I've had this problem since I first installed ISPConfig.

I tried changing the mail style in /home/admispconfig/ispconfig/lib/config.inc.php from sendmail to postfix, but when I do this all mail is rejected as unknown users.

My question is, should mydestination = /etc/postfix/local-host-names in /etc/postfix/main.cf be changed to something else, or deleted entirely?

The line mydestination = /etc/postfix/local-host-names within your main.cf is ok.

Make sure if you also have the following lines within main.cf:

virtual_maps = hash:/etc/postfix/virtusertable
home_mailbox = Maildir/


Within ISPConfig under >Management >Server >Settings verify if your settings for Postfix are correct.
They Should be:

MTA type: Postfix
Virtuser File:
Sendmail CW: /etc/postfix/local-host-names
Mail Log: /var/log/mail.log
Maildir: (enabled)

Unfortunately that didn't work. I get status=bounced (User unknown in virtual alias table) for every email address on my system.

The interesting thing is all of the domains and addresses ARE in the virtusertable.

Perhaps I'm missing something obvious in main.cf...
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
inet_interfaces = all
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_client_restrictions =
check_client_access cidr:/etc/postfix/reject.cidr,
reject_unknown_client
smtpd_sender_restrictions =
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/sender_checks
smtpd_recipient_restrictions =
reject_invalid_hostname,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_checks
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

Note that "mail.mydomain.com" and "mydomain.com" point to actual domains and have been edited out.

Can you post an excerpt of your mail log where the error happens?
What's in /etc/postfix/virtusertable and /etc/postfix/local-host-names?

Here's the info you requested. Again, domain names have been changed to protect the innocent. :)

Log file...
Apr 8 08:29:41 server postfix/smtpd[13611]: connect from mail845.carrierinternetsolutions.com[69.49.106.55]
Apr 8 08:29:41 server postfix/smtpd[13611]: setting up TLS connection from mail845.carrierinternetsolutions.com[69.49.106.55]
Apr 8 08:29:41 server postfix/smtpd[13611]: TLS connection established from mail845.carrierinternetsolutions.com[69.49.106.55]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 8 08:29:41 server postfix/smtpd[13611]: DFA471CB1FF: client=mail845.carrierinternetsolutions.com[69.49.106.55]
Apr 8 08:29:42 server postfix/cleanup[13614]: DFA471CB1FF: message-id=<000801c779d9$8bea9820$db32a544@woernobm7aco>
Apr 8 08:29:42 server postfix/qmgr[13563]: DFA471CB1FF: from=<testaccount@covad.net>, size=1853, nrcpt=1 (queue active)
Apr 8 08:29:42 server postfix/smtpd[13611]: disconnect from mail845.carrierinternetsolutions.com[69.49.106.55]
Apr 8 08:29:42 server postfix/error[13615]: DFA471CB1FF: to=<web11_admin@mydomain.com>, orig_to=<jim@mydomain.com>, relay=none, delay=1, status=bounced (User unknown in virtual alias table)
Apr 8 08:29:42 server postfix/cleanup[13614]: 25D571CB200: message-id=<20070408122942.25D571CB200@mail.mydomain.com>
Apr 8 08:29:42 server postfix/qmgr[13563]: 25D571CB200: from=<>, size=3654, nrcpt=1 (queue active)
Apr 8 08:29:42 server postfix/qmgr[13563]: DFA471CB1FF: removed
Apr 8 08:29:48 server postfix/smtp[13618]: 25D571CB200: to=<testaccount@covad.net>, relay=mx1c8.carrierinternetsolutions.com[69.49.109.14], delay=6, status=sent (250 2.0.0 l38CTmIe006533 Message accepted for delivery)
Apr 8 08:29:48 server postfix/qmgr[13563]: 25D571CB200: removed


