How to setup a postfix relay to "tee" email and send to a duplicate

Discussion:

(too old to reply)

Rodney Campbell

2004-04-16 02:00:52 UTC

We have a scenario basically like the following:

Internet <-> Postfix Relay (Outside) <-> Postfix Relay (Inside) (with AV,
etc) <-> Lots of Internal Relays and Destinations

Now we want to deplay some new AV software on the Inside Postfix Relay and
so I've setup a box in parallel with the existing system for testing
purposes. I've set it up with a nulltransport so all mail sent to it
eventually vanishes to /dev/null (after being virus scanned, etc).

The Outside Postfix relay(s) basically have a transport table which lists
a bunch of internal domains with entries to send all mail for that domain
using SMTP to the Inside relay:

our.domain smtp:[internal-relay-name]
...

Now I want to test the new AV/postfix relay by directing real (incoming)
traffic to it (from the outside systems) both as a test of the new
software and also for performance loading reasons.

To do this I'd like to be able to change the postfix config so that for
all mail which was going to be sent to internal-relay-name it also sends a
duplicate copy to my testinternal-relay-name. i.e. it basically "tee"s the
mail to two relays.

Is there some postfix trickery I can configure to do this?

I actually don't mind if ALL email that hits the outside relay (be it
inbound or outbound) is tee'd off to the test relay (even more traffic
sent to it) - it will all be /dev/nulled there anyway so people won't get
duplicate deliveries.

Thanks,
Rodney...

Rodney Campbell |Email : ***@Telstra.com.au
Telstra Corp. Ltd |Snail : Locked Bag 6560, Sydney 2000, Australia.
Telstra Technology | : Level 17, 320 Pitt St, Sydney NSW 2000.
Data & Transport |Phone : +61 2 9396 8512 Fax: +61 2 9396 8527
www.rc.au.net |PGP : 6C 3A 76 83 75 71 24 9D 38 08 52 05 A7 6C 66 76

Wietse Venema

2004-04-16 02:23:28 UTC

Permalink

Post by Rodney Campbell
To do this I'd like to be able to change the postfix config so that for
all mail which was going to be sent to internal-relay-name it also sends a
duplicate copy to my testinternal-relay-name. i.e. it basically "tee"s the
mail to two relays.
Is there some postfix trickery I can configure to do this?

/etc/postfix/main.cf:
virtual_alias_maps = regexp:/etc/postfix/virtual_alias.regexp

/etc/postfix/virtual_alias.regexp:
/^([^ ,]+)$/ $1, $***@testmachine

Or something like that.

Wietse

Wietse Venema

2004-04-19 01:21:37 UTC

Permalink

If you list the domain name in virtual_alias_domains, then
you must list the valid recipients in virtual_alias_maps.

See:

http://www.porcupine.org/postfix-mirror/newdoc/ADDRESS_CLASS_README.html
http://www.porcupine.org/postfix-mirror/newdoc/VIRTUAL_README.html

Wietse

Wietse Venema

2004-04-19 01:23:12 UTC

Permalink

Post by Wietse Venema
If you list the domain name in virtual_alias_domains, then
you must list the valid recipients in virtual_alias_maps.
http://www.porcupine.org/postfix-mirror/newdoc/ADDRESS_CLASS_README.html
http://www.porcupine.org/postfix-mirror/newdoc/VIRTUAL_README.html

In addition, never list TRANSIT destinations in virtual_alias_domains.
virtual_alias_domains is for domains where Postfix is FINAL destination.

Wietse

Wietse Venema

2004-04-19 23:25:34 UTC

Permalink

Thanks but I'm not sure where in my config these domains (e.g. the
todomain in the example message below) are being listed as a virtual alias
domain. I tried a few other things but couldn't seem to get it to work -
got other errors instead :-).

I think I can explain the virtual alias warning. This is because
the user resolves to local_transport, and local_transport is
configured as the error mailer (which happens to be what undefined
virtual alias addresses resolve to).

