mailman-leave: "|/usr/local/mailman/mail/mailman leave mailman"
>>>> mailman-owner: "|/usr/local/mailman/mail/mailman owner mailman"
>>>> mailman-request: "|/usr/local/mailman/mail/mailman request mailman"
>>>> mailman-subscribe: "|/usr/local/mailman/mail/mailman subscribe mailman"
>>>> mailman-unsubscribe: "|/usr/local/mailman/mail/mailman unsubscribe mailman"
>>>> # STANZA END: mailman
>>>>
>>>> # STANZA START: s
>>>> # CREATED: Sat Oct 30 11:35:12 2010
>>>> s: "|/usr/local/mailman/mail/mailman post s"
>>>> s-admin: "|/usr/local/mailman/mail/mailman admin s"
>>>> s-bounces: "|/usr/local/mailman/mail/mailman bounces s"
>>>> s-confirm: "|/usr/local/mailman/mail/mailman confirm s"
>>>> s-join: "|/usr/local/mailman/mail/mailman join s"
>>>> s-leave: "|/usr/local/mailman/mail/mailman leave s"
>>>> s-owner: "|/usr/local/mailman/mail/mailman owner s"
>>>> s-request: "|/usr/local/mailman/mail/mailman request s"
>>>> s-subscribe: "|/usr/local/mailman/mail/mailman subscribe s"
>>>> s-unsubscribe: "|/usr/local/mailman/mail/mailman unsubscribe s"
>>>> # STANZA END: s
>>>
>>>
>>> Likewise, the aliases above only affect delivery TO the mailman and s
>>> lists.
>>
>> OK
>>
>>>
>>>
>>>> -----
>>>>
>>>> /usr/local/etc/mailman/data/domain1-tld:
>>>>
>>>> domain1.tld IGNORE
>>>> @domain1.tld @mail.domain1.tld
>>>
>>>
>>> This file and its reference in virtual_alias_maps is conflicting as
>>> this says domain1.tld is a virtual alias domain and its presence in
>>> mydestination says it's not. Also, this is obsolete in Postfix. The
>>> current method of specifying to postfix that a domain is a virtual
>>> alias domain is to list it in virtual_alias_domains in main.cf.
>>
>> This came from section 6.1.2 of the Mailman docs on integration with
>> postfix. This, along with the part at the top of section 6.1.1 saying to
>> do this stuff first, is perhaps the most confusing part of the Mailman
>> docs. If this method is obsolete in Postfix, it's time to revise these
>> docs (and as a sometime tech writer I volunteer to help once I
>> understand this).
>>
>> Just double-checking: I think you're saying to treat domain1.tld as a
>> virtual alias domain. True?
>
>
> No. I'm saying domain1.tld is not currently treated as a virtual domain
> in Postfix except for the above file and its reference in
> virtual_alias_maps. I think both the ile and the reference should be
> removed.
>
>
>> If so I think the changes to do this would be:
>>
>> 1. in main.cf, delete the myhostname and mydomain lines ((not sure these
>> are strictly needed given that postfix gets these anyway from
>> gethostbyname() ))
>>
>> 2. in main.cf, remove $mydomain from $mydestination
>
>
> I think you should leave the above as is.
>
>
>> 3. in main.cf, delete '/usr/local/etc/mailman/data/domain1-tld' from
>> virtual_alias_maps
>
>
> As I said above, I think you should do this.
>
>
>>>
>>>
>>>> -----
>>>>
>>>> /usr/local/mailman/data/virtual-mailman:
>>>>
>>>> # LOOP ADDRESSES START
>>>> mailman-loop at domain1.tld mailman-loop
>>>> # LOOP ADDRESSES END
>>>>
>>>> # STANZA START: s
>>>> # CREATED: Sat Oct 30 11:35:12 2010
>>>> s at domain1.tld s
>>>> s-admin at domain1.tld s-admin
>>>> s-bounces at domain1.tld s-bounces
>>>> s-confirm at domain1.tld s-confirm
>>>> s-join at domain1.tld s-join
>>>> s-leave at domain1.tld s-leave
>>>> s-owner at domain1.tld s-owner
>>>> s-request at domain1.tld s-request
>>>> s-subscribe at domain1.tld s-subscribe
>>>> s-unsubscribe at domain1.tld s-unsubscribe
>>>> # STANZA END: s
>>>
>>>
>>> And this virtual mapping only affects delivery to the s at domain1.tld
>>> list and it's associated admin addresses, but since domain1.tld is not
>>> in POSTFIX_STYLE_VIRTUAL_DOMAINS (which is correct because it is in
>>> main.cf mydestination which makes it a postfix local domain), why is
>>> this list in virtual-mailman at all.
>>
>> Clearly I'm confused as to whether domain1.tld should or should not be
>> defined as a virtual domain. The Mailman docs on postfix integration say
>> no, but I think you're saying to treat it as a virtual domain.
>
>
> No, I'm saying it's not a virtual domain and should not be treated as such.
>
> I'm also asking how the above virtual-mailman got created with entries
> for s*@domain1.tld when domain1.tld is not in
> POSTFIX_STYLE_VIRTUAL_DOMAINS in the first place?
>
> Also, it appears you are taking
> <http://mailman.sourceforge.net/mailman-install/postfix-virtual.html>
> much too literally. That section describes a complicated situation which
> is not typically encountered in practice. And yes, it should probably be
> heavily revised.
Clarity is desirable and too rare in technical writing. I'd be glad to
propose revisions to sections 6.1.1 and 6.1.2 of the docs once I
understand how this should work.
Thanks again for your guidance in troubleshooting.
dn
>
More information about the Mailman-Users
mailing list