virtusertable...
###################################
#
# ISPConfig virtusertable Configuration File
# Version 1.0
#
###################################
www.mydomain.com VIRTUALDOMAIN
admin@www.mydomain.com web11_admin
orderinfo@www.mydomain.com web11_admin
inquiries@www.mydomain.com web11_admin
jim@www.mydomain.com web11_admin
web11_admin@www.mydomain.com web11_admin
orders@www.mydomain.com web11_heather
heatherm@www.mydomain.com web11_heather
web11_heather@www.mydomain.com web11_heather
mydomain.com VIRTUALDOMAIN
admin@mydomain.com web11_admin
orderinfo@mydomain.com web11_admin
inquiries@mydomain.com web11_admin
jim@mydomain.com web11_admin
web11_admin@mydomain.com web11_admin
orders@mydomain.com web11_heather
heatherm@mydomain.com web11_heather
web11_heather@mydomain.com web11_heather
www.mydomain2.com VIRTUALDOMAIN
nhawk@www.mydomain2.com web14_admin
web14_admin@www.mydomain2.com web14_admin
mydomain2.com VIRTUALDOMAIN
nhawk@mydomain2.com web14_admin
web14_admin@mydomain2.com web14_admin
www.mydomain3.com VIRTUALDOMAIN
admin@www.mydomain3.com web15_admin
web15_admin@www.mydomain3.com web15_admin
rickwest@www.mydomain3.com web15_rickw
web15_rickw@www.mydomain3.com web15_rickw
mydomain3.com VIRTUALDOMAIN
admin@mydomain3.com web15_admin
web15_admin@mydomain3.com web15_admin
rickwest@mydomain3.com web15_rickw
web15_rickw@mydomain3.com web15_rickw
www.mydomain4.com VIRTUALDOMAIN
admin@www.mydomain4.com web18_admin
web18_admin@www.mydomain4.com web18_admin
mydomain4.com VIRTUALDOMAIN
admin@mydomain4.com web18_admin
web18_admin@mydomain4.com web18_admin
www.mydomain5.com VIRTUALDOMAIN
jim@www.mydomain5.com web16_jim
web16_jim@www.mydomain5.com web16_jim
mydomain5.com VIRTUALDOMAIN
jim@mydomain5.com web16_jim
web16_jim@mydomain5.com web16_jim
#### MAKE MANUAL ENTRIES BELOW THIS LINE! ####

local-host-names...
###################################
#
# ISPConfig local-host-names Configuration File
# Version 1.0
#
###################################
localhost
server.mydomain.com
localhost.server.mydomain.com
localhost.mydomain.com
#### MAKE MANUAL ENTRIES BELOW THIS LINE! ####


When I change back to sendmail style mail, all domains appear in local-host-names. But I think this is what should happen.

First, sendmail style works perefctly with postfix, so there is no need to change it zo postfix style.

Is the user web11_admin listed in /etc/passwd ?

What is the output of the command:

hostname

and

hostname -f

Please try to change:

myhostname = mail.mydomain.com

to:

myhostname = server.mydomain.com

and restart postfix.

That worked Till, thanks! Now we'll see how that goes for a while.

The reason for changing is the sendmail style accepts messages to <systemuser>@anydomain.tld (ie: mail@anylocaldomain.com)

I have been unable to stop that from happening no matter what I do. I can't delete system users, so this may be the next best thing. My fear is that mail will be bounced and that can be as bad as an open relay.

As feared the change to sendmail started bouncing emails rather than rejecting them.

I've returned to postfix style mail.

I'd still like to reject system names (ie: mail@domain.com), but that doesn't seem possible.

This one took me forever to figure out.

To stop mail from being accepted for mail@ addresses do the following:

cd /etc/postfix

Edit access and add the following line at the end of the file...

mail@ accept_mynetworks,reject

save and exit the editor and then type postmap hash:access

Then in main.cf, under smtp_recipient_restrictions AFTER reject_unauth_destination add..

check_recipient_access hash:/etc/postfix/access

save, reload postfix and now mail@anydomain.com will be rejected.