I'm running Postfix 2.1.7 on Debian Squeeze.
I've setup a redirection based on a sender using sender restrictions.
/etc/postfix/sender_access:
domaintoredirect.com REDIRECT [email protected]
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient, check_recipient_access hash:/etc/postfix/access, check_recipient_access hash:/etc/postfix/access_lindalane
permit_mynetworks, reject_unauth_destination,
reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access,
reject_non_fqdn_hostname, reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/helo_access,
reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit
virtual_alias_domains = hash:/etc/postfix/virtual_domains
virtual_alias_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/regexp_virtual
[email protected] is a virtual user on this server, defined in /etc/postfix/virtual:
[email protected] user
So, I send an email to the server from [email protected] (to [email protected]), and an undeliverable report gets returned to [email protected]:
<[email protected]> (expanded from <[email protected]>): User unknown in virtual alias table
Sending directly to [email protected] works perfectly.
If I change the redirected destination an email address NOT hosted on this server, it also works fine.
Is something occurring during the redirect process if the destination is on the same host that prevents the destination address from being checked against the virtual aliases?
Here's the full postconf -n if needed:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
inet_interfaces = all
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
message_size_limit = 20480000
mydestination = internet.example.com, localhost.example.com, , localhost
myhostname = internet.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains =
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient, check_recipient_access hash:/etc/postfix/access, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_hostname, reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/helo_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit
smtpd_sasl_auth_enable = no
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/example.com.2014.chain
smtpd_tls_key_file = /etc/ssl/private/example.com.key.insecure.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_domains = hash:/etc/postfix/virtual_domains
virtual_alias_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/regexp_virtual
In your
smtpd_recipient_restrictionsyou listpermit_mynetworksbeforecheck_sender_access, as restrictions which returnOKshort circuit the other checks, meaning that the redirect will never be evaluated for your internal clients.