Email Routing (Postfix) Question

Discussion in 'Server Operation' started by [email protected], Sep 10, 2013.


    [email protected] New Member

    Quick question,

    If I use my ispconfig server to route email to another box for, why does it require me to put the individual users on the ispconfig server?


    A. goes to
    ispconfig server ( receives email for [email protected]
    routing has transport set to smtp:[] for
    [email protected] exists at but not
    /var/log/mail shows error that user does not exist in virtual table, mail not delivered

    same scenario except:
    [email protected] exists at both and
    user2 will receive the message at

    Is there a way to override checking the user virtual table if a transport rule exists? Or do I have something configured incorrectly. It's a default mail server install as per howtoforge instructions for Ubuntu 12.04.


  2. till

    till Super Moderator Staff Member ISPConfig Developer

    To prevent backscatter spam. But you dont have to add all users, you can also add just the domain as described in the manual. But if you add just the domain, you might get banned by other isp's mail servers.

    Backscatter spam works like this:

    Server1 forwards email for domain.tld to server2. If server1 does nt know that the address [email protected] does not exist, so it will send emails for this address to server2, server2 will reject the email and send it back to the sender. If I use a faked sender address then, I can use your server2 to send someone else a email and thats called backscatter and the other ISP will ban your serevr2 for that.

    [email protected] New Member

    Never thought of it that way. Good to know.

    Makes the management script a little more complex, but seems more secure in the long run.

    Thank you Till.

    [email protected] New Member

    Wait, follow up question...

    In your scenario, if someone faked a return address and you had each account in ispconfig (server1), wouldn't server1 just reply and get banned by the ISP instead of server2? Or is that where SPF record checks and other spam prevention would catch that at server1?
    Last edited: Sep 10, 2013

Share This Page