1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Address Rewriting </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 17Address Rewriting </h1> 18 19<hr> 20 21<h2> <a name="purpose"> Postfix address rewriting purpose </a> </h2> 22 23<p> Address rewriting is at the heart of the Postfix mail system. 24Postfix rewrites addresses for many different purposes. Some are 25merely cosmetic, and some are necessary to deliver correctly 26formatted mail to the correct destination. Examples of 27address rewriting in Postfix are: </p> 28 29<ul> 30 31<li> <p> Transform an incomplete address into a complete address. 32For example, transform "username" into "username@example.com", or 33transform "username@hostname" into "username@hostname.example.com". 34</p> 35 36<li> <p> Replace an address by an equivalent address. For example, 37replace "username@example.com" by "firstname.lastname@example.com" 38when sending mail, and do the reverse transformation when receiving 39mail. </p> 40 41<li> <p> Replace an internal address by an external address. For 42example, replace "username@localdomain.local" by "isp-account@isp.example" 43when sending mail from a home computer to the Internet. 44</p> 45 46<li> <p> Replace an address by multiple addresses. For example, 47replace the address of an alias by the addresses listed under that 48alias. </p> 49 50<li> <p> Determine how and where to deliver mail for a specific 51address. For example, deliver mail for "username@example.com" with 52the smtp(8) delivery agent, to the hosts that are listed in the 53DNS as the mail servers for the domain "example.com". </p> 54 55</ul> 56 57<p> Although Postfix currently has no address rewriting language, 58it can do surprisingly powerful address manipulation via table 59lookup. Postfix typically uses lookup tables with fixed strings 60to map one address to one or multiple addresses, and typically uses 61regular expressions to map multiple addresses to one or multiple 62addresses. Fixed-string lookup tables may be in the form of local 63files, or in the form of NIS, LDAP or SQL databases. The 64DATABASE_README document gives an introduction to Postfix lookup 65tables. </p> 66 67<p> Topics covered in this document: </p> 68 69<ul> 70 71<li> <a href="#william"> To rewrite message headers or not, or to label 72as invalid </a> 73 74<li> <a href="#overview"> Postfix address rewriting overview </a> 75 76<li> <a href="#receiving"> Address rewriting when mail is received</a> 77 78<ul> 79 80<li> <a href="#standard"> Rewrite addresses to standard form</a> 81 82<li> <a href="#canonical"> Canonical address mapping </a> 83 84<li> <a href="#masquerade"> Address masquerading </a> 85 86<li> <a href="#auto_bcc"> Automatic BCC recipients</a> 87 88<li> <a href="#virtual"> Virtual aliasing </a> 89 90</ul> 91 92<li> <a href="#delivering"> Address rewriting when mail is delivered</a> 93 94<ul> 95 96<li> <a href="#resolve"> Resolve address to destination </a> 97 98<li> <a href="#transport"> Mail transport switch </a> 99 100<li> <a href="#relocated"> Relocated users table </a> 101 102</ul> 103 104<li> <a href="#remote"> Address rewriting with remote delivery </a> 105 106<ul> 107 108<li> <a href="#generic"> Generic mapping for outgoing SMTP mail </a> 109 110</ul> 111 112<li> <a href="#local"> Address rewriting with local delivery </a> 113 114<ul> 115 116<li> <a href="#aliases"> Local alias database </a> 117 118<li> <a href="#forward"> Local per-user .forward files </a> 119 120<li> <a href="#luser_relay"> Local catch-all address </a> 121 122</ul> 123 124<li> <a href="#debugging"> Debugging your address manipulations </a> 125 126</ul> 127 128<h2> <a name="william"> To rewrite message headers or not, or to label 129as invalid </a> </h2> 130 131<p> Postfix versions 2.1 and earlier always rewrite message header 132addresses, and append Postfix's own domain information to addresses 133that Postfix considers incomplete. While rewriting message header 134addresses is OK for mail with a local origin, it is undesirable 135for remote mail: </p> 136 137<ul> 138 139<li> Message header address rewriting is frowned upon by mail standards, 140 141<li> Appending Postfix's own domain produces incorrect results with 142some incomplete addresses, 143 144<li> Appending Postfix's own domain sometimes creates the appearance 145that spam is sent by local users. 146 147</ul> 148 149<p> Postfix versions 2.2 give you the option to either not rewrite 150message headers from remote SMTP clients at all, or to label 151incomplete addresses in such message headers as invalid. Here is 152how it works: </p> 153 154<ul> 155 156<li> Postfix always rewrites message headers from local SMTP clients 157and from the Postfix sendmail command, and appends its own domain 158to incomplete addresses. The local_header_rewrite_clients parameter 159controls what SMTP clients Postfix considers local (by default, 160only local network interface addresses). 161 162<li> Postfix never rewrites message header addresses from remote 163SMTP clients when the remote_header_rewrite_domain parameter value 164is empty (the default setting). 165 166<li> Otherwise, Postfix rewrites message headers from remote SMTP 167clients, and appends the remote_header_rewrite_domain value to 168incomplete addresses. This feature can be used to append a reserved 169domain such as "domain.invalid", so that incomplete addresses cannot 170be mistaken for local addresses. 