1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Rejecting Unknown Local Recipients with Postfix</title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Rejecting Unknown Local Recipients with Postfix</h1> 17 18<hr> 19 20<h2>Introduction</h2> 21 22<p> As of Postfix version 2.0, the Postfix SMTP server rejects mail 23for unknown recipients in local domains (domains that match 24$mydestination or the IP addresses in $inet_interfaces or 25$proxy_interfaces) with "User unknown in local recipient table". 26This feature was optional with earlier Postfix versions. </p> 27 28<p> The good news is that this keeps undeliverable mail out of your 29queue, so that your mail queue is not clogged up with undeliverable 30MAILER-DAEMON messages. </p> 31 32<p> The bad news is that it may cause mail to be rejected when you 33upgrade from a Postfix system that was not configured to reject 34mail for unknown local recipients. </p> 35 36<p> This document describes what steps are needed in order to reject 37unknown local recipients correctly. </p> 38 39<ul> 40 41<li><a href="#main_config">Configuring local_recipient_maps 42in main.cf</a> 43 44<li><a href="#change">When you need to change the local_recipient_maps 45setting in main.cf</a> 46 47<li><a href="#format">Local recipient table format </a> 48 49</ul> 50 51<h2><a name="main_config">Configuring local_recipient_maps 52in main.cf</a></h2> 53 54<p> The local_recipient_maps parameter specifies lookup tables with 55all names or addresses of local recipients. A recipient address is 56local when its domain matches $mydestination, $inet_interfaces or 57$proxy_interfaces. If a local username or address is not listed in 58$local_recipient_maps, then the Postfix SMTP server will reject 59the address with "User unknown in local recipient table". </p> 60 61<p> The default setting, shown below, assumes that you use the 62default Postfix local(8) delivery agent for local delivery, where 63recipients are either UNIX accounts or local aliases: </p> 64 65<blockquote> 66<pre> 67/etc/postfix/main.cf: 68 local_recipient_maps = proxy:unix:passwd.byname $alias_maps 69</pre> 70</blockquote> 71 72<p> To turn off unknown local recipient rejects by the SMTP server, 73specify: </p> 74 75<blockquote> 76<pre> 77/etc/postfix/main.cf: 78 local_recipient_maps = 79</pre> 80</blockquote> 81 82<p> That is, an empty value. With this setting, the Postfix SMTP 83server will not reject mail with "User unknown in local recipient 84table". <b> Don't do this on systems that receive mail directly 85from the Internet. With today's worms and viruses, Postfix will 86become a backscatter source: it accepts mail for non-existent 87recipients and then tries to return that mail as "undeliverable" 88to the often forged sender address</b>. </p> 89 90<h2><a name="change">When you need to change the local_recipient_maps 91setting in main.cf</a></h2> 92 93<ul> 94 95 <li> <p> Problem: you don't use the default Postfix local(8) 96 delivery agent for domains matching $mydestination, $inet_interfaces, 97 or $proxy_interfaces. For example, you redefined the 98 "local_transport" setting in main.cf. </p> 99 100 <p> Solution: your local_recipient_maps setting needs to specify 101 a database that lists all the known user names or addresses 102 for that delivery agent. For example, if you deliver users in 103 $mydestination etc. domains via the virtual(8) delivery agent, 104 specify: </p> 105 106<pre> 107/etc/postfix/main.cf 108 mydestination = $myhostname localhost.$mydomain localhost ... 109 local_transport = virtual 110 local_recipient_maps = $virtual_mailbox_maps 111</pre> 112 113 <p> If you use a different delivery agent for $mydestination 114 etc. domains, see the section "<a href="#format">Local recipient 115 table format</a>" below for a description of how the table 116 should be populated. </p> 117 118 <li> <p> Problem: you use the mailbox_transport or fallback_transport 119 feature of the Postfix local(8) delivery agent in order to 120 deliver mail to non-UNIX accounts. </p> 121 122 <p> Solution: you need to add the database that lists the 123 non-UNIX users: </p> 124 125<pre> 126/etc/postfix/main.cf 127 local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, 128 <the database with non-UNIX accounts> 129</pre> 130 131 <p> See the section "<a href="#format">Local recipient table 132 format</a>" below for a description of how the table should be 133 populated. </p> 134 135 <li> <p> Problem: you use the luser_relay feature of the Postfix 136 local delivery agent. </p> 137 138 <p> Solution: you must disable the local_recipient_maps feature 139 completely, so that Postfix accepts mail for all local addresses: 140 </p> 141 142<pre> 143/etc/postfix/main.cf 144 local_recipient_maps = 145</pre> 146 147</ul> 148 149<h2><a name="format">Local recipient table format</a> </h2> 150 151<p> If you use local files in postmap(1) format, then 152local_recipient_maps expects the following table format: </p> 153 154<ul> 155 156<li> <p> In the left-hand side, specify a bare username, an 157"@domain.tld" wild-card, or specify a complete "user@domain.tld" 158address. </p> 159 160<li> <p> You have to specify something on the right-hand side of 161the table, but the value is ignored by local_recipient_maps. 162 163</ul> 164 165<p> If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL, 166then local_recipient_maps does the same queries as for local files 167in postmap(1) format, and expects the same results. </p> 168 169<p> With regular expression tables, Postfix only queries with the 170full recipient address, and not with the bare username or the 171"@domain.tld" wild-card. </p> 172 173<p> NOTE: a lookup table should always return a result when the address 174exists, and should always return "not found" when the address does 175not exist. In particular, a zero-length result does not count as 176a "not found" result. </p> 177 178</body> 179 180</html> 181