[Mailman-Users] postfix to mailman: User doesn't exist/relay access denied

Mark Sapiro mark at msapiro.net
Tue Feb 9 16:24:28 EST 2016 

On 02/09/2016 12:46 PM, walter at ifkuk.org wrote:
> 
> On 09/02/2016 18:48, Mark Sapiro wrote:

>>
>> Please post the Postfix /var/log/mail.log messages resulting from each
>> of these failed delivery scenarios (1 set per scenario).
> 
> The first one is from my gmail address, its quite long,
> but I left everything in, cause I dont know what could be of help
> 
...
> Feb  9 20:50:18 ifkuk postfix/smtpd[22439]: NOQUEUE: reject: RCPT from
> mail-wm0-f50.google.com[74.125.82.50]: 554 5.7.1 <test at lists.ifkuk.org>:
> Relay access denied; from=<neubau at gmail.com> to=<test at lists.ifkuk.org>


This is because you don't have lists.ifkuk.org in virtual_alias_domains.
See below.


> This is the internal address.
> 
> 
...
> Feb  9 20:50:27 ifkuk postfix/lmtp[22428]: 2EABF3685:
> to=<test at ifkuk.org>, orig_to=<test at lists.ifkuk.org>,
> relay=mail.ifkuk.org[private/dovecot-lmtp], delay=1.1,
> delays=0.9/0/0/0.25, dsn=5.1.1, status=bounced (host
> mail.ifkuk.org[private/dovecot-lmtp] said: 550 5.1.1 <test at ifkuk.org>
> User doesn't exist: test at ifkuk.org


This is because you are using Dovecot for local mail delivery and
Dovecot doesn't use aliases so it doesn't know how to deliver to test.



> 
>>
>>> /etc/postfix/main.conf
>>
>> Looks OK offhand. The output from 'postconf -n' tells us all we need and
>> is much more readable.
>>
>>
> here you go:
> 
> 
> alias_maps = hash:/var/lib/mailman/data/aliases,hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mydestination =
> localhost,localhost.localdomain,$myhostname,localhost.$mydomain
> mydomain = ifkuk.org
> myhostname = mail.ifkuk.org
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
> smtpd_banner = $myhostname ESMTP (Debian/GNU)
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination
> smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks,
> reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/letsencrypt/live/mail.ifkuk.org/fullchain.pem
> smtpd_tls_key_file = /etc/letsencrypt/live/mail.ifkuk.org/privkey.pem
> smtpd_use_tls = yes
> virtual_alias_domains =
> virtual_alias_maps =
> hash:/var/lib/mailman/data/virtual-mailman,proxy:pgsql:/etc/postfix/pgsql-virtual_forwardings.cf,pgsql:/etc/postfix/pgsql-virtual_email2email.cf
> 
> virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql-virtual_domains.cf
> virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql-virtual_mailboxes.cf
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> 
>>> virtual_alias_domains =
>> Maybe something here?
> if I add lists.ifkuk.org there, I get the unknown user error also when
> sending from the gmail address.
> I've left it out for now.


You have two problems.

The first is your external mail is not being delivered because Postfix
hasn't been told lists.ifkuk.org is a domain it can deliver to so it
thinks it's a relay domain and won't relay from an external domain. It
you add lists.ifkuk.org to virtual_alias_domains, Postfix will know it
can accept mail for that domain and will map 'test at lists.ifkuk.org' to
the local user 'test' via the mapping in
/var/lib/mailman/data/virtual-mailman.

Then you encounter the second problem which is the local user 'test' is
supposed to be delivered to mailman via the

test:             "|/var/lib/mailman/mail/mailman post test"

alias in /var/lib/mailman/data/aliases, but delivery for this domain is
handled by Dovecot because of

virtual_transport = lmtp:unix:private/dovecot-lmtp

and Dovecot doesn't do aliases.

So, you have two choices depending on why you are using Dovecot for
local delivery.

If this is a new server, and all of

> virtual_alias_domains =
> virtual_alias_maps =
> hash:/var/lib/mailman/data/virtual-mailman,proxy:pgsql:/etc/postfix/pgsql-virtual_forwardings.cf,pgsql:/etc/postfix/pgsql-virtual_email2email.cf
> 
> virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql-virtual_domains.cf
> virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql-virtual_mailboxes.cf
> virtual_transport = lmtp:unix:private/dovecot-lmtp

is something that you just inherited from some default or some how-to
document, I'd suggest removing it and going with something simpler like

virtual_alias_domains = lists.ifkuk.org
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman

plus whatever else you actually need.

If this is an existing server and Dovecot delivery is important, follow
the FAQ at <http://wiki.list.org/x/10715238>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list