171 172</ul> 173 174<h2> <a name="overview"> Postfix address rewriting overview </a> </h2> 175 176<p> The figure below zooms in on those parts of Postfix that are most 177involved with address rewriting activity. See the OVERVIEW document 178for an overview of the complete Postfix architecture. Names followed 179by a number are Postfix daemon programs, while unnumbered names 180represent Postfix queues or internal sources of mail messages. </p> 181 182<blockquote> 183 184<table> 185 186<tr> 187 188<td colspan="2"> </td> 189 190<td bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8)<br>(std 191form) </td> 192 193<td colspan="5"> </td> 194 195<td bgcolor="#f0f0ff" align="center"> trivial-<br>rewrite(8)<br>(resolve) 196</td> 197 198</tr> 199 200<tr> 201 202<td colspan="2"> </td> 203 204<td align="center"><table><tr><td align="center"> ^<br> <tt> | 205</tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table> 206 207<td colspan="5"> </td> 208 209<td align="center"><table><tr><td align="center"> ^<br> <tt> | 210</tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table> 211 212<td colspan="2"> </td> 213 214</tr> 215 216<tr> 217 218<td bgcolor="#f0f0ff" align="center" valign="middle"> smtpd(8) 219</td> 220 221<td rowspan="3" align="center" valign="middle"> <tt> >- </tt> 222</td> 223 224<td rowspan="3" bgcolor="#f0f0ff" align="center"> cleanup(8) </td> 225 226<td rowspan="3" align="center" valign="middle"> <tt> -> </tt> 227</td> 228 229<td rowspan="3" bgcolor="#f0f0ff" align="center"> <a 230href="QSHAPE_README.html#incoming_queue"> incoming </a> </td> 231 232<td rowspan="3" align="center" valign="middle"> <tt> -> </tt> 233</td> 234 235<td rowspan="3" bgcolor="#f0f0ff" align="center"> <a 236href="QSHAPE_README.html#active_queue"> active </a> </td> 237 238<td rowspan="3" align="center" valign="middle"> <tt> -> </tt> 239</td> 240 241<td rowspan="3" bgcolor="#f0f0ff" align="center"> qmgr(8) </td> 242 243<td rowspan="3" align="center" valign="middle"> <tt> -< </tt> 244</td> 245 246<td bgcolor="#f0f0ff" align="center" valign="middle"> 247smtp(8) </td> 248 249</tr> 250 251<tr> 252 253<td bgcolor="#f0f0ff" align="center" valign="middle"> 254qmqpd(8) </td> 255 256<td bgcolor="#f0f0ff" align="center" valign="middle"> lmtp(8) </td> 257 258</tr> 259 260<tr> 261 262<td bgcolor="#f0f0ff" align="center" valign="middle"> pickup(8) 263</td> 264 265<td bgcolor="#f0f0ff" align="center" valign="middle"> local(8) 266</td> 267 268</tr> 269 270<tr> 271 272<td colspan="2"> </td> 273 274<td align="center"> ^<br> <tt> | </tt> </td> 275 276<td colspan="3"> </td> 277 278<td align="center"><table><tr><td align="center"> ^<br> <tt> | 279</tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table> 280 281<td colspan="4"> </td> 282 283</tr> 284 285<tr> 286 287<td colspan="2"> </td> 288 289<td align="center"> bounces<br> forwarding<br> notices</td> 290 291<td colspan="3"> </td> 292 293<td bgcolor="#f0f0ff" align="center"> <a 294href="QSHAPE_README.html#deferred_queue"> deferred </a> 295 296<td colspan="2"> </td> 297 298</table> 299 300</blockquote> 301 302<p> The table below summarizes all Postfix address manipulations. 303If you're reading this document for the first time, skip forward 304to "<a href="ADDRESS_REWRITING_README.html#receiving">Address 305rewriting when mail is received</a>". Once you've finished reading 306the remainder of this document, the table will help you to quickly 307find what you need. </p> 308 309<blockquote> 310 311<table border="1"> 312 313<tr> <th nowrap> Address manipulation </th> <th nowrap> Scope </th> 314<th> Daemon </th> <th nowrap> Global turn-on control </th> <th nowrap> Selective 315turn-off control </th> </tr> 316 317<tr> <td> <a href="#standard"> Rewrite addresses to standard form</a> 318</td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> 319<td> append_at_myorigin, append_dot_mydomain, swap_bangpath, 320allow_percent_hack </td> <td> local_header_rewrite_clients, 321remote_header_rewrite_domain </td> </tr> 322 323<tr> <td> <a href="#canonical"> Canonical address mapping </a> </td> 324<td nowrap> all mail </td> <td> cleanup(8) </td> <td> canonical_maps 325</td> <td> receive_override_options, local_header_rewrite_clients, 326remote_header_rewrite_domain </td> </tr> 327 328<tr> <td> <a href="#masquerade"> Address masquerading </a> </td> <td 329nowrap> all mail </td> <td> cleanup(8) </td> <td> masquerade_domains 330</td> <td> receive_override_options, local_header_rewrite_clients, 331remote_header_rewrite_domain </td> </tr> 332 333<tr> <td> <a href="#auto_bcc"> Automatic BCC recipients </a> </td> 334<td nowrap> new mail </td> <td> cleanup(8) </td> <td> always_bcc, 335sender_bcc_maps, recipient_bcc_maps </td> <td> receive_override_options 336</td> </tr> 337 338<tr> <td> <a href="#virtual"> Virtual aliasing </a> </td> <td 339nowrap> all mail </td> <td> cleanup(8) </td> <td> virtual_alias_maps 340</td> <td> receive_override_options </td> </tr> 341 342<tr> <td> <a href="#resolve"> Resolve address to destination </a> 343</td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> 344<td> none </td> <td> none </td> </tr> 345 346<tr> <td> <a href="#transport"> Mail transport switch</a> </td> 347<td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> <td> 348transport_maps </td> <td> none </td> </tr> 349 350<tr> <td> <a href="#relocated"> Relocated users table</a> </td> 351<td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> <td> 352relocated_maps </td> <td> none </td> </tr> 353 354<tr> <td> <a href="#generic"> Generic mapping table </a> </td> <td> 355outgoing SMTP mail </td> <td> smtp(8) </td> <td> smtp_generic_maps 356</td> <td> none </td> </tr> 357 358<tr> <td> <a href="#aliases"> Local alias database</a> </td> <td> 359local mail only </td> <td> local(8) </td> <td> alias_maps </td> <td> none 360</td> </tr> 361 362<tr> <td> <a href="#forward"> Local per-user .forward files</a> 363</td> <td> local mail only </td> <td> local(8) </td> <td> forward_path 364</td> <td> none </td> </tr> 365 366<tr> <td> <a href="#luser_relay"> Local catch-all address</a> </td> 367<td> local mail only </td> <td> local(8) </td> <td> luser_relay </td> <td> 368none </td> </tr> 369 370</table> 371 372</blockquote> 373 374<h2> <a name="receiving"> Address rewriting when mail is received</a> 375</h2> 376 377<p> The cleanup(8) server receives mail from outside of Postfix as 378well as mail from internal sources such as forwarded mail, 379undeliverable mail that is bounced to the sender, and postmaster 380notifications about problems with the mail system. </p> 381 382<p> The cleanup(8) server transforms the sender, recipients and 383message content into a standard form before writing it to an incoming 384queue file. The server cleans up sender and recipient addresses in 385message headers and in the envelope, adds missing message headers 386such as From: or Date: that are required by mail standards, and 387removes message headers such as Bcc: that should not be present. 388The cleanup(8) server delegates the more complex address manipulations 389to the trivial-rewrite(8) server as described later in this document. 390</p> 391 392<p> Address manipulations at this stage are: </p> 393 394<ul> 395 396<li> <a href="#standard"> Rewrite addresses to standard form</a> 397 398<li> <a href="#canonical"> Canonical address mapping</a> 399 400<li> <a href="#masquerade"> Address masquerading</a> 401 402<li> <a href="#auto_bcc"> Automatic BCC recipients</a> 403 404<li> <a href="#virtual"> Virtual aliasing </a> 405 406</ul> 407 408<h3> <a name="standard"> Rewrite addresses to standard form</a> </h3> 409 410<p> Before the cleanup(8) daemon runs an address through any address 411mapping lookup table, it first rewrites the address to the standard 412"user@fully.qualified.domain" form, by sending the address to the 413trivial-rewrite(8) daemon. The purpose of rewriting to standard 414form is to reduce the number of entries needed in lookup tables. 415</p> 416 417<p> The Postfix trivial-rewrite(8) daemon implements the following 418hard-coded address manipulations: </p> 419 420<blockquote> 421 422<dl> 423 424<dt>Rewrite "@hosta,@hostb:user@site" to "user@site"</dt> 425 426<dd> <p> In case you wonder what this is, the address form above 427is called a route address, and specifies that mail for "user@site" 428be delivered via "hosta" and "hostb". Usage of this form has been 429deprecated for a long time. Postfix has no ability to handle route 430addresses, other than to strip off the route part. </p> 431 432<p> NOTE: Postfix versions 2.2 and later rewrite message headers 433from remote SMTP clients only if the client matches the 434local_header_rewrite_clients parameter, or if the 435remote_header_rewrite_domain configuration parameter specifies a 436non-empty value. To get the behavior before Postfix 2.2, specify 437"local_header_rewrite_clients = static:all". </p> </dd> 438 439<dt>Rewrite "site!user" to "user@site" </dt> 440 441<dd> <p> This feature is controlled by the boolean swap_bangpath 442parameter (default: yes). The purpose is to rewrite UUCP-style 443addresses to domain style. This is useful only when you receive 444mail via UUCP, but it probably does not hurt otherwise. </p> 445 446<p> NOTE: Postfix versions 2.2 and later rewrite message headers 447from remote SMTP clients only if the client matches the 448local_header_rewrite_clients parameter, or if the 449remote_header_rewrite_domain configuration parameter specifies a 450non-empty value. To get the behavior before Postfix 2.2, specify 451"local_header_rewrite_clients = static:all". </p> </dd> 452 453<dt>Rewrite "user%domain" to "user@domain"</dt> 454 455<dd> <p> This feature is controlled by the boolean allow_percent_hack 456parameter (default: yes). Typically, this is used in order to deal 457with monstrosities such as "user%domain@otherdomain". </p> 458 459<p> NOTE: Postfix versions 2.2 and later rewrite message headers 460from remote SMTP clients only if the client matches the 461local_header_rewrite_clients parameter, or if the 462remote_header_rewrite_domain configuration parameter specifies a 463non-empty value. To get the behavior before Postfix 2.2, specify 464"local_header_rewrite_clients = static:all". </p> </dd> 465 466<dt> 467 468Rewrite "user" to "user@$myorigin" </dt> 469 470<dd> <p> This feature is controlled by the boolean append_at_myorigin 471parameter (default: yes). You should never turn off this feature, 472because a lot of Postfix components expect that all addresses have 473the form "user@domain". </p> 474 475<p> NOTE: Postfix versions 2.2 and later rewrite message headers 476from remote SMTP clients only if the client matches the 477local_header_rewrite_clients parameter; otherwise they append the 478domain name specified with the remote_header_rewrite_domain 479configuration parameter, if one is specified. To get the behavior 480before Postfix 2.2, specify "local_header_rewrite_clients = 481static:all". </p> 482 483<p> If your machine is not the main machine for $myorigin and you 484wish to have some users delivered locally without going via that 485main machine, make an entry in the <a href="#virtual">virtual 486alias</a> table that redirects "user@$myorigin" to 487"user@$myhostname". See also the "delivering some 488users locally" section in the STANDARD_CONFIGURATION_README 489document. </p> </dd> 490 491<dt> 492 493Rewrite "user@host" to "user@host.