Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / external / ibm-public / postfix / dist / proto / ADDRESS_REWRITING_README.html
blob94612cc16a717a0216776fef73b434e2b88b695c
1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2 "http://www.w3.org/TR/html4/loose.dtd">
4 <html>
6 <head>
8 <title>Postfix Address Rewriting </title>
10 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
12 </head>
14 <body>
16 <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
17 Address Rewriting </h1>
19 <hr>
21 <h2> <a name="purpose"> Postfix address rewriting purpose </a> </h2>
23 <p> Address rewriting is at the heart of the Postfix mail system.
24 Postfix rewrites addresses for many different purposes. Some are
25 merely cosmetic, and some are necessary to deliver correctly
26 formatted mail to the correct destination. Examples of
27 address rewriting in Postfix are: </p>
29 <ul>
31 <li> <p> Transform an incomplete address into a complete address.
32 For example, transform "username" into "username@example.com", or
33 transform "username@hostname" into "username@hostname.example.com".
34 </p>
36 <li> <p> Replace an address by an equivalent address. For example,
37 replace "username@example.com" by "firstname.lastname@example.com"
38 when sending mail, and do the reverse transformation when receiving
39 mail. </p>
41 <li> <p> Replace an internal address by an external address. For
42 example, replace "username@localdomain.local" by "isp-account@isp.example"
43 when sending mail from a home computer to the Internet.
44 </p>
46 <li> <p> Replace an address by multiple addresses. For example,
47 replace the address of an alias by the addresses listed under that
48 alias. </p>
50 <li> <p> Determine how and where to deliver mail for a specific
51 address. For example, deliver mail for "username@example.com" with
52 the smtp(8) delivery agent, to the hosts that are listed in the
53 DNS as the mail servers for the domain "example.com". </p>
55 </ul>
57 <p> Although Postfix currently has no address rewriting language,
58 it can do surprisingly powerful address manipulation via table
59 lookup. Postfix typically uses lookup tables with fixed strings
60 to map one address to one or multiple addresses, and typically uses
61 regular expressions to map multiple addresses to one or multiple
62 addresses. Fixed-string lookup tables may be in the form of local
63 files, or in the form of NIS, LDAP or SQL databases. The
64 DATABASE_README document gives an introduction to Postfix lookup
65 tables. </p>
67 <p> Topics covered in this document: </p>
69 <ul>
71 <li> <a href="#william"> To rewrite message headers or not, or to label
72 as invalid </a>
74 <li> <a href="#overview"> Postfix address rewriting overview </a>
76 <li> <a href="#receiving"> Address rewriting when mail is received</a>
78 <ul>
80 <li> <a href="#standard"> Rewrite addresses to standard form</a>
82 <li> <a href="#canonical"> Canonical address mapping </a>
84 <li> <a href="#masquerade"> Address masquerading </a>
86 <li> <a href="#auto_bcc"> Automatic BCC recipients</a>
88 <li> <a href="#virtual"> Virtual aliasing </a>
90 </ul>
92 <li> <a href="#delivering"> Address rewriting when mail is delivered</a>
94 <ul>
96 <li> <a href="#resolve"> Resolve address to destination </a>
98 <li> <a href="#transport"> Mail transport switch </a>
100 <li> <a href="#relocated"> Relocated users table </a>
102 </ul>
104 <li> <a href="#remote"> Address rewriting with remote delivery </a>
106 <ul>
108 <li> <a href="#generic"> Generic mapping for outgoing SMTP mail </a>
110 </ul>
112 <li> <a href="#local"> Address rewriting with local delivery </a>
114 <ul>
116 <li> <a href="#aliases"> Local alias database </a>
118 <li> <a href="#forward"> Local per-user .forward files </a>
120 <li> <a href="#luser_relay"> Local catch-all address </a>
122 </ul>
124 <li> <a href="#debugging"> Debugging your address manipulations </a>
126 </ul>
128 <h2> <a name="william"> To rewrite message headers or not, or to label
129 as invalid </a> </h2>
131 <p> Postfix versions 2.1 and earlier always rewrite message header
132 addresses, and append Postfix's own domain information to addresses
133 that Postfix considers incomplete. While rewriting message header
134 addresses is OK for mail with a local origin, it is undesirable
135 for remote mail: </p>
137 <ul>
139 <li> Message header address rewriting is frowned upon by mail standards,
141 <li> Appending Postfix's own domain produces incorrect results with
142 some incomplete addresses,
144 <li> Appending Postfix's own domain sometimes creates the appearance
145 that spam is sent by local users.
147 </ul>
149 <p> Postfix versions 2.2 give you the option to either not rewrite
150 message headers from remote SMTP clients at all, or to label
151 incomplete addresses in such message headers as invalid. Here is
152 how it works: </p>
154 <ul>
156 <li> Postfix always rewrites message headers from local SMTP clients
157 and from the Postfix sendmail command, and appends its own domain
158 to incomplete addresses. The local_header_rewrite_clients parameter
159 controls what SMTP clients Postfix considers local (by default,
160 only local network interface addresses).
162 <li> Postfix never rewrites message header addresses from remote
163 SMTP clients when the remote_header_rewrite_domain parameter value
164 is empty (the default setting).
166 <li> Otherwise, Postfix rewrites message headers from remote SMTP
167 clients, and appends the remote_header_rewrite_domain value to
168 incomplete addresses. This feature can be used to append a reserved
169 domain such as "domain.invalid", so that incomplete addresses cannot
170 be mistaken for local addresses.
