1VIRTUAL(5) File Formats Manual VIRTUAL(5)
2
3
4
6 virtual - Postfix virtual alias table format
7
9 postmap /etc/postfix/virtual
10
11 postmap -q "string" /etc/postfix/virtual
12
13 postmap -q - /etc/postfix/virtual <inputfile
14
16 The optional virtual(5) alias table rewrites recipient addresses for
17 all local, all virtual, and all remote mail destinations. This is un‐
18 like the aliases(5) table which is used only for local(8) delivery.
19 This feature is implemented in the Postfix cleanup(8) daemon before
20 mail is queued.
21
22 Virtual aliasing is recursive; to terminate recursion for a specific
23 address, alias that address to itself.
24
25 The main applications of virtual aliasing are:
26
27 • To redirect mail for one address to one or more addresses.
28
29 • To implement virtual alias domains where all addresses are
30 aliased to addresses in other domains.
31
32 Virtual alias domains are not to be confused with the virtual
33 mailbox domains that are implemented with the Postfix virtual(8)
34 mail delivery agent. With virtual mailbox domains, each recipi‐
35 ent address can have its own mailbox.
36
37 Virtual aliasing is applied only to recipient envelope addresses, and
38 does not affect message headers. Use canonical(5) mapping to rewrite
39 header and envelope addresses in general.
40
41 Normally, the virtual(5) alias table is specified as a text file that
42 serves as input to the postmap(1) command. The result, an indexed file
43 in dbm or db format, is used for fast searching by the mail system. Ex‐
44 ecute the command "postmap /etc/postfix/virtual" to rebuild an indexed
45 file after changing the corresponding text file.
46
47 When the table is provided via other means such as NIS, LDAP or SQL,
48 the same lookups are done as for ordinary indexed files.
49
50 Alternatively, the table can be provided as a regular-expression map
51 where patterns are given as regular expressions, or lookups can be di‐
52 rected to a TCP-based server. In those case, the lookups are done in a
53 slightly different way as described below under "REGULAR EXPRESSION TA‐
54 BLES" or "TCP-BASED TABLES".
55
57 The search string is folded to lowercase before database lookup. As of
58 Postfix 2.3, the search string is not case folded with database types
59 such as regexp: or pcre: whose lookup fields can match both upper and
60 lower case.
61
63 The input format for the postmap(1) command is as follows:
64
65 pattern address, address, ...
66 When pattern matches a mail address, replace it by the corre‐
67 sponding address.
68
69 blank lines and comments
70 Empty lines and whitespace-only lines are ignored, as are lines
71 whose first non-whitespace character is a `#'.
72
73 multi-line text
74 A logical line starts with non-whitespace text. A line that
75 starts with whitespace continues a logical line.
76
78 With lookups from indexed files such as DB or DBM, or from networked
79 tables such as NIS, LDAP or SQL, each user@domain query produces a se‐
80 quence of query patterns as described below.
81
82 Each query pattern is sent to each specified lookup table before trying
83 the next query pattern, until a match is found.
84
85 user@domain address, address, ...
86 Redirect mail for user@domain to address. This form has the
87 highest precedence.
88
89 user address, address, ...
90 Redirect mail for user@site to address when site is equal to
91 $myorigin, when site is listed in $mydestination, or when it is
92 listed in $inet_interfaces or $proxy_interfaces.
93
94 This functionality overlaps with the functionality of the local
95 aliases(5) database. The difference is that virtual(5) mapping
96 can be applied to non-local addresses.
97
98 @domain address, address, ...
99 Redirect mail for other users in domain to address. This form
100 has the lowest precedence.
101
102 Note: @domain is a wild-card. With this form, the Postfix SMTP
103 server accepts mail for any recipient in domain, regardless of
104 whether that recipient exists. This may turn your mail system
105 into a backscatter source: Postfix first accepts mail for
106 non-existent recipients and then tries to return that mail as
107 "undeliverable" to the often forged sender address.
108
109 To avoid backscatter with mail for a wild-card domain, replace
110 the wild-card mapping with explicit 1:1 mappings, or add a re‐
111 ject_unverified_recipient restriction for that domain:
112
113 smtpd_recipient_restrictions =
114 ...
115 reject_unauth_destination
116 check_recipient_access
117 inline:{example.com=reject_unverified_recipient}
118 unverified_recipient_reject_code = 550
119
120 In the above example, Postfix may contact a remote server if the
121 recipient is aliased to a remote address.
122
124 The lookup result is subject to address rewriting:
125
126 • When the result has the form @otherdomain, the result becomes
127 the same user in otherdomain. This works only for the first ad‐
128 dress in a multi-address lookup result.
129
130 • When "append_at_myorigin=yes", append "@$myorigin" to addresses
131 without "@domain".
132
133 • When "append_dot_mydomain=yes", append ".$mydomain" to addresses
134 without ".domain".
135
137 When a mail address localpart contains the optional recipient delimiter
138 (e.g., user+foo@domain), the lookup order becomes: user+foo@domain,
139 user@domain, user+foo, user, and @domain.
140
141 The propagate_unmatched_extensions parameter controls whether an un‐
142 matched address extension (+foo) is propagated to the result of a table
143 lookup.
144
146 Besides virtual aliases, the virtual alias table can also be used to
147 implement virtual alias domains. With a virtual alias domain, all re‐
148 cipient addresses are aliased to addresses in other domains.