Sorry for the mistaken analysis, but this could have been prevented
had you included "postconf -n" output in the initial problem report,
as required by the postfix-users welcome message (which makes me
wonder why I spent the past month or so writing Postfix documentation).

In any case, if mail should not be delivered locally, then do not
ask Postfix to deliver mail there.

Wietse

in my main.cf
and this does seem to produce what I want (i.e. a tee'd copy of all mail
sent to the first system appearing on the testmachine as well (where it is
nulltransported)).
Can you see any adverse side effects of me doing it this way?
I am running Postfix Version 2.0.19 on this particular machine but end up
wanting to make this work with a number of systems running Version 2.0.13.
alias_database = dbm:/etc/aliases
alias_maps = dbm:/etc/aliases
bounce_size_limit = 50000
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 10
default_process_limit = 512
disable_vrfy_command = yes
inet_interfaces = $myhostname, localhost
local_destination_concurrency_limit = 2
local_recipient_maps = $alias_maps
local_transport = error:local mail delivery is disabled on this machine
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 10240000
mydomain = telstra.com.au
mynetworks = 202.12.233.0/24, 127.0.0.0/8, 172.29.25.188/32
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/lib/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP
smtpd_etrn_restrictions = permit_mynetworks, reject
transport_maps = dbm:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
Rodney...

I don't have a virtual_alias_domains file (just the virtual_alias_maps
file you suggested in a previous email). Also this host is TRANSIT for
everything - it is the FINAL dest for nothing (no local delivery). Does
this mean I can't use this method?

vvvvvvvvvvvvvvvvvvv
unknown in virtual alias table)
^^^^^^^^^^^^^^^^^^^
means that the domain is listed as a VIRTUAL ALIAS DOMAIN.
Never list a TRANSIT domain as a virtual alias domain.
Virtual alias domains are FINAL destination.
Wietse

Telstra Corp. Ltd |Snail : Locked Bag 6560, Sydney 2000, Australia.
Telstra Technology | : Level 17, 320 Pitt St, Sydney NSW 2000.
Data & Transport |Phone : +61 2 9396 8512 Fax: +61 2 9396 8527
www.rc.au.net |PGP : 6C 3A 76 83 75 71 24 9D 38 08 52 05 A7 6C 66 76

Wietse Venema

2004-04-20 02:44:29 UTC

Permalink

I've been searching for info on disabling local delivery as you suggested and
local_recipient_maps =

No. This disables local recipient LOOKUP.

and to disable the local delivery agent in master.cf (which I already
had).

No. This turns off the DELIVERY PROGRAM, without informing the
queue manager and address resolver.

If you don't want mail to resolve locally then don't resolve any
domain locally.

If you turn off the local delivery agent then you MUST specify
no domains in $mydestination.

Wietse

Wietse Venema

2004-04-20 14:28:49 UTC

Permalink

Umm perhaps you didn't get to read the stuff I put below the postconf -n
output in my previous post (re mydestination settings and question
regarding using always_bcc instead).

Post by Wietse Venema
If you don't want mail to resolve locally then don't resolve any
domain locally.

Yeah - this is the problem - I have no idea how to do that :-)

Specify no domain names in main.cf:mydestination.

Wietse

Wietse Venema

2004-04-20 22:47:59 UTC

Permalink

and I still get the "user unknown in virtual alias table" errors

...

virtual_alias_maps = regexp:/etc/postfix/virtual_alias.regexp

And you have domain names listed there as a virtual
alias domain.

Try:
postmap -q the.domain.name regexp:/etc/postfix/virtual_alias.regexp

postmap -q ***@the.domain.name regexp:/etc/postfix/virtual_alias.regexp

Wietse

Wietse Venema

2004-04-20 23:05:53 UTC

Permalink

And therefore the.domain.name is treated as a virtual alias domain.
To prevent that from happening, specify:

virtual_alias_domains =

It defaults to the virtual alias map because they used to be one
and the same.

Wietse