172 </ul>
174 <h2> <a name="overview"> Postfix address rewriting overview </a> </h2>
176 <p> The figure below zooms in on those parts of Postfix that are most
177 involved with address rewriting activity. See the OVERVIEW document
178 for an overview of the complete Postfix architecture. Names followed
179 by a number are Postfix daemon programs, while unnumbered names
180 represent Postfix queues or internal sources of mail messages. </p>
182 <blockquote>
184 <table>
186 <tr>
188 <td colspan="2"> </td>
190 <td bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8)<br>(std
191 form) </td>
193 <td colspan="5"> </td>
195 <td bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8)<br>(resolve)
196 </td>
198 </tr>
200 <tr>
202 <td colspan="2"> </td>
204 <td align="center"><table><tr><td align="center"> ^<br> <tt> |
205 </tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table>
207 <td colspan="5"> </td>
209 <td align="center"><table><tr><td align="center"> ^<br> <tt> |
210 </tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table>
212 <td colspan="2"> </td>
214 </tr>
216 <tr>
218 <td bgcolor="#f0f0ff" align="center" valign="middle"> smtpd(8)
219 </td>
221 <td rowspan="3" align="center" valign="middle"> <tt> &gt;- </tt>
222 </td>
224 <td rowspan="3" bgcolor="#f0f0ff" align="center"> cleanup(8) </td>
226 <td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
227 </td>
229 <td rowspan="3" bgcolor="#f0f0ff" align="center"> <a
230 href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
232 <td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
233 </td>
235 <td rowspan="3" bgcolor="#f0f0ff" align="center"> <a
236 href="QSHAPE_README.html#active_queue"> active </a> </td>
238 <td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
239 </td>
241 <td rowspan="3" bgcolor="#f0f0ff" align="center"> qmgr(8) </td>
243 <td rowspan="3" align="center" valign="middle"> <tt> -&lt; </tt>
244 </td>
246 <td bgcolor="#f0f0ff" align="center" valign="middle">
247 smtp(8) </td>
249 </tr>
251 <tr>
253 <td bgcolor="#f0f0ff" align="center" valign="middle">
254 qmqpd(8) </td>
256 <td bgcolor="#f0f0ff" align="center" valign="middle"> lmtp(8) </td>
258 </tr>
260 <tr>
262 <td bgcolor="#f0f0ff" align="center" valign="middle"> pickup(8)
263 </td>
265 <td bgcolor="#f0f0ff" align="center" valign="middle"> local(8)
266 </td>
268 </tr>
270 <tr>
272 <td colspan="2"> </td>
274 <td align="center"> ^<br> <tt> | </tt> </td>
276 <td colspan="3"> </td>
278 <td align="center"><table><tr><td align="center"> ^<br> <tt> |
279 </tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table>
281 <td colspan="4"> </td>
283 </tr>
285 <tr>
287 <td colspan="2"> </td>
289 <td align="center"> bounces<br> forwarding<br> notices</td>
291 <td colspan="3"> </td>
293 <td bgcolor="#f0f0ff" align="center"> <a
294 href="QSHAPE_README.html#deferred_queue"> deferred </a>
296 <td colspan="2"> </td>
298 </table>
300 </blockquote>
302 <p> The table below summarizes all Postfix address manipulations.
303 If you're reading this document for the first time, skip forward
304 to "<a href="ADDRESS_REWRITING_README.html#receiving">Address
305 rewriting when mail is received</a>". Once you've finished reading
306 the remainder of this document, the table will help you to quickly
307 find what you need. </p>
309 <blockquote>
311 <table border="1">
313 <tr> <th nowrap> Address manipulation </th> <th nowrap> Scope </th>
314 <th> Daemon </th> <th nowrap> Global turn-on control </th> <th nowrap> Selective
315 turn-off control </th> </tr>
317 <tr> <td> <a href="#standard"> Rewrite addresses to standard form</a>
318 </td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td>
319 <td> append_at_myorigin, append_dot_mydomain, swap_bangpath,
320 allow_percent_hack </td> <td> local_header_rewrite_clients,
321 remote_header_rewrite_domain </td> </tr>
323 <tr> <td> <a href="#canonical"> Canonical address mapping </a> </td>
324 <td nowrap> all mail </td> <td> cleanup(8) </td> <td> canonical_maps
325 </td> <td> receive_override_options, local_header_rewrite_clients,
326 remote_header_rewrite_domain </td> </tr>
328 <tr> <td> <a href="#masquerade"> Address masquerading </a> </td> <td
329 nowrap> all mail </td> <td> cleanup(8) </td> <td> masquerade_domains
330 </td> <td> receive_override_options, local_header_rewrite_clients,
331 remote_header_rewrite_domain </td> </tr>
333 <tr> <td> <a href="#auto_bcc"> Automatic BCC recipients </a> </td>
334 <td nowrap> new mail </td> <td> cleanup(8) </td> <td> always_bcc,
335 sender_bcc_maps, recipient_bcc_maps </td> <td> receive_override_options
336 </td> </tr>
338 <tr> <td> <a href="#virtual"> Virtual aliasing </a> </td> <td
339 nowrap> all mail </td> <td> cleanup(8) </td> <td> virtual_alias_maps
340 </td> <td> receive_override_options </td> </tr>
342 <tr> <td> <a href="#resolve"> Resolve address to destination </a>
343 </td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td>
344 <td> none </td> <td> none </td> </tr>
346 <tr> <td> <a href="#transport"> Mail transport switch</a> </td>
347 <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> <td>
348 transport_maps </td> <td> none </td> </tr>
350 <tr> <td> <a href="#relocated"> Relocated users table</a> </td>
351 <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> <td>
352 relocated_maps </td> <td> none </td> </tr>
354 <tr> <td> <a href="#generic"> Generic mapping table </a> </td> <td>
355 outgoing SMTP mail </td> <td> smtp(8) </td> <td> smtp_generic_maps
356 </td> <td> none </td> </tr>
358 <tr> <td> <a href="#aliases"> Local alias database</a> </td> <td>
359 local mail only </td> <td> local(8) </td> <td> alias_maps </td> <td> none
360 </td> </tr>
362 <tr> <td> <a href="#forward"> Local per-user .forward files</a>
363 </td> <td> local mail only </td> <td> local(8) </td> <td> forward_path
364 </td> <td> none </td> </tr>
366 <tr> <td> <a href="#luser_relay"> Local catch-all address</a> </td>
367 <td> local mail only </td> <td> local(8) </td> <td> luser_relay </td> <td>
368 none </td> </tr>
370 </table>
372 </blockquote>
374 <h2> <a name="receiving"> Address rewriting when mail is received</a>
375 </h2>
377 <p> The cleanup(8) server receives mail from outside of Postfix as
378 well as mail from internal sources such as forwarded mail,
379 undeliverable mail that is bounced to the sender, and postmaster
380 notifications about problems with the mail system. </p>
382 <p> The cleanup(8) server transforms the sender, recipients and
383 message content into a standard form before writing it to an incoming
384 queue file. The server cleans up sender and recipient addresses in
385 message headers and in the envelope, adds missing message headers
386 such as From: or Date: that are required by mail standards, and
387 removes message headers such as Bcc: that should not be present.
