#1  
Old 20th April 2006, 15:45
oliver.blaha oliver.blaha is offline
Member
 
Join Date: Apr 2006
Posts: 37
Thanks: 0
Thanked 1 Time in 1 Post
Exclamation Incorrect postfix configuration

I found out that the way ISPConfig configures postix is quite wrong...

ISPConfig adds the following to main.cf:

Code:
mydestinations = /etc/postfix/local-host-names
virtual_alias_maps = hash:/etc/postfix/virtusertable
In local-host-names there are all the virtual domains listed.

But in postfix docs (http://www.postfix.org/VIRTUAL_README.html) you'll find this:

Code:
NEVER list a virtual alias domain name as a mydestination domain!
The reason is quite simple, I'll show this with a little example:

Let's assume we have tow customers.
Customer 1 has the domain customer1.com
Customer 2 has the domain customer2.com

Customer 1 has a username called web1_mail, with mail address mail@customer1.com
Customer 2 has a username called web2_mail, with mail address mail@customer2.com

Now if you send a mail to web2_mail@customer1.com, this mail reaches Customer 2! This happens because first of all, the virtual maps are checked. As there is no match, usually the mail should be rejected. BUT: As the domain is listed as "local domain", also the user accounts on the machine are checked, and as there is a matching user, the mail is delivered to this user.

And this behaviour might lead to legal problems!
Customers are able to abuse a domain - okay, only with their own username ahead, but anyway, it is possible to use foreign domains, and I don't think that's how it should be

Further this behaviour might lead to other problems:
If you want to specifiy an alias in /etc/aliases, and enter a virtual mail address of the server as mail destination (This is e.g. wanted if you have your admin mail account on this machine and want to get some mail forwarded there), then postfix thinks that the domain name is not virtual but local, just uses the part in front of the @ as destination user name - and, of course, doesn't find it.
Of course you could simply use the local username instead of the virtual address, but in this case, if you ever give the alias to another user or change with this domain to another server, you will have to change the aliases by hand.

But, the sollution for all this is quite simple!
In fact, in main.cf there is just one line that really has to be changed:

Code:
virtual_alias_domains = /etc/postfix/local-host-names
virtual_alias_maps = hash:/etc/postfix/virtusertable
Further you have to uncomment the original "mydestination" line - but it might also work if you don't, I didn't try.

After doing that it should work, BUT you usually you will get warnings, because your "real" local domain name is now both in mydestinations AND in virtual_alias_domains.

This is the point where a little change should be made in ISPConfig by the developers (btw, great work so far!):
Currently there is always localhost, server1.example.com, localhost.server1.example.com and localhost.example.com added to the file /etc/postfix/local-host-names. These should definitly not be in there, as these are no virtual domains and have nothing to do with the other domains.
When these are removed, everything will work without warnings.

I hope you will change ISPConfig that it behaves correctly
To preserve backward compatibility you might want to implement an option in config.inc.php to enable/disable the correct/incorrect behaviour.
Reply With Quote
Sponsored Links
  #2  
Old 20th April 2006, 16:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by oliver.blaha
I found out that the way ISPConfig configures postix is quite wrong...

ISPConfig adds the following to main.cf:

Code:
mydestinations = /etc/postfix/local-host-names
virtual_alias_maps = hash:/etc/postfix/virtusertable
In local-host-names there are all the virtual domains listed.

But in postfix docs (http://www.postfix.org/VIRTUAL_README.html) you'll find this:

Code:
NEVER list a virtual alias domain name as a mydestination domain!
The reason is quite simple, I'll show this with a little example:

Let's assume we have tow customers.
Customer 1 has the domain customer1.com
Customer 2 has the domain customer2.com

Customer 1 has a username called web1_mail, with mail address mail@customer1.com
Customer 2 has a username called web2_mail, with mail address mail@customer2.com

Now if you send a mail to web2_mail@customer1.com, this mail reaches Customer 2! This happens because first of all, the virtual maps are checked. As there is no match, usually the mail should be rejected. BUT: As the domain is listed as "local domain", also the user accounts on the machine are checked, and as there is a matching user, the mail is delivered to this user.

And this behaviour might lead to legal problems!
Customers are able to abuse a domain - okay, only with their own username ahead, but anyway, it is possible to use foreign domains, and I don't think that's how it should be

Further this behaviour might lead to other problems:
If you want to specifiy an alias in /etc/aliases, and enter a virtual mail address of the server as mail destination (This is e.g. wanted if you have your admin mail account on this machine and want to get some mail forwarded there), then postfix thinks that the domain name is not virtual but local, just uses the part in front of the @ as destination user name - and, of course, doesn't find it.
Of course you could simply use the local username instead of the virtual address, but in this case, if you ever give the alias to another user or change with this domain to another server, you will have to change the aliases by hand.

But, the sollution for all this is quite simple!
In fact, in main.cf there is just one line that really has to be changed:

Code:
virtual_alias_domains = /etc/postfix/local-host-names
virtual_alias_maps = hash:/etc/postfix/virtusertable
Further you have to uncomment the original "mydestination" line - but it might also work if you don't, I didn't try.

After doing that it should work, BUT you usually you will get warnings, because your "real" local domain name is now both in mydestinations AND in virtual_alias_domains.

This is the point where a little change should be made in ISPConfig by the developers (btw, great work so far!):
Currently there is always localhost, server1.example.com, localhost.server1.example.com and localhost.example.com added to the file /etc/postfix/local-host-names. These should definitly not be in there, as these are no virtual domains and have nothing to do with the other domains.
When these are removed, everything will work without warnings.

I hope you will change ISPConfig that it behaves correctly
Have a look here: http://www.howtoforge.com/forums/showthread.php?t=597

Quote:
Originally Posted by oliver.blaha
To preserve backward compatibility you might want to implement an option in config.inc.php to enable/disable the correct/incorrect behaviour.
It's already implemented. You can choose between the old Sendmail style configuration (default) and a Postfix-style configuration.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 20th April 2006, 16:49
oliver.blaha oliver.blaha is offline
Member
 
Join Date: Apr 2006
Posts: 37
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

I have to admit I didn't find this post, although I tried to find sth.
But thanks for the hint

Note: Regarding the issues posted above, you should really set postfix-style as default behaviour...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IMAP question - Moving servers and mail. Brenton Installation/Configuration 11 14th May 2010 14:38
ispconfig and mambo shajazzi Installation/Configuration 70 28th March 2006 19:29
postfix starts and stops why lhatle Installation/Configuration 2 21st December 2005 15:20
please help: postfix design and configuration jaguar Installation/Configuration 1 9th December 2005 11:46
Postfix SMTP Auth Configuration kisong Installation/Configuration 6 20th October 2005 01:06


All times are GMT +2. The time now is 04:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.