$mydomain" </dt> 494 495<dd> <p> This feature is controlled by the boolean append_dot_mydomain 496parameter (default: yes). The purpose is to get consistent treatment 497of different forms of the same hostname. </p> 498 499<p> NOTE: Postfix versions 2.2 and later rewrite message headers 500from remote SMTP clients only if the client matches the 501local_header_rewrite_clients parameter; otherwise they append the 502domain name specified with the remote_header_rewrite_domain 503configuration parameter, if one is specified. To get the behavior 504before Postfix 2.2, specify "local_header_rewrite_clients = 505static:all". </p> 506 507<p> Some will argue that rewriting "host" to "host.domain" 508is bad. That is why it can be turned off. Others like the convenience 509of having Postfix's own domain appended automatically. </p> </dd> 510 511<dt>Rewrite "user@site." to "user@site" (without the trailing dot).</dt> 512 513<dd> <p> A single trailing dot is silently removed. However, an 514address that ends in multiple dots will be rejected as an invalid 515address. </p> 516 517<p> NOTE: Postfix versions 2.2 and later rewrite message headers 518from remote SMTP clients only if the client matches the 519local_header_rewrite_clients parameter, or if the 520remote_header_rewrite_domain configuration parameter specifies a 521non-empty value. To get the behavior before Postfix 2.2, specify 522"local_header_rewrite_clients = static:all". </p> </dd> 523 524</dl> 525 526</blockquote> 527 528<h3> <a name="canonical"> Canonical address mapping </a> </h3> 529 530<p> The cleanup(8) daemon uses the canonical(5) tables to rewrite 531addresses in message envelopes and in message headers. By default 532all header and envelope addresses are rewritten; this is controlled 533with the canonical_classes configuration parameter. </p> 534 535<p> NOTE: Postfix versions 2.2 and later rewrite message headers 536from remote SMTP clients only if the client matches the 537local_header_rewrite_clients parameter, or if the 538remote_header_rewrite_domain configuration parameter specifies a 539non-empty value. To get the behavior before Postfix 2.2, specify 540"local_header_rewrite_clients = static:all". </p> 541 542<p> Address rewriting is 543done for local and remote addresses. The mapping is useful to 544replace login names by "Firstname.Lastname" style addresses, or to 545clean up invalid domains in mail addresses produced by legacy mail 546systems. </p> 547 548<p> Canonical mapping is disabled by default. To enable, edit the 549canonical_maps parameter in the main.cf file and specify one or 550more lookup tables, separated by whitespace or commas. </p> 551 552<p> Example: </p> 553 554<blockquote> 555<pre> 556/etc/postfix/main.cf: 557 canonical_maps = hash:/etc/postfix/canonical 558 559/etc/postfix/canonical: 560 wietse Wietse.Venema 561</pre> 562</blockquote> 563 564<p> For static mappings as shown above, lookup tables such as hash:, 565ldap:, mysql: or pgsql: are sufficient. For dynamic mappings you 566can use regular expression tables. This requires that you become 567intimately familiar with the ideas expressed in regexp_table(5), 568pcre_table(5) and canonical(5). </p> 569 570<p> In addition to the canonical maps which are applied to both sender 571and recipient addresses, you can specify canonical maps that are 572applied only to sender addresses or to recipient addresses. </p> 573 574<p> Example: </p> 575 576<blockquote> 577<pre> 578/etc/postfix/main.cf: 579 sender_canonical_maps = hash:/etc/postfix/sender_canonical 580 recipient_canonical_maps = hash:/etc/postfix/recipient_canonical 581</pre> 582</blockquote> 583 584<p> The sender and recipient canonical maps are applied before the 585common canonical maps. The sender_canonical_classes and 586recipient_canonical_classes parameters control what addresses are 587subject to sender_canonical_maps and recipient_canonical_maps 588mappings, respectively. </p> 589 590<p> Sender-specific rewriting is useful when you want to rewrite 591ugly sender addresses to pretty ones, and still want to be able to 592send mail to the those ugly address without creating a mailer loop. 593</p> 594 595<p> Canonical mapping can be turned off selectively for mail received 596by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf settings 597in the master.cf file. This feature is available in Postfix version 5982.1 and later. </p> 599 600<p> Example: </p> 601 602<blockquote> 603<pre> 604/etc/postfix/master.cf: 605 127.0.0.1:10026 inet n - n - - smtpd 606 -o receive_override_options=no_address_mappings 607</pre> 608</blockquote> 609 610<p> Note: do not specify whitespace around the "=" here. </p> 611 612<h3> <a name="masquerade"> Address masquerading </a> </h3> 613 614<p> Address masquerading is a method to hide hosts inside a domain 615behind their mail gateway, and to make it appear as if the mail 616comes from the gateway itself, instead of from individual machines. 617</p> 618 619<p> NOTE: Postfix versions 2.2 and later rewrite message headers 620from remote SMTP clients only if the client matches the 621local_header_rewrite_clients parameter, or if the 622remote_header_rewrite_domain configuration parameter specifies a 623non-empty value. To get the behavior before Postfix 2.2, specify 624"local_header_rewrite_clients = static:all". </p> 625 626<p> Address masquerading is disabled by default, and is implemented 627by the cleanup(8) server. To enable, edit the masquerade_domains 628parameter in the main.cf file and specify one or more domain names 629separated by whitespace or commas. When Postfix tries to masquerade 630a domain, it processes the list from left to right, and processing 631stops at the first match. </p> 632 633<p> Example: </p> 634 635<blockquote> 636<pre> 637/etc/postfix/main.cf: 638 masquerade_domains = foo.example.com example.com 639</pre> 640</blockquote> 641 642<p> strips "any.thing.foo.example.com" to "foo.example.com", but 643strips "any.thing.else.example.com" to "example.com". </p> 644 645<p> A domain name prefixed with "<tt>!