388 The cleanup(8) server delegates the more complex address manipulations
389 to the trivial-rewrite(8) server as described later in this document.
390 </p>
392 <p> Address manipulations at this stage are: </p>
394 <ul>
396 <li> <a href="#standard"> Rewrite addresses to standard form</a>
398 <li> <a href="#canonical"> Canonical address mapping</a>
400 <li> <a href="#masquerade"> Address masquerading</a>
402 <li> <a href="#auto_bcc"> Automatic BCC recipients</a>
404 <li> <a href="#virtual"> Virtual aliasing </a>
406 </ul>
408 <h3> <a name="standard"> Rewrite addresses to standard form</a> </h3>
410 <p> Before the cleanup(8) daemon runs an address through any address
411 mapping lookup table, it first rewrites the address to the standard
412 "user@fully.qualified.domain" form, by sending the address to the
413 trivial-rewrite(8) daemon. The purpose of rewriting to standard
414 form is to reduce the number of entries needed in lookup tables.
415 </p>
417 <p> The Postfix trivial-rewrite(8) daemon implements the following
418 hard-coded address manipulations: </p>
420 <blockquote>
422 <dl>
424 <dt>Rewrite "@hosta,@hostb:user@site" to "user@site"</dt>
426 <dd> <p> In case you wonder what this is, the address form above
427 is called a route address, and specifies that mail for "user@site"
428 be delivered via "hosta" and "hostb". Usage of this form has been
429 deprecated for a long time. Postfix has no ability to handle route
430 addresses, other than to strip off the route part. </p>
432 <p> NOTE: Postfix versions 2.2 and later rewrite message headers
433 from remote SMTP clients only if the client matches the
434 local_header_rewrite_clients parameter, or if the
435 remote_header_rewrite_domain configuration parameter specifies a
436 non-empty value. To get the behavior before Postfix 2.2, specify
437 "local_header_rewrite_clients = static:all". </p> </dd>
439 <dt>Rewrite "site!user" to "user@site" </dt>
441 <dd> <p> This feature is controlled by the boolean swap_bangpath
442 parameter (default: yes). The purpose is to rewrite UUCP-style
443 addresses to domain style. This is useful only when you receive
444 mail via UUCP, but it probably does not hurt otherwise. </p>
446 <p> NOTE: Postfix versions 2.2 and later rewrite message headers
447 from remote SMTP clients only if the client matches the
448 local_header_rewrite_clients parameter, or if the
449 remote_header_rewrite_domain configuration parameter specifies a
450 non-empty value. To get the behavior before Postfix 2.2, specify
451 "local_header_rewrite_clients = static:all". </p> </dd>
453 <dt>Rewrite "user%domain" to "user@domain"</dt>
455 <dd> <p> This feature is controlled by the boolean allow_percent_hack
456 parameter (default: yes). Typically, this is used in order to deal
457 with monstrosities such as "user%domain@otherdomain". </p>
459 <p> NOTE: Postfix versions 2.2 and later rewrite message headers
460 from remote SMTP clients only if the client matches the
461 local_header_rewrite_clients parameter, or if the
462 remote_header_rewrite_domain configuration parameter specifies a
463 non-empty value. To get the behavior before Postfix 2.2, specify
464 "local_header_rewrite_clients = static:all". </p> </dd>
466 <dt>
468 Rewrite "user" to "user@$myorigin" </dt>
470 <dd> <p> This feature is controlled by the boolean append_at_myorigin
471 parameter (default: yes). You should never turn off this feature,
472 because a lot of Postfix components expect that all addresses have
473 the form "user@domain". </p>
475 <p> NOTE: Postfix versions 2.2 and later rewrite message headers
476 from remote SMTP clients only if the client matches the
477 local_header_rewrite_clients parameter; otherwise they append the
478 domain name specified with the remote_header_rewrite_domain
479 configuration parameter, if one is specified. To get the behavior
480 before Postfix 2.2, specify "local_header_rewrite_clients =
481 static:all". </p>
483 <p> If your machine is not the main machine for $myorigin and you
484 wish to have some users delivered locally without going via that
485 main machine, make an entry in the <a href="#virtual">virtual
486 alias</a> table that redirects "user@$myorigin" to
487 "user@$myhostname". See also the "delivering some
488 users locally" section in the STANDARD_CONFIGURATION_README
489 document. </p> </dd>
491 <dt>
493 Rewrite "user@host" to "user@host.$mydomain" </dt>
495 <dd> <p> This feature is controlled by the boolean append_dot_mydomain
496 parameter (default: yes). The purpose is to get consistent treatment
497 of different forms of the same hostname. </p>
499 <p> NOTE: Postfix versions 2.2 and later rewrite message headers
