Creating a postfix alias "[email protected]" to send to all users of a domain
I'm using Postfix + Dovecot with a MySQL database as backend and PostfixAdmin to administrate users and domains. Now I'm looking for an easy and automated approach to define per-domain alias of the pattern [email protected]
with will resolve to all users of the given domain. I want to set this up once, and it shall keep working as expected even if accounts are added or deleted – so creating a file with a list of accounts manually, or using some mailing list are no options.
It should be pretty easy to retrieve all existing users for a given domain from the database:
SELECT username
FROM vmail
WHERE domain='%d';
(with %d
being the placeholder for the domain). But how can I tell postfix to do so for mails directed to [email protected]
, and of course only when such a mail comes from a trusted source (permit_sasl_authenticated
, permit_mynetworks
?)?
I've googled for a few hours now, but all I found were either "catch-alls" (just the opposite from what I want), solutions based on shell-scripts (walking the resp. domain directory), or using mailing-list approaches – none of that fitting my needs.
Solution 1:
You can use virtual_alias_maps
to define alias [email protected]. Here the format used by virtual 5.
pattern address1, address2, address3, ...
So you need to construct query to concat all rows. Taken from this thread: Can I concatenate multiple MySQL rows into one field?, you can use this query.
SELECT GROUP_CONCAT(CASE WHEN active='1' THEN username ELSE NULL END separator ', ')
FROM vmail
WHERE DOMAIN='%d'
AND '%s'='all@%d'
This needs to go to your mysql_virtual_alias_maps.cf
and can be appended to the existing query using UNION
– so the result looks e.g. like this:
query = SELECT goto FROM alias WHERE address='%s' AND active = '1' UNION
SELECT GROUP_CONCAT(CASE WHEN active='1' THEN username ELSE NULL END separator ', ')
FROM vmail
WHERE DOMAIN='%d'
AND '%s'='all@%d'
(might need to be all in one line – formatting here is just applied to make it easier to read).
To allow only permit_mynetworks and permit_sasl_authenticated, put the restriction in following order
smtpd_recipient_restrictions = ....
permit_mynetworks
permit_sasl_authenticated
check_recipient_access regexp:/etc/postfix/restrict.all.alias
reject_unauth_destination
In /etc/postfix/restrict.all.alias, define
/^all@/ REJECT access denied
It will permit email to all@domain when sent from mynetworks or sent by authenticated user, but reject after that.