</tt>" means do not masquerade 646this domain or its subdomains: </p> 647 648<blockquote> 649<pre> 650/etc/postfix/main.cf: 651 masquerade_domains = !foo.example.com example.com 652</pre> 653</blockquote> 654 655<p> does not change "any.thing.foo.example.com" and "foo.example.com", 656but strips "any.thing.else.example.com" to "example.com". </p> 657 658<p> The masquerade_exceptions configuration parameter specifies 659what user names should not be subjected to address masquerading. 660Specify one or more user names separated by whitespace or commas. 661</p> 662 663<p> Example: </p> 664 665<blockquote> 666<pre> 667/etc/postfix/main.cf: 668 masquerade_exceptions = root 669</pre> 670</blockquote> 671 672<p> By default, Postfix makes no exceptions. </p> 673 674<p> Subtle point: by default, address masquerading is applied only to 675message headers and to envelope sender addresses, but not to envelope 676recipients. This allows you to use address masquerading on a mail 677gateway machine, while still being able to forward mail from outside 678to users on individual machines. </p> 679 680<p> In order to subject envelope recipient addresses to masquerading, 681too, specify (Postfix version 1.1 and later):</p> 682 683<blockquote> 684<pre> 685/etc/postfix/main.cf: 686 masquerade_classes = envelope_sender, envelope_recipient, 687 header_sender, header_recipient 688</pre> 689</blockquote> 690 691<p> If you rewrite the envelope recipient like this, Postfix will 692no longer be able to send mail to individual machines. </p> 693 694<p> Address masquerading can be turned off selectively for mail 695received by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf 696settings in the master.cf file. This feature is available in 697Postfix version 2.1 and later. </p> 698 699<p> Example: </p> 700 701<blockquote> 702<pre> 703/etc/postfix/master.cf: 704 127.0.0.1:10026 inet n - n - - smtpd 705 -o receive_override_options=no_address_mappings 706</pre> 707</blockquote> 708 709<p> Note: do not specify whitespace around the "=" here. </p> 710 711<h3> <a name="auto_bcc"> Automatic BCC recipients</a> </h3> 712 713<p> After applying the canonical and masquerade mappings, the 714cleanup(8) daemon can generate optional BCC (blind carbon-copy) 715recipients. Postfix provides three mechanisms: </p> 716 717<blockquote> 718 719<dl> 720 721<dt> always_bcc = address </dt> <dd> Deliver a copy of all mail to 722the specified address. In Postfix versions before 2.1, this feature 723is implemented by smtpd(8), qmqpd(8), or pickup(8). </dd> 724 725<dt> sender_bcc_maps = type:table </dt> <dd> Search the specified 726"type:table" lookup table with the envelope sender address for an 727automatic BCC address. This feature is available in Postfix 2.1 728and later. </dd> 729 730<dt> recipient_bcc_maps = type:table </dt> <dd> Search the specified 731"type:table" lookup table with the envelope recipient address for 732an automatic BCC address. This feature is available in Postfix 2.1 733and later. </dd> 734 735</dl> 736 737</blockquote> 738 739<p> Note: automatic BCC recipients are produced only for new mail. 740To avoid mailer loops, automatic BCC recipients are not generated 741for mail that Postfix forwards internally, nor for mail that Postfix 742generates itself. </p> 743 744<p> Automatic BCC recipients (including always_bcc) can be turned 745off selectively for mail received by smtpd(8), qmqpd(8), or pickup(8), 746by overriding main.cf settings in the master.cf file. This feature 747is available in Postfix version 2.1 and later. </p> 748 749<p> Example: </p> 750 751<blockquote> 752<pre> 753/etc/postfix/master.cf: 754 127.0.0.1:10026 inet n - n - - smtpd 755 -o receive_override_options=no_address_mappings 756</pre> 757</blockquote> 758 759<p> Note: do not specify whitespace around the "=" here. </p> 760 761<h3> <a name="virtual"> Virtual aliasing </a> </h3> 762 763<p> Before writing the recipients to the queue file, the cleanup(8) 764daemon uses the optional virtual(5) alias tables to redirect mail 765for recipients. The mapping affects only envelope recipient 766addresses; it has no effect on message headers or envelope sender 767addresses. Virtual alias lookups are useful to redirect mail for 768virtual alias domains to real user mailboxes, and to redirect mail 769for domains that no longer exist. Virtual alias lookups can also 770be used to transform " Firstname.Lastname " back into UNIX login 771names, although it seems that local <a href="#aliases">aliases</a> 772may be a more appropriate vehicle. See the VIRTUAL_README document 773for an overview of methods to host virtual domains with Postfix. 