500 from remote SMTP clients only if the client matches the
501 local_header_rewrite_clients parameter; otherwise they append the
502 domain name specified with the remote_header_rewrite_domain
503 configuration parameter, if one is specified. To get the behavior
504 before Postfix 2.2, specify "local_header_rewrite_clients =
505 static:all". </p>
507 <p> Some will argue that rewriting "host" to "host.domain"
508 is bad. That is why it can be turned off. Others like the convenience
509 of having Postfix's own domain appended automatically. </p> </dd>
511 <dt>Rewrite "user@site." to "user@site" (without the trailing dot).</dt>
513 <dd> <p> A single trailing dot is silently removed. However, an
514 address that ends in multiple dots will be rejected as an invalid
515 address. </p>
517 <p> NOTE: Postfix versions 2.2 and later rewrite message headers
518 from remote SMTP clients only if the client matches the
519 local_header_rewrite_clients parameter, or if the
520 remote_header_rewrite_domain configuration parameter specifies a
521 non-empty value. To get the behavior before Postfix 2.2, specify
522 "local_header_rewrite_clients = static:all". </p> </dd>
524 </dl>
526 </blockquote>
528 <h3> <a name="canonical"> Canonical address mapping </a> </h3>
530 <p> The cleanup(8) daemon uses the canonical(5) tables to rewrite
531 addresses in message envelopes and in message headers. By default
532 all header and envelope addresses are rewritten; this is controlled
533 with the canonical_classes configuration parameter. </p>
535 <p> NOTE: Postfix versions 2.2 and later rewrite message headers
536 from remote SMTP clients only if the client matches the
537 local_header_rewrite_clients parameter, or if the
538 remote_header_rewrite_domain configuration parameter specifies a
539 non-empty value. To get the behavior before Postfix 2.2, specify
540 "local_header_rewrite_clients = static:all". </p>
542 <p> Address rewriting is
543 done for local and remote addresses. The mapping is useful to
544 replace login names by "Firstname.Lastname" style addresses, or to
545 clean up invalid domains in mail addresses produced by legacy mail
546 systems. </p>
548 <p> Canonical mapping is disabled by default. To enable, edit the
549 canonical_maps parameter in the main.cf file and specify one or
550 more lookup tables, separated by whitespace or commas. </p>
552 <p> Example: </p>
554 <blockquote>
555 <pre>
556 /etc/postfix/main.cf:
557 canonical_maps = hash:/etc/postfix/canonical
559 /etc/postfix/canonical:
560 wietse Wietse.Venema
561 </pre>
562 </blockquote>
564 <p> For static mappings as shown above, lookup tables such as hash:,
565 ldap:, mysql: or pgsql: are sufficient. For dynamic mappings you
566 can use regular expression tables. This requires that you become
567 intimately familiar with the ideas expressed in regexp_table(5),
568 pcre_table(5) and canonical(5). </p>
570 <p> In addition to the canonical maps which are applied to both sender
571 and recipient addresses, you can specify canonical maps that are
572 applied only to sender addresses or to recipient addresses. </p>
574 <p> Example: </p>
576 <blockquote>
577 <pre>
578 /etc/postfix/main.cf:
579 sender_canonical_maps = hash:/etc/postfix/sender_canonical
580 recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
581 </pre>
582 </blockquote>
584 <p> The sender and recipient canonical maps are applied before the
585 common canonical maps. The sender_canonical_classes and
586 recipient_canonical_classes parameters control what addresses are
587 subject to sender_canonical_maps and recipient_canonical_maps
588 mappings, respectively. </p>
590 <p> Sender-specific rewriting is useful when you want to rewrite
591 ugly sender addresses to pretty ones, and still want to be able to
592 send mail to the those ugly address without creating a mailer loop.
593 </p>
595 <p> Canonical mapping can be turned off selectively for mail received
596 by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf settings
597 in the master.cf file. This feature is available in Postfix version
598 2.1 and later. </p>
600 <p> Example: </p>
602 <blockquote>
603 <pre>
604 /etc/postfix/master.cf:
605 :10026 inet n - n - - smtpd
606 -o receive_override_options=no_address_mappings
607 </pre>
608 </blockquote>
610 <p> Note: do not specify whitespace around the "=" here. </p>
612 <h3> <a name="masquerade"> Address masquerading </a> </h3>
614 <p> Address masquerading is a method to hide hosts inside a domain
615 behind their mail gateway, and to make it appear as if the mail
616 comes from the gateway itself, instead of from individual machines.
