autoupdate

[postfix-master.git] / postfix-master / LOCAL_RECIPIENT_README.html

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>Rejecting Unknown Local Recipients with Postfix</title>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

</head>

<body>

<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Rejecting Unknown Local Recipients with Postfix</h1>

<hr>

<h2>Introduction</h2>

<p> As of Postfix version 2.0, the Postfix SMTP server rejects mail
for unknown recipients in <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> (domains that match
$<a href="postconf.5.html#mydestination">mydestination</a> or the IP addresses in $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>) with "User unknown in local recipient table".
This feature was optional with earlier Postfix versions. </p>

<p> The good news is that this keeps undeliverable mail out of your
queue, so that your mail queue is not clogged up with undeliverable
MAILER-DAEMON messages. </p>

<p> The bad news is that it may cause mail to be rejected when you
upgrade from a Postfix system that was not configured to reject
mail for unknown local recipients. </p>

<p> This document describes what steps are needed in order to reject
unknown local recipients correctly. </p>

<ul>

<li><a href="#main_config">Configuring local_recipient_maps
in main.cf</a>

<li><a href="#change">When you need to change the local_recipient_maps
setting in main.cf</a>

<li><a href="#format">Local recipient table format </a>

</ul>

<h2><a name="main_config">Configuring local_recipient_maps
in main.cf</a></h2>

<p> The <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter specifies lookup tables with
all names or addresses of local recipients. A recipient address is
local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. If a local username or address is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, then the Postfix SMTP server will reject
the address with "User unknown in local recipient table".  </p>

<p> The default setting, shown below, assumes that you use the
default Postfix <a href="local.8.html">local(8)</a> delivery agent for local delivery, where
recipients are either UNIX accounts or local aliases: </p>

<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
</pre>
</blockquote>

<p> To turn off unknown local recipient rejects by the SMTP server,
specify: </p>

<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>
</blockquote>

<p> That is, an empty value. With this setting, the Postfix SMTP
server will not reject mail with "User unknown in local recipient
table". <b> Don't do this on systems that receive mail directly 
from the Internet. With today's worms and viruses, Postfix will
become a backscatter source: it accepts mail for non-existent
recipients and then tries to return that mail as "undeliverable"
to the often forged sender address</b>. </p>

<h2><a name="change">When you need to change the local_recipient_maps
setting in main.cf</a></h2>

<ul>

    <li> <p> Problem: you don't use the default Postfix <a href="local.8.html">local(8)</a>
    delivery agent for domains matching $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
    or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. For example, you redefined the
    "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>.  </p>

    <p> Solution: your <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting needs to specify
    a database that lists all the known user names or addresses
    for that delivery agent. For example, if you deliver users in
    $<a href="postconf.5.html#mydestination">mydestination</a> etc. domains via the <a href="virtual.8.html">virtual(8)</a> delivery agent,
    specify: </p>

<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
    <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost ...
    <a href="postconf.5.html#local_transport">local_transport</a> = virtual
    <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
</pre>

    <p> If you use a different delivery agent for $<a href="postconf.5.html#mydestination">mydestination</a>
    etc. domains, see the section "<a href="#format">Local recipient
    table format</a>" below for a description of how the table
    should be populated.  </p>

    <li> <p> Problem: you use the <a href="postconf.5.html#mailbox_transport">mailbox_transport</a> or <a href="postconf.5.html#fallback_transport">fallback_transport</a>
    feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent in order to
    deliver mail to non-UNIX accounts. </p>

    <p> Solution: you need to add the database that lists the
    non-UNIX users: </p>

<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
    <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname, $<a href="postconf.5.html#alias_maps">alias_maps</a>,
        &lt;the database with non-UNIX accounts&gt;
</pre>

    <p> See the section "<a href="#format">Local recipient table
    format</a>" below for a description of how the table should be
    populated. </p>

    <li> <p> Problem: you use the <a href="postconf.5.html#luser_relay">luser_relay</a> feature of the Postfix
    local delivery agent. </p>

    <p> Solution: you must disable the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> feature
    completely, so that Postfix accepts mail for all local addresses:
    </p>

<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
    <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>

</ul>

<h2><a name="format">Local recipient table format</a> </h2>

<p> If you use local files in <a href="postmap.1.html">postmap(1)</a> format, then
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> expects the following table format:  </p>

<ul>

<li> <p> In the left-hand side, specify a bare username, an
"@domain.tld" wild-card, or specify a complete "user@domain.tld"
address.  </p>

<li> <p> You have to specify something on the right-hand side of
the table, but the value is ignored by <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>.

</ul>

<p> If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL,
then <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> does the same queries as for local files
in <a href="postmap.1.html">postmap(1)</a> format, and expects the same results.  </p>

<p> With regular expression tables, Postfix only queries with the
full recipient address, and not with the bare username or the
"@domain.tld" wild-card. </p>

<p> NOTE: a lookup table should always return a result when the address
exists, and should always return "not found" when the address does
not exist. In particular, a zero-length result does not count as
a "not found" result. </p>

</body>

</html>