774</p> 775 776<p> Virtual aliasing is disabled by default. To enable, edit the 777virtual_alias_maps parameter in the main.cf file and 778specify one or more lookup tables, separated by whitespace or 779commas. </p> 780 781<p> Example: </p> 782 783<blockquote> 784<pre> 785/etc/postfix/main.cf: 786 virtual_alias_maps = hash:/etc/postfix/virtual 787 788/etc/postfix/virtual: 789 Wietse.Venema wietse 790</pre> 791</blockquote> 792 793<p> Addresses found in virtual alias maps are subjected to another 794iteration of virtual aliasing, but are not subjected to canonical 795mapping, in order to avoid loops. </p> 796 797<p> For static mappings as shown above, lookup tables such as hash:, 798ldap:, mysql: or pgsql: are sufficient. For dynamic mappings you 799can use regular expression tables. This requires that you become 800intimately familiar with the ideas expressed in regexp_table(5), 801pcre_table(5) and virtual(5). </p> 802 803<p> Virtual aliasing can be turned off selectively for mail received 804by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf settings 805in the master.cf file. This feature is available in Postfix version 8062.1 and later. </p> 807 808<p> Example: </p> 809 810<blockquote> 811<pre> 812/etc/postfix/master.cf: 813 127.0.0.1:10026 inet n - n - - smtpd 814 -o receive_override_options=no_address_mappings 815</pre> 816</blockquote> 817 818<p> Note: do not specify whitespace around the "=" here. </p> 819 820<p> At this point the message is ready to be stored into the 821Postfix incoming queue. </p> 822 823<h2> <a name="delivering"> Address rewriting when mail is delivered</a> </h2> 824 825<p> The Postfix queue manager sorts mail according to its destination 826and gives it to Postfix delivery agents such as local(8), smtp(8), 827or lmtp(8). Just like the cleanup(8) server, the Postfix queue 828manager delegates the more complex address manipulations to the 829trivial-rewrite(8) server. </p> 830 831<p> Address manipulations at this stage are: </p> 832 833<ul> 834 835<li> <a href="#resolve"> Resolve address to destination </a> 836 837<li> <a href="#transport"> Mail transport switch</a> 838 839<li> <a href="#relocated"> Relocated users table</a> 840 841</ul> 842 843<p> Each Postfix delivery agent tries to deliver the mail to its 844destination, while encapsulating the sender, recipients, and message 845content according to the rules of the SMTP, LMTP, etc. protocol. 846When mail cannot be delivered, it is either returned to the sender 847or moved to the deferred queue and tried again later. </p> 848 849<p> <a name="remote">Address</a> manipulations when mail is delivered 850via the smtp(8) delivery agent: </p> 851 852<ul> 853 854<li> <a href="#generic"> Generic mapping for outgoing SMTP mail </a> 855 856</ul> 857 858<p> <a name="local">Address</a> manipulations when mail is delivered 859via the local(8) delivery agent: </p> 860 861<ul> 862 863<li> <a href="#aliases"> Local alias database</a> 864 865<li> <a href="#forward"> Local per-user .forward files</a> 866 867<li> <a href="#luser_relay"> Local catch-all address</a> 868 869</ul> 870 871<p> The remainder of this document presents each address manipulation 872step in more detail, with specific examples or with pointers to 873documentation with examples. </p> 874 875<h3> <a name="resolve"> Resolve address to destination </a> </h3> 876 877<p> The Postfix qmgr(8) queue manager selects new mail from the 878incoming queue or old mail from the deferred queue, and asks the 879trivial-rewrite(8) address rewriting and resolving daemon where it 880should be delivered. </p> 881 882<p> As of version 2.0, Postfix distinguishes four major address 883classes. Each class has its own list of domain names, and each 884class has its own default delivery method, as shown in the table 885below. See the ADDRESS_CLASS_README document for the fine details. 886Postfix versions before 2.0 only distinguish between local delivery 887and everything else. </p> 888 889<blockquote> 890 891<table border="1"> 892 893<tr><th align="left">Destination domain list </th> <th 894align="left">Default delivery method </th> <th>Availability 895</th> </tr> 896 897<tr><td>$mydestination, $inet_interfaces, $proxy_interfaces </td> 898<td>$local_transport </td> <td>Postfix 1.0</td></tr> 899 900<tr><td>$virtual_mailbox_domains </td> <td>$virtual_transport </td> 901<td>Postfix 2.0</td> </tr> 902 903<tr><td>$relay_domains </td> <td>$relay_transport </td> <td>Postfix 9042.0</td> </tr> 905 906<tr><td>none </td> <td>$default_transport </td> <td>Postfix 1.0</td> 907</tr> 908 909</table> 910 911</blockquote> 912 913<h3> <a name="transport"> Mail transport switch </a> </h3> 914 915<p> Once the trivial-rewrite(8) daemon has determined a default 916delivery method it searches the optional transport(5) table for 917information that overrides the message destination and/or delivery 918method. Typical use of the transport(5) table is to send mail to 919a system 920that is not connected to the Internet, or to use a special SMTP 921client configuration for destinations that have special requirements. 922See, for example, the STANDARD_CONFIGURATION_README and UUCP_README 923documents, and the examples in the transport(5) manual page. </p> 924 925<p> Transport table lookups are disabled by default. To enable, 926edit the transport_maps parameter in the main.cf file and specify 927one or more lookup tables, separated by whitespace or commas. </p> 928 929<p> Example: </p> 930 931<blockquote> 932<pre> 933/etc/postfix/main.cf: 934 transport_maps = hash:/etc/postfix/transport 935</pre> 936</blockquote> 937 938<h3> <a name="relocated"> Relocated users table </a> </h3> 939 940<p> Next, the trivial-rewrite(8) address rewriting and resolving 941daemon runs each recipient through the relocated(5) database. This 942table provides information on how to reach users that no longer 943have an account, or what to do with mail for entire domains that 944no longer exist. When mail is sent to an address that is listed 945in this table, the message is returned to the sender with an 946informative