617 </p>
619 <p> NOTE: Postfix versions 2.2 and later rewrite message headers
620 from remote SMTP clients only if the client matches the
621 local_header_rewrite_clients parameter, or if the
622 remote_header_rewrite_domain configuration parameter specifies a
623 non-empty value. To get the behavior before Postfix 2.2, specify
624 "local_header_rewrite_clients = static:all". </p>
626 <p> Address masquerading is disabled by default, and is implemented
627 by the cleanup(8) server. To enable, edit the masquerade_domains
628 parameter in the main.cf file and specify one or more domain names
629 separated by whitespace or commas. When Postfix tries to masquerade
630 a domain, it processes the list from left to right, and processing
631 stops at the first match. </p>
633 <p> Example: </p>
635 <blockquote>
636 <pre>
637 /etc/postfix/main.cf:
638 masquerade_domains = foo.example.com example.com
639 </pre>
640 </blockquote>
642 <p> strips "any.thing.foo.example.com" to "foo.example.com", but
643 strips "any.thing.else.example.com" to "example.com". </p>
645 <p> A domain name prefixed with "<tt>!</tt>" means do not masquerade
646 this domain or its subdomains: </p>
648 <blockquote>
649 <pre>
650 /etc/postfix/main.cf:
651 masquerade_domains = !foo.example.com example.com
652 </pre>
653 </blockquote>
655 <p> does not change "any.thing.foo.example.com" and "foo.example.com",
656 but strips "any.thing.else.example.com" to "example.com". </p>
658 <p> The masquerade_exceptions configuration parameter specifies
659 what user names should not be subjected to address masquerading.
660 Specify one or more user names separated by whitespace or commas.
661 </p>
663 <p> Example: </p>
665 <blockquote>
666 <pre>
667 /etc/postfix/main.cf:
668 masquerade_exceptions = root
669 </pre>
670 </blockquote>
672 <p> By default, Postfix makes no exceptions. </p>
674 <p> Subtle point: by default, address masquerading is applied only to
675 message headers and to envelope sender addresses, but not to envelope
676 recipients. This allows you to use address masquerading on a mail
677 gateway machine, while still being able to forward mail from outside
678 to users on individual machines. </p>
680 <p> In order to subject envelope recipient addresses to masquerading,
681 too, specify (Postfix version 1.1 and later):</p>
683 <blockquote>
684 <pre>
685 /etc/postfix/main.cf:
686 masquerade_classes = envelope_sender, envelope_recipient,
687 header_sender, header_recipient
688 </pre>
689 </blockquote>
691 <p> If you rewrite the envelope recipient like this, Postfix will
692 no longer be able to send mail to individual machines. </p>
694 <p> Address masquerading can be turned off selectively for mail
695 received by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf
696 settings in the master.cf file. This feature is available in
697 Postfix version 2.1 and later. </p>
699 <p> Example: </p>
701 <blockquote>
702 <pre>
703 /etc/postfix/master.cf:
704 :10026 inet n - n - - smtpd
705 -o receive_override_options=no_address_mappings
706 </pre>
707 </blockquote>
709 <p> Note: do not specify whitespace around the "=" here. </p>
711 <h3> <a name="auto_bcc"> Automatic BCC recipients</a> </h3>
713 <p> After applying the canonical and masquerade mappings, the
714 cleanup(8) daemon can generate optional BCC (blind carbon-copy)
715 recipients. Postfix provides three mechanisms: </p>
717 <blockquote>
719 <dl>
721 <dt> always_bcc = address </dt> <dd> Deliver a copy of all mail to
722 the specified address. In Postfix versions before 2.1, this feature
723 is implemented by smtpd(8), qmqpd(8), or pickup(8). </dd>
725 <dt> sender_bcc_maps = type:table </dt> <dd> Search the specified
726 "type:table" lookup table with the envelope sender address for an
727 automatic BCC address. This feature is available in Postfix 2.1
728 and later. </dd>
730 <dt> recipient_bcc_maps = type:table </dt> <dd> Search the specified
731 "type:table" lookup table with the envelope recipient address for
732 an automatic BCC address. This feature is available in Postfix 2.1
733 and later. </dd>
735 </dl>
737 </blockquote>
739 <p> Note: automatic BCC recipients are produced only for new mail.
740 To avoid mailer loops, automatic BCC recipients are not generated
741 for mail that Postfix forwards internally, nor for mail that Postfix
742 generates itself. </p>
744 <p> Automatic BCC recipients (including always_bcc) can be turned
745 off selectively for mail received by smtpd(8), qmqpd(8), or pickup(8),
746 by overriding main.cf settings in the master.cf file. This feature
747 is available in Postfix version 2.1 and later. </p>
749 <p> Example: </p>
751 <blockquote>
752 <pre>
753 /etc/postfix/master.cf:
754 :10026 inet n - n - - smtpd
755 -o receive_override_options=no_address_mappings
756 </pre>
757 </blockquote>
759 <p> Note: do not specify whitespace around the "=" here. </p>
761 <h3> <a name="virtual"> Virtual aliasing </a> </h3>
763 <p> Before writing the recipients to the queue file, the cleanup(8)
764 daemon uses the optional virtual(5) alias tables to redirect mail
765 for recipients. The mapping affects only envelope recipient
766 addresses; it has no effect on message headers or envelope sender
767 addresses. Virtual alias lookups are useful to redirect mail for
768 virtual alias domains to real user mailboxes, and to redirect mail
769 for domains that no longer exist. Virtual alias lookups can also
770 be used to transform " Firstname.Lastname " back into UNIX login
771 names, although it seems that local <a href="#aliases">aliases</a>
772 may be a more appropriate vehicle. See the VIRTUAL_README document
773 for an overview of methods to host virtual domains with Postfix.
