Rejecting Unknown Local Recipients with PostfixRejecting Unknown Local Recipients with PostfixAs of Postfix version 2.0, the Postfix SMTP server rejects mail for unknown recipients in local domains (domains that match $mydestination or the IP addresses in $inet_interfaces or $proxy_interfaces) with "User unknown in local recipient table". This feature was optional with earlier Postfix versions.
The good news is that this keeps undeliverable mail out of your queue, so that your mail queue is not clogged up with undeliverable MAILER-DAEMON messages.
The bad news is that it may cause mail to be rejected when you upgrade from a Postfix system that was not configured to reject mail for unknown local recipients.
This document describes what steps are needed in order to reject unknown local recipients correctly.
The local_recipient_maps parameter specifies lookup tables with all names or addresses of local recipients. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces. If a local username or address is not listed in $local_recipient_maps, then the Postfix SMTP server will reject the address with "User unknown in local recipient table". Other interfaces such as the Postfix sendmail(1) command may still accept an "unknown" recipient.
The default setting, shown below, assumes that you use the default Postfix local(8) delivery agent for local delivery, where recipients are either UNIX accounts (typically, in /etc/passwd) or local aliases (typically, in /etc/aliases):
/etc/postfix/main.cf:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
To turn off unknown local recipient rejects by the SMTP server, specify:
/etc/postfix/main.cf:
local_recipient_maps =
That is, an empty value. With this setting, the Postfix SMTP server will not reject mail with "User unknown in local recipient table". Don't do this on systems that receive mail directly from the Internet. With today's worms and viruses, Postfix will become a backscatter source: it accepts mail for non-existent recipients and then tries to return that mail as "undeliverable" to the often forged sender address.
Problem: you don't use the default Postfix local(8) delivery agent for domains matching $mydestination, $inet_interfaces, or $proxy_interfaces. For example, you redefined the "local_transport" setting in main.cf.
Solution: your local_recipient_maps setting needs to specify a database that lists all the known user names or addresses for that delivery agent. For example, if you deliver users in $mydestination etc. domains via the virtual(8) delivery agent, specify:
/etc/postfix/main.cf mydestination = $myhostname localhost.$mydomain localhost ... local_transport = virtual local_recipient_maps = $virtual_mailbox_maps
If you don't use the local(8) or virtual(8) delivery agent for $mydestination etc. domains, see the section "Local recipient table format" below for a description of how the table should be populated.
Problem: you use the mailbox_transport or fallback_transport feature of the Postfix local(8) delivery agent in order to deliver mail to non-UNIX recipients.
Solution: you need to add the database that lists the non-UNIX recipients:
/etc/postfix/main.cf local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, <the database with non-UNIX recipients>
See the section "Local recipient table format" below for a description of how the table should be populated.
Problem: you use the luser_relay feature of the Postfix local delivery agent.
Solution: you must disable the local_recipient_maps feature completely, so that the Postfix SMTP server accepts mail for all local addresses:
/etc/postfix/main.cf local_recipient_maps =
If local_recipient_maps specifies local files, such as files in postmap(1) or postalias(1) format, then the Postfix SMTP server generates the following queries:
The full recipient address. This query supports a non-default local_transport setting with a delivery agent such as lmtp(8) or virtual(8). See "Configuring local_recipient_maps in main.cf: for additional guidance for what lookup tables to specify.
The recipient address local-part. This query supports the default local_transport setting with the UNIX-compatible local(8) delivery agent; the Postfix SMTP server makes this query only when the recipient domain matches $mydestination, $inet_interfaces or $proxy_interfaces.
The recipient @domain. This query supports a non-default local_transport setting with a delivery agent such as virtual(8); it is a wildcard for domains that do not have a valid recipient list.
NOTES:
A lookup table should return a non-empty result when the address exists, and should return "not found" when the address does not exist. In particular, a zero-length (empty) result does not count as a "not found" result.
When local_recipient_maps specifies a lookup table based on ldap:, memcache:, mongodb:, mysql:, pgsql:, sqlite:, or other external database, then the Postfix SMTP server queries that lookup table with the same queries as described at the start of this section, and expects the same results.
To suppress lookups for the local-part and the @domain wild-card, specify the domain setting in a Postfix ldap:, memcache:, mongodb:, mysql:, pgsql:, sqlite:, etc., database client configuration file.
When local_recipient_maps specifies a lookup table based on pcre:, regexp:, socketmap: or tcp:, Postfix queries that table only with the full recipient address, and not with the local-part or the @domain wild-card.