message. </p> 947 948<p> The relocated(5) database is searched after transport(5) 949table lookups, in anticipation of transport(5) tables that 950can replace one recipient address by a different one. </p> 951 952<p> Lookups of relocated users are disabled by default. To enable, 953edit the relocated_maps parameter in the main.cf file and specify 954one or more lookup tables, separated by whitespace or commas. </p> 955 956<p> Example: </p> 957 958<blockquote> 959<pre> 960/etc/postfix/main.cf: 961 relocated_maps = hash:/etc/postfix/relocated 962 963/etc/postfix/relocated: 964 username@example.com otheruser@elsewhere.tld 965</pre> 966</blockquote> 967 968<p> As of Postfix version 2, mail for a relocated user will be 969rejected by the SMTP server with the reason "user has moved to 970otheruser@elsewhere.tld". Older Postfix versions will receive the 971mail first, and then return it to the sender as undeliverable, with 972the same reason. </p> 973 974<h3> <a name="generic"> Generic mapping for outgoing SMTP mail </a> </h3> 975 976<p> Some hosts have no valid Internet domain name, and instead use 977a name such as <i>localdomain.local</i>. This can be a problem when 978you want to send mail over the Internet, because many mail servers 979reject mail addresses with invalid domain names. </p> 980 981<p> With the smtp_generic_maps parameter you can specify generic(5) 982lookup tables that replace local mail addresses by valid Internet 983addresses when mail leaves the machine via SMTP. The generic(5) 984mapping replaces envelope and header addresses, and is non-recursive. 985It does not happen when you send mail between addresses on the 986local machine. </p> 987 988<p> This feature is available in Postfix version 2.2 and later.</p> 989 990<p> Example: </p> 991 992<blockquote> 993<pre> 994/etc/postfix/main.cf: 995 smtp_generic_maps = hash:/etc/postfix/generic 996 997/etc/postfix/generic: 998 his@localdomain.local hisaccount@hisisp.example 999 her@localdomain.local heraccount@herisp.example 1000 @localdomain.local hisaccount+local@hisisp.example 1001</pre> 1002</blockquote> 1003 1004<p> When mail is sent to a remote host via SMTP, this replaces 1005<i>his@localdomain.local</i> by his ISP mail address, replaces 1006<i>her@localdomain.local</i> by her ISP mail address, and replaces 1007other local addresses by his ISP account, with an address extension 1008of +<i>local</i> (this example assumes that the ISP supports "+" 1009style address extensions). </p> 1010 1011<h3> <a name="aliases"> Local alias database </a> </h3> 1012 1013<p> When mail is to be delivered locally, the local(8) delivery 1014agent runs each local recipient name through the aliases(5) database. 1015The mapping does not affect addresses in message headers. Local 1016aliases are typically used to implement distribution lists, or to 1017direct mail for standard aliases such as postmaster to real people. 1018The table can also be used to map "Firstname.Lastname" addresses 1019to login names. </p> 1020 1021<p> Alias lookups are enabled by default. The default configuration 1022depends on the operating system environment, but it is typically 1023one of the following: </p> 1024 1025<blockquote> 1026<pre> 1027/etc/postfix/main.cf: 1028 alias_maps = hash:/etc/aliases 1029 alias_maps = dbm:/etc/aliases, nis:mail.aliases 1030</pre> 1031</blockquote> 1032 1033<p> The pathname of the alias database file is controlled with the 1034alias_database configuration parameter. The value is system dependent. 1035Usually it is one of the following: </p> 1036 1037<blockquote> 1038<pre> 1039/etc/postfix/main.cf: 1040 alias_database = hash:/etc/aliases (4.4BSD, LINUX) 1041 alias_database = dbm:/etc/aliases (4.3BSD, SYSV<4) 1042 alias_database = dbm:/etc/mail/aliases (SYSV4) 1043</pre> 1044</blockquote> 1045 1046<p> An aliases(5) file can specify that mail should be delivered 1047to a local file, or to a command that receives the message in the 1048standard input stream. For security reasons, deliveries to command 1049and file destinations are performed with the rights of the alias 1050database owner. A default userid, default_privs, is used for 1051deliveries to commands or files in "root"-owned aliases. </p> 1052 1053<h3> <a name="forward"> Local per-user .forward files </a> </h3> 1054 1055<p> With delivery via the local(8) deliver agent, users can control 1056their own mail delivery by specifying destinations in a file called 1057.forward in their home directories. The syntax of these files is 1058the same as with the local aliases(5) file, except that the left-hand 1059side of the alias (lookup key and colon) are not present. </p> 1060 1061<h3> <a name="luser_relay"> Local catch-all address </a> </h3> 1062 1063<p> When the local(8) delivery agent finds that a message recipient 1064does not exist, the message is normally returned to the sender ("user 1065unknown"). Sometimes it is desirable to forward mail for non-existing 1066recipients to another machine. For this purpose you can specify 1067an alternative destination with the luser_relay configuration 1068parameter. </p> 1069 1070<p> Alternatively, mail for non-existent recipients can be delegated 1071to an entirely different message transport, as specified with the 1072fallback_transport configuration parameter. For details, see the 1073local(8) delivery agent documentation. </p> 1074 1075<p> Note: if you use the luser_relay feature in order to receive 1076mail for non-UNIX accounts, then you must specify: </p> 1077 1078<blockquote> 1079<pre> 1080/etc/postfix/main.cf: 1081 local_recipient_maps = 1082</pre> 