774 </p>
776 <p> Virtual aliasing is disabled by default. To enable, edit the
777 virtual_alias_maps parameter in the main.cf file and
778 specify one or more lookup tables, separated by whitespace or
779 commas. </p>
781 <p> Example: </p>
783 <blockquote>
784 <pre>
785 /etc/postfix/main.cf:
786 virtual_alias_maps = hash:/etc/postfix/virtual
788 /etc/postfix/virtual:
789 Wietse.Venema wietse
790 </pre>
791 </blockquote>
793 <p> Addresses found in virtual alias maps are subjected to another
794 iteration of virtual aliasing, but are not subjected to canonical
795 mapping, in order to avoid loops. </p>
797 <p> For static mappings as shown above, lookup tables such as hash:,
798 ldap:, mysql: or pgsql: are sufficient. For dynamic mappings you
799 can use regular expression tables. This requires that you become
800 intimately familiar with the ideas expressed in regexp_table(5),
801 pcre_table(5) and virtual(5). </p>
803 <p> Virtual aliasing can be turned off selectively for mail received
804 by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf settings
805 in the master.cf file. This feature is available in Postfix version
806 2.1 and later. </p>
808 <p> Example: </p>
810 <blockquote>
811 <pre>
812 /etc/postfix/master.cf:
813 :10026 inet n - n - - smtpd
814 -o receive_override_options=no_address_mappings
815 </pre>
816 </blockquote>
818 <p> Note: do not specify whitespace around the "=" here. </p>
820 <p> At this point the message is ready to be stored into the
821 Postfix incoming queue. </p>
823 <h2> <a name="delivering"> Address rewriting when mail is delivered</a> </h2>
825 <p> The Postfix queue manager sorts mail according to its destination
826 and gives it to Postfix delivery agents such as local(8), smtp(8),
827 or lmtp(8). Just like the cleanup(8) server, the Postfix queue
828 manager delegates the more complex address manipulations to the
829 trivial-rewrite(8) server. </p>
831 <p> Address manipulations at this stage are: </p>
833 <ul>
835 <li> <a href="#resolve"> Resolve address to destination </a>
837 <li> <a href="#transport"> Mail transport switch</a>
839 <li> <a href="#relocated"> Relocated users table</a>
841 </ul>
843 <p> Each Postfix delivery agent tries to deliver the mail to its
844 destination, while encapsulating the sender, recipients, and message
845 content according to the rules of the SMTP, LMTP, etc. protocol.
846 When mail cannot be delivered, it is either returned to the sender
847 or moved to the deferred queue and tried again later. </p>
849 <p> <a name="remote">Address</a> manipulations when mail is delivered
850 via the smtp(8) delivery agent: </p>
852 <ul>
854 <li> <a href="#generic"> Generic mapping for outgoing SMTP mail </a>
856 </ul>
858 <p> <a name="local">Address</a> manipulations when mail is delivered
859 via the local(8) delivery agent: </p>
861 <ul>
863 <li> <a href="#aliases"> Local alias database</a>
865 <li> <a href="#forward"> Local per-user .forward files</a>
867 <li> <a href="#luser_relay"> Local catch-all address</a>
869 </ul>
871 <p> The remainder of this document presents each address manipulation
872 step in more detail, with specific examples or with pointers to
873 documentation with examples. </p>
875 <h3> <a name="resolve"> Resolve address to destination </a> </h3>
877 <p> The Postfix qmgr(8) queue manager selects new mail from the
878 incoming queue or old mail from the deferred queue, and asks the
879 trivial-rewrite(8) address rewriting and resolving daemon where it
880 should be delivered. </p>
882 <p> As of version 2.0, Postfix distinguishes four major address
883 classes. Each class has its own list of domain names, and each
884 class has its own default delivery method, as shown in the table
885 below. See the ADDRESS_CLASS_README document for the fine details.
886 Postfix versions before 2.0 only distinguish between local delivery
887 and everything else. </p>
889 <blockquote>
891 <table border="1">
893 <tr><th align="left">Destination domain list </th> <th
894 align="left">Default delivery method </th> <th>Availability
895 </th> </tr>
897 <tr><td>$mydestination, $inet_interfaces, $proxy_interfaces </td>
898 <td>$local_transport </td> <td>Postfix 1.0</td></tr>
900 <tr><td>$virtual_mailbox_domains </td> <td>$virtual_transport </td>
901 <td>Postfix 2.0</td> </tr>
903 <tr><td>$relay_domains </td> <td>$relay_transport </td> <td>Postfix
904 2.0</td> </tr>
906 <tr><td>none </td> <td>$default_transport </td> <td>Postfix 1.0</td>
907 </tr>
909 </table>
911 </blockquote>
913 <h3> <a name="transport"> Mail transport switch </a> </h3>
915 <p> Once the trivial-rewrite(8) daemon has determined a default
916 delivery method it searches the optional transport(5) table for
917 information that overrides the message destination and/or delivery
918 method. Typical use of the transport(5) table is to send mail to
919 a system
920 that is not connected to the Internet, or to use a special SMTP
921 client configuration for destinations that have special requirements.
