Incorrect postfix configuration

Discussion in 'Installation/Configuration' started by oliver.blaha, Apr 20, 2006.

  1. oliver.blaha

    oliver.blaha ISPConfig Developer ISPConfig Developer

    I found out that the way ISPConfig configures postix is quite wrong...

    ISPConfig adds the following to

    mydestinations = /etc/postfix/local-host-names
    virtual_alias_maps = hash:/etc/postfix/virtusertable
    In local-host-names there are all the virtual domains listed.

    But in postfix docs ( you'll find this:

    NEVER list a virtual alias domain name as a mydestination domain!
    The reason is quite simple, I'll show this with a little example:

    Let's assume we have tow customers.
    Customer 1 has the domain
    Customer 2 has the domain

    Customer 1 has a username called web1_mail, with mail address [email protected]
    Customer 2 has a username called web2_mail, with mail address [email protected]

    Now if you send a mail to [email protected], this mail reaches Customer 2! This happens because first of all, the virtual maps are checked. As there is no match, usually the mail should be rejected. BUT: As the domain is listed as "local domain", also the user accounts on the machine are checked, and as there is a matching user, the mail is delivered to this user.

    And this behaviour might lead to legal problems!
    Customers are able to abuse a domain - okay, only with their own username ahead, but anyway, it is possible to use foreign domains, and I don't think that's how it should be ;)

    Further this behaviour might lead to other problems:
    If you want to specifiy an alias in /etc/aliases, and enter a virtual mail address of the server as mail destination (This is e.g. wanted if you have your admin mail account on this machine and want to get some mail forwarded there), then postfix thinks that the domain name is not virtual but local, just uses the part in front of the @ as destination user name - and, of course, doesn't find it.
    Of course you could simply use the local username instead of the virtual address, but in this case, if you ever give the alias to another user or change with this domain to another server, you will have to change the aliases by hand.

    But, the sollution for all this is quite simple! :)
    In fact, in there is just one line that really has to be changed:

    virtual_alias_domains = /etc/postfix/local-host-names
    virtual_alias_maps = hash:/etc/postfix/virtusertable
    Further you have to uncomment the original "mydestination" line - but it might also work if you don't, I didn't try.

    After doing that it should work, BUT you usually you will get warnings, because your "real" local domain name is now both in mydestinations AND in virtual_alias_domains.

    This is the point where a little change should be made in ISPConfig by the developers (btw, great work so far!):
    Currently there is always localhost,, and added to the file /etc/postfix/local-host-names. These should definitly not be in there, as these are no virtual domains and have nothing to do with the other domains. ;)
    When these are removed, everything will work without warnings.

    I hope you will change ISPConfig that it behaves correctly ;)
    To preserve backward compatibility you might want to implement an option in to enable/disable the correct/incorrect behaviour.
  2. falko

    falko Super Moderator ISPConfig Developer

    Have a look here:

    It's already implemented. You can choose between the old Sendmail style configuration (default) and a Postfix-style configuration.
  3. oliver.blaha

    oliver.blaha ISPConfig Developer ISPConfig Developer

    I have to admit I didn't find this post, although I tried to find sth. :(
    But thanks for the hint :)

    Note: Regarding the issues posted above, you should really set postfix-style as default behaviour...

Share This Page