1083</blockquote> 1084 1085<p> (i.e. empty) in the main.cf file, otherwise the Postfix SMTP 1086server will reject mail for non-UNIX accounts with "User unknown 1087in local recipient table". See the LOCAL_RECIPIENT_README file 1088for more information on this. 1089</p> 1090 1091<p> luser_relay can specify one address. It is subjected to "$name" 1092expansions. Examples: </p> 1093 1094<blockquote> 1095 1096<dl> 1097 1098<dt>$user@other.host </dt> 1099 1100<dd> <p> The bare username, without address extension, is prepended 1101to "@other.host". For example, mail for "username+foo" is sent to 1102"username@other.host". </p> </dd> 1103 1104<dt>$local@other.host </dt> 1105 1106<dd> <p> The entire original recipient localpart, including address 1107extension, is prepended to "@other.host". For example, mail for 1108"username+foo" is sent to "username+foo@other.host". </p> </dd> 1109 1110<dt>sysadmin+$user </dt> 1111 1112<dd> <p> The bare username, without address extension, is appended 1113to "sysadmin". For example, mail for "username+foo" is sent to 1114"sysadmin+username". </p> </dd> 1115 1116<dt>sysadmin+$local </dt> 1117 1118<dd> <p> The entire original recipient localpart, including address 1119extension, is appended to "sysadmin". For example, mail for 1120"username+foo" is sent to "sysadmin+username+foo". </p> </dd> 1121 1122</dl> 1123 1124</blockquote> 1125 1126<h2> <a name="debugging"> Debugging your address manipulations </a> </h2> 1127 1128<p> Postfix version 2.1 and later can 1129produce mail delivery reports for debugging purposes. These reports 1130not only show sender/recipient addresses after address rewriting 1131and alias expansion or forwarding, they also show information about 1132delivery to mailbox, delivery to non-Postfix command, responses 1133from remote SMTP servers, and so on. </p> 1134 1135<p> Postfix can produce two types of mail delivery reports for 1136debugging: </p> 1137 1138<ul> 1139 1140<li> <p> What-if: report what would happen, but do not actually 1141deliver mail. This mode of operation is requested with: </p> 1142 1143<pre> 1144$ <b>/usr/sbin/sendmail -bv address...</b> 1145Mail Delivery Status Report will be mailed to <your login name>. 1146</pre> 1147 1148<li> <p> What happened: deliver mail and report successes and/or 1149failures, including replies from remote SMTP servers. This mode 1150of operation is requested with: </p> 1151 1152<pre> 1153$ <b>/usr/sbin/sendmail -v address...</b> 1154Mail Delivery Status Report will be mailed to <your login name>. 1155</pre> 1156 1157</ul> 1158 1159<p> These reports contain information that is generated by Postfix 1160delivery agents. Since these run as daemon processes and do not 1161interact with users directly, the result is sent as mail to the 1162sender of the test message. The format of these reports is practically 1163identical to that of ordinary non-delivery notifications. </p> 1164 1165<p> As an example, below is the delivery report that is produced 1166with the command "sendmail -bv postfix-users@postfix.org". The 1167first part of the report contains human-readable text. In this 1168case, mail would be delivered via mail.cloud9.net, and the SMTP 1169server replies with "250 Ok". Other reports may show delivery 1170to mailbox, or delivery to non-Postfix command. </p> 1171 1172<blockquote> 1173<pre> 1174Content-Description: Notification 1175Content-Type: text/plain 1176 1177This is the mail system at host spike.porcupine.org. 1178 1179Enclosed is the mail delivery report that you requested. 1180 1181 The mail system 1182 1183<postfix-users@postfix.org>: delivery via mail.cloud9.net[168.100.1.4]: 250 2.1.5 Ok 1184</pre> 1185</blockquote> 1186 1187<p> The second part of the report is in machine-readable form, and 1188includes the following information: </p> 1189 1190<ul> 1191 1192<li> The envelope sender address (wietse@porcupine.org). 1193 1194<li> The envelope recipient address (postfix-users@postfix.org). 1195If the recipient address was changed by Postfix then Postfix also 1196includes the original recipient address. 1197 1198<li> The delivery status. 1199 1200</ul> 1201 1202<p> Some details depend on Postfix version. The example below is 1203for Postfix version 2.3 and later. </p> 1204 1205<blockquote> 1206<pre> 1207Content-Description: Delivery report 1208Content-Type: message/delivery-status 1209 1210Reporting-MTA: dns; spike.porcupine.org 1211X-Postfix-Queue-ID: 84863BC0E5 1212X-Postfix-Sender: rfc822; wietse@porcupine.org 1213Arrival-Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST) 1214 1215Final-Recipient: rfc822; postfix-users@postfix.org 1216Action: deliverable 1217Status: 2.1.5 1218Remote-MTA: dns; mail.cloud9.net 1219Diagnostic-Code: smtp; 250 2.1.5 Ok 1220</pre> 1221</blockquote> 1222 1223<p> The third part of the report contains the message that Postfix 1224would have delivered, including From: and To: message headers, so 1225that you can see any effects of address rewriting on those. Mail 1226submitted with "sendmail -bv" has no body content so none is shown 1227in the example below. </p> 1228 1229<blockquote> 1230<pre> 1231Content-Description: Message 1232Content-Type: message/rfc822 1233 1234Received: by spike.porcupine.org (Postfix, from userid 1001) 1235 id 84863BC0E5; Sun, 26 Nov 2006 17:01:01 -0500 (EST) 1236Subject: probe 1237To: postfix-users@postfix.org 1238Message-Id: <20061126220101.84863BC0E5@spike.porcupine.org> 1239Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST) 1240From: wietse@porcupine.org (Wietse Venema) 1241</pre> 1242</blockquote> 1243 1244</body> 1245 1246</html> 1247