922 See, for example, the STANDARD_CONFIGURATION_README and UUCP_README
923 documents, and the examples in the transport(5) manual page. </p>
925 <p> Transport table lookups are disabled by default. To enable,
926 edit the transport_maps parameter in the main.cf file and specify
927 one or more lookup tables, separated by whitespace or commas. </p>
929 <p> Example: </p>
931 <blockquote>
932 <pre>
933 /etc/postfix/main.cf:
934 transport_maps = hash:/etc/postfix/transport
935 </pre>
936 </blockquote>
938 <h3> <a name="relocated"> Relocated users table </a> </h3>
940 <p> Next, the trivial-rewrite(8) address rewriting and resolving
941 daemon runs each recipient through the relocated(5) database. This
942 table provides information on how to reach users that no longer
943 have an account, or what to do with mail for entire domains that
944 no longer exist. When mail is sent to an address that is listed
945 in this table, the message is returned to the sender with an
946 informative message. </p>
948 <p> The relocated(5) database is searched after transport(5)
949 table lookups, in anticipation of transport(5) tables that
950 can replace one recipient address by a different one. </p>
952 <p> Lookups of relocated users are disabled by default. To enable,
953 edit the relocated_maps parameter in the main.cf file and specify
954 one or more lookup tables, separated by whitespace or commas. </p>
956 <p> Example: </p>
958 <blockquote>
959 <pre>
960 /etc/postfix/main.cf:
961 relocated_maps = hash:/etc/postfix/relocated
963 /etc/postfix/relocated:
964 username@example.com otheruser@elsewhere.tld
965 </pre>
966 </blockquote>
968 <p> As of Postfix version 2, mail for a relocated user will be
969 rejected by the SMTP server with the reason "user has moved to
970 otheruser@elsewhere.tld". Older Postfix versions will receive the
971 mail first, and then return it to the sender as undeliverable, with
972 the same reason. </p>
974 <h3> <a name="generic"> Generic mapping for outgoing SMTP mail </a> </h3>
976 <p> Some hosts have no valid Internet domain name, and instead use
977 a name such as <i>localdomain.local</i>. This can be a problem when
978 you want to send mail over the Internet, because many mail servers
979 reject mail addresses with invalid domain names. </p>
981 <p> With the smtp_generic_maps parameter you can specify generic(5)
982 lookup tables that replace local mail addresses by valid Internet
983 addresses when mail leaves the machine via SMTP. The generic(5)
984 mapping replaces envelope and header addresses, and is non-recursive.
985 It does not happen when you send mail between addresses on the
986 local machine. </p>
988 <p> This feature is available in Postfix version 2.2 and later.</p>
990 <p> Example: </p>
992 <blockquote>
993 <pre>
994 /etc/postfix/main.cf:
995 smtp_generic_maps = hash:/etc/postfix/generic
997 /etc/postfix/generic:
998 his@localdomain.local hisaccount@hisisp.example
999 her@localdomain.local heraccount@herisp.example
1000 @localdomain.local hisaccount+local@hisisp.example
1001 </pre>
1002 </blockquote>
1004 <p> When mail is sent to a remote host via SMTP, this replaces
1005 <i>his@localdomain.local</i> by his ISP mail address, replaces
1006 <i>her@localdomain.local</i> by her ISP mail address, and replaces
1007 other local addresses by his ISP account, with an address extension
1008 of +<i>local</i> (this example assumes that the ISP supports "+"
1009 style address extensions). </p>
1011 <h3> <a name="aliases"> Local alias database </a> </h3>
1013 <p> When mail is to be delivered locally, the local(8) delivery
1014 agent runs each local recipient name through the aliases(5) database.
1015 The mapping does not affect addresses in message headers. Local
1016 aliases are typically used to implement distribution lists, or to
1017 direct mail for standard aliases such as postmaster to real people.
1018 The table can also be used to map "Firstname.Lastname" addresses
1019 to login names. </p>
1021 <p> Alias lookups are enabled by default. The default configuration
1022 depends on the operating system environment, but it is typically
1023 one of the following: </p>
1025 <blockquote>
1026 <pre>
1027 /etc/postfix/main.cf:
1028 alias_maps = hash:/etc/aliases
1029 alias_maps = dbm:/etc/aliases, nis:mail.aliases
1030 </pre>
1031 </blockquote>
1033 <p> The pathname of the alias database file is controlled with the
1034 alias_database configuration parameter. The value is system dependent.
1035 Usually it is one of the following: </p>
1037 <blockquote>
1038 <pre>
1039 /etc/postfix/main.cf:
1040 alias_database = hash:/etc/aliases (4.4BSD, LINUX)
1041 alias_database = dbm:/etc/aliases (4.3BSD, SYSV&lt;4)
1042 alias_database = dbm:/etc/mail/aliases (SYSV4)
1043 </pre>
1044 </blockquote>
1046 <p> An aliases(5) file can specify that mail should be delivered
1047 to a local file, or to a command that receives the message in the
1048 standard input stream. For security reasons, deliveries to command
1049 and file destinations are performed with the rights of the alias
1050 database owner. A default userid, default_privs, is used for
1051 deliveries to commands or files in "root"-owned aliases. </p>
1053 <h3> <a name="forward"> Local per-user .forward files </a> </h3>
1055 <p> With delivery via the local(8) deliver agent, users can control
1056 their own mail delivery by specifying destinations in a file called
1057 .forward in their home directories. The syntax of these files is
1058 the same as with the local aliases(5) file, except that the left-hand
1059 side of the alias (lookup key and colon) are not present. </p>
1061 <h3> <a name="luser_relay"> Local catch-all address </a> </h3>
1063 <p> When the local(8) delivery agent finds that a message recipient
1064 does not exist, the message is normally returned to the sender ("user
1065 unknown"). Sometimes it is desirable to forward mail for non-existing
1066 recipients to another machine. For this purpose you can specify
1067 an alternative destination with the luser_relay configuration
1068 parameter. </p>
1070 <p> Alternatively, mail for non-existent recipients can be delegated
1071 to an entirely different message transport, as specified with the
1072 fallback_transport configuration parameter. For details, see the
1073 local(8) delivery agent documentation. </p>
1075 <p> Note: if you use the luser_relay feature in order to receive
1076 mail for non-UNIX accounts, then you must specify: </p>
1078 <blockquote>
1079 <pre>
1080 /etc/postfix/main.cf:
1081 local_recipient_maps =
1082 </pre>
1083 </blockquote>
1085 <p> (i.e. empty) in the main.cf file, otherwise the Postfix SMTP
1086 server will reject mail for non-UNIX accounts with "User unknown
1087 in local recipient table". See the LOCAL_RECIPIENT_README file
1088 for more information on this.