149
150 Virtual alias domains are not to be confused with the virtual mailbox
151 domains that are implemented with the Postfix virtual(8) mail delivery
152 agent. With virtual mailbox domains, each recipient address can have
153 its own mailbox.
154
155 With a virtual alias domain, the virtual domain has its own user name
156 space. Local (i.e. non-virtual) usernames are not visible in a virtual
157 alias domain. In particular, local aliases(5) and local mailing lists
158 are not visible as localname@virtual-alias.domain.
159
160 Support for a virtual alias domain looks like:
161
162 /etc/postfix/main.cf:
163 virtual_alias_maps = hash:/etc/postfix/virtual
164
165 Note: some systems use dbm databases instead of hash. See the output
166 from "postconf -m" for available database types.
167
168 /etc/postfix/virtual:
169 virtual-alias.domain anything (right-hand content does not matter)
170 postmaster@virtual-alias.domain postmaster
171 user1@virtual-alias.domain address1
172 user2@virtual-alias.domain address2, address3
173
174 The virtual-alias.domain anything entry is required for a virtual alias
175 domain. Without this entry, mail is rejected with "relay access de‐
176 nied", or bounces with "mail loops back to myself".
177
178 Do not specify virtual alias domain names in the main.cf mydestination
179 or relay_domains configuration parameters.
180
181 With a virtual alias domain, the Postfix SMTP server accepts mail for
182 known-user@virtual-alias.domain, and rejects mail for unknown-user@vir‐
183 tual-alias.domain as undeliverable.
184
185 Instead of specifying the virtual alias domain name via the vir‐
186 tual_alias_maps table, you may also specify it via the main.cf vir‐
187 tual_alias_domains configuration parameter. This latter parameter uses
188 the same syntax as the main.cf mydestination configuration parameter.
189
191 This section describes how the table lookups change when the table is
192 given in the form of regular expressions. For a description of regular
193 expression lookup table syntax, see regexp_table(5) or pcre_table(5).
194
195 Each pattern is a regular expression that is applied to the entire ad‐
196 dress being looked up. Thus, user@domain mail addresses are not broken
197 up into their user and @domain constituent parts, nor is user+foo bro‐
198 ken up into user and foo.
199
200 Patterns are applied in the order as specified in the table, until a
201 pattern is found that matches the search string.
202
203 Results are the same as with indexed file lookups, with the additional
204 feature that parenthesized substrings from the pattern can be interpo‐
205 lated as $1, $2 and so on.
206
208 This section describes how the table lookups change when lookups are
209 directed to a TCP-based server. For a description of the TCP
210 client/server lookup protocol, see tcp_table(5). This feature is
211 available in Postfix 2.5 and later.
212
213 Each lookup operation uses the entire address once. Thus, user@domain
214 mail addresses are not broken up into their user and @domain con‐
215 stituent parts, nor is user+foo broken up into user and foo.
216
217 Results are the same as with indexed file lookups.
218
220 The table format does not understand quoting conventions.
221
223 The following main.cf parameters are especially relevant to this topic.
224 See the Postfix main.cf file for syntax details and for default values.
225 Use the "postfix reload" command after a configuration change.
226
227 virtual_alias_maps ($virtual_maps)
228 Optional lookup tables that alias specific mail addresses or do‐
229 mains to other local or remote addresses.
230
231 virtual_alias_domains ($virtual_alias_maps)
232 Postfix is the final destination for the specified list of vir‐
233 tual alias domains, that is, domains for which all addresses are
234 aliased to addresses in other local or remote domains.
235
236 propagate_unmatched_extensions (canonical, virtual)
237 What address lookup tables copy an address extension from the
238 lookup key to the lookup result.
239
240 Other parameters of interest:
241
242 inet_interfaces (all)
243 The network interface addresses that this mail system receives
244 mail on.
245
246 mydestination ($myhostname, localhost.$mydomain, localhost)
247 The list of domains that are delivered via the $local_transport
248 mail delivery transport.
249
250 myorigin ($myhostname)
251 The domain name that locally-posted mail appears to come from,
252 and that locally posted mail is delivered to.
253
254 owner_request_special (yes)
255 Enable special treatment for owner-listname entries in the
256 aliases(5) file, and don't split owner-listname and listname-re‐
257 quest address localparts when the recipient_delimiter is set to
258 "-".
259
260 proxy_interfaces (empty)
261 The network interface addresses that this mail system receives
262 mail on by way of a proxy or network address translation unit.
263
265 cleanup(8), canonicalize and enqueue mail
266 postmap(1), Postfix lookup table manager
267 postconf(5), configuration parameters
268 canonical(5), canonical address mapping
269
271 Use "postconf readme_directory" or "postconf html_directory" to locate
272 this information.
273 ADDRESS_REWRITING_README, address rewriting guide
274 DATABASE_README, Postfix lookup table overview
275 VIRTUAL_README, domain hosting guide
276
278 The Secure Mailer license must be distributed with this software.
279
281 Wietse Venema
282 IBM T.J. Watson Research
283 P.O. Box 704
284 Yorktown Heights, NY 10598, USA
285
286 Wietse Venema
287 Google, Inc.
288 111 8th Avenue
289 New York, NY 10011, USA
290
291
292
293 VIRTUAL(5)