1089 </p>
1091 <p> luser_relay can specify one address. It is subjected to "$name"
1092 expansions. Examples: </p>
1094 <blockquote>
1096 <dl>
1098 <dt>$user@other.host </dt>
1100 <dd> <p> The bare username, without address extension, is prepended
1101 to "@other.host". For example, mail for "username+foo" is sent to
1102 "username@other.host". </p> </dd>
1104 <dt>$local@other.host </dt>
1106 <dd> <p> The entire original recipient localpart, including address
1107 extension, is prepended to "@other.host". For example, mail for
1108 "username+foo" is sent to "username+foo@other.host". </p> </dd>
1110 <dt>sysadmin+$user </dt>
1112 <dd> <p> The bare username, without address extension, is appended
1113 to "sysadmin". For example, mail for "username+foo" is sent to
1114 "sysadmin+username". </p> </dd>
1116 <dt>sysadmin+$local </dt>
1118 <dd> <p> The entire original recipient localpart, including address
1119 extension, is appended to "sysadmin". For example, mail for
1120 "username+foo" is sent to "sysadmin+username+foo". </p> </dd>
1122 </dl>
1124 </blockquote>
1126 <h2> <a name="debugging"> Debugging your address manipulations </a> </h2>
1128 <p> Postfix version 2.1 and later can
1129 produce mail delivery reports for debugging purposes. These reports
1130 not only show sender/recipient addresses after address rewriting
1131 and alias expansion or forwarding, they also show information about
1132 delivery to mailbox, delivery to non-Postfix command, responses
1133 from remote SMTP servers, and so on. </p>
1135 <p> Postfix can produce two types of mail delivery reports for
1136 debugging: </p>
1138 <ul>
1140 <li> <p> What-if: report what would happen, but do not actually
1141 deliver mail. This mode of operation is requested with: </p>
1143 <pre>
1144 $ <b>/usr/sbin/sendmail -bv address...</b>
1145 Mail Delivery Status Report will be mailed to &lt;your login name&gt;.
1146 </pre>
1148 <li> <p> What happened: deliver mail and report successes and/or
1149 failures, including replies from remote SMTP servers. This mode
1150 of operation is requested with: </p>
1152 <pre>
1153 $ <b>/usr/sbin/sendmail -v address...</b>
1154 Mail Delivery Status Report will be mailed to &lt;your login name&gt;.
1155 </pre>
1157 </ul>
1159 <p> These reports contain information that is generated by Postfix
1160 delivery agents. Since these run as daemon processes and do not
1161 interact with users directly, the result is sent as mail to the
1162 sender of the test message. The format of these reports is practically
1163 identical to that of ordinary non-delivery notifications. </p>
1165 <p> As an example, below is the delivery report that is produced
1166 with the command "sendmail -bv postfix-users@postfix.org". The
1167 first part of the report contains human-readable text. In this
1168 case, mail would be delivered via mail.cloud9.net, and the SMTP
1169 server replies with "250 Ok". Other reports may show delivery
1170 to mailbox, or delivery to non-Postfix command. </p>
1172 <blockquote>
1173 <pre>
1174 Content-Description: Notification
1175 Content-Type: text/plain
1177 This is the mail system at host spike.porcupine.org.
1179 Enclosed is the mail delivery report that you requested.
1181 The mail system
1183 &lt;postfix-users@postfix.org&gt;: delivery via mail.cloud9.net[168.100.1.4]: 250 2.1.5 Ok
1184 </pre>
1185 </blockquote>
1187 <p> The second part of the report is in machine-readable form, and
1188 includes the following information: </p>
1190 <ul>
1192 <li> The envelope sender address (wietse@porcupine.org).
1194 <li> The envelope recipient address (postfix-users@postfix.org).
1195 If the recipient address was changed by Postfix then Postfix also
1196 includes the original recipient address.
1198 <li> The delivery status.
1200 </ul>
1202 <p> Some details depend on Postfix version. The example below is
1203 for Postfix version 2.3 and later. </p>
1205 <blockquote>
1206 <pre>
1207 Content-Description: Delivery report
1208 Content-Type: message/delivery-status
1210 Reporting-MTA: dns; spike.porcupine.org
1211 X-Postfix-Queue-ID: 84863BC0E5
1212 X-Postfix-Sender: rfc822; wietse@porcupine.org
1213 Arrival-Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
1215 Final-Recipient: rfc822; postfix-users@postfix.org
1216 Action: deliverable
1217 Status: 2.1.5
1218 Remote-MTA: dns; mail.cloud9.net
1219 Diagnostic-Code: smtp; 250 2.1.5 Ok
1220 </pre>
1221 </blockquote>
1223 <p> The third part of the report contains the message that Postfix
1224 would have delivered, including From: and To: message headers, so
1225 that you can see any effects of address rewriting on those. Mail
1226 submitted with "sendmail -bv" has no body content so none is shown
1227 in the example below. </p>
1229 <blockquote>
1230 <pre>
1231 Content-Description: Message
1232 Content-Type: message/rfc822
1234 Received: by spike.porcupine.org (Postfix, from userid 1001)
1235 id 84863BC0E5; Sun, 26 Nov 2006 17:01:01 -0500 (EST)
1236 Subject: probe
1237 To: postfix-users@postfix.org
1238 Message-Id: &lt;20061126220101.84863BC0E5@spike.porcupine.org&gt;
1239 Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
1240 From: wietse@porcupine.org (Wietse Venema)
1241 </pre>
1242 </blockquote>
1244 </body>
1246 </html>