VIRTUAL(5) File Formats Manual VIRTUAL(5)
NAME
virtual - Postfix virtual alias table format
SYNOPSIS
postmap /etc/postfix/virtual
postmap -q "string" /etc/postfix/virtual
postmap -q - /etc/postfix/virtual <inputfile
DESCRIPTION
The optional virtual(5) alias table (virtual_alias_maps) applies to all
recipients: local(8), virtual, and remote. This feature is implemented
in the Postfix cleanup(8) daemon before mail is queued. These tables
are often queried with a full email address (including domain).
This is unlike the aliases(5) table (alias_maps) which applies only to
local(8) recipients. That table is only queried with the email address
localpart (no domain).
Virtual aliasing is recursive; to terminate recursion for a specific
address, alias that address to itself.
The main applications of virtual aliasing are:
• To redirect mail for one address to one or more addresses.
• To implement virtual alias domains where all addresses are
aliased to addresses in other domains.
Virtual alias domains are not to be confused with the virtual
mailbox domains that are implemented with the Postfix virtual(8)
mail delivery agent. With virtual mailbox domains, each recipi‐
ent address can have its own mailbox.
Virtual aliasing is applied only to recipient envelope addresses, and
does not affect message headers. Use canonical(5) mapping to rewrite
header and envelope addresses in general.
Normally, the virtual(5) alias table is specified as a text file that
serves as input to the postmap(1) command to create an indexed file for
fast lookup.
Execute the command "postmap /etc/postfix/virtual" to rebuild a de‐
fault-type indexed file after changing the text file, or execute
"postmap type:/etc/postfix/virtual" to specify an explicit type.
The default indexed file type is configured with the default_data‐
base_type parameter. Depending on the platform this may be one of
lmdb:, cdb:, hash:, or dbm: (without the trailing ':').
When the table is provided via other means such as NIS, LDAP or SQL,
the same lookups are done as for ordinary indexed files. Managing such
databases is outside the scope of Postfix.
Alternatively, the table can be provided as a regular-expression map
where patterns are given as regular expressions, or lookups can be di‐
rected to a TCP-based server. In those case, the lookups are done in a
slightly different way as described below under "REGULAR EXPRESSION TA‐
BLES" or "TCP-BASED TABLES".
CASE FOLDING
The search string is folded to lowercase before database lookup. As of
Postfix 2.3, the search string is not case folded with database types
such as regexp: or pcre: whose lookup fields can match both upper and
lower case.
TABLE FORMAT
The input format for the postmap(1) command is as follows:
pattern address, address, ...
When pattern matches a mail address, replace it by the corre‐
sponding address.
blank lines and comments
Empty lines and whitespace-only lines are ignored, as are lines
whose first non-whitespace character is a `#'.
multi-line text
A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
TABLE SEARCH ORDER
With lookups from indexed files such as DB or DBM, or from networked
tables such as NIS, LDAP or SQL, each user@domain query produces a se‐
quence of query patterns as described below.
Each query pattern is sent to each specified lookup table before trying
the next query pattern, until a match is found.
user@domain address, address, ...
Redirect mail for user@domain to address. This form has the
highest precedence.
user address, address, ...
Redirect mail for user@site to address when site is equal to
$myorigin, when site is listed in $mydestination, or when it is
listed in $inet_interfaces or $proxy_interfaces.
This functionality overlaps with the functionality of the local
aliases(5) database. The difference is that virtual(5) mapping
can be applied to non-local addresses.
@domain address, address, ...
Redirect mail for other users in domain to address. This form
has the lowest precedence.
Note: @domain is a wild-card. With this form, the Postfix SMTP
server accepts mail for any recipient in domain, regardless of
whether that recipient exists. This may turn your mail system
into a backscatter source: Postfix first accepts mail for
non-existent recipients and then tries to return that mail as
"undeliverable" to the often forged sender address.
To avoid backscatter with mail for a wild-card domain, replace
the wild-card mapping with explicit 1:1 mappings, or add a re‐
ject_unverified_recipient restriction for that domain:
smtpd_recipient_restrictions =
...
reject_unauth_destination
check_recipient_access
inline:{example.com=reject_unverified_recipient}
unverified_recipient_reject_code = 550
In the above example, Postfix may contact a remote server if the
recipient is aliased to a remote address.
RESULT ADDRESS REWRITING
The lookup result is subject to address rewriting:
• When the result has the form @otherdomain, the result becomes
the same user in otherdomain. This works only for the first ad‐
dress in a multi-address lookup result.
• When "append_at_myorigin=yes", append "@$myorigin" to addresses
without "@domain".
• When "append_dot_mydomain=yes", append ".$mydomain" to addresses
without ".domain".
ADDRESS EXTENSION
When a mail address localpart contains the optional recipient delimiter
(e.g., user+foo@domain), the lookup order becomes: user+foo@domain,
user@domain, user+foo, user, and @domain.
The propagate_unmatched_extensions parameter controls whether an un‐
matched address extension (+foo) is propagated to the result of a table
lookup.
VIRTUAL ALIAS DOMAINS
Besides virtual aliases, the virtual alias table can also be used to
implement virtual alias domains. With a virtual alias domain, all re‐
cipient addresses are aliased to addresses in other domains.
Virtual alias domains are not to be confused with the virtual mailbox
domains that are implemented with the Postfix virtual(8) mail delivery
agent. With virtual mailbox domains, each recipient address can have
its own mailbox.
With a virtual alias domain, the virtual domain has its own user name
space. Local (i.e. non-virtual) usernames are not visible in a virtual
alias domain. In particular, local aliases(5) and local mailing lists
are not visible as localname@virtual-alias.domain.
Support for a virtual alias domain looks like:
/etc/postfix/main.cf:
virtual_alias_maps = hash:/etc/postfix/virtual
Note: some systems use dbm databases instead of hash. See the output
from "postconf -m" for available database types.
/etc/postfix/virtual:
virtual-alias.domain anything (right-hand content does not matter)
postmaster@virtual-alias.domain postmaster
user1@virtual-alias.domain address1
user2@virtual-alias.domain address2, address3
The virtual-alias.domain anything entry is required for a virtual alias
domain. Without this entry, mail is rejected with "relay access de‐
nied", or bounces with "mail loops back to myself".
Do not specify virtual alias domain names in the main.cf mydestination
or relay_domains configuration parameters.
With a virtual alias domain, the Postfix SMTP server accepts mail for
known-user@virtual-alias.domain, and rejects mail for unknown-user@vir‐
tual-alias.domain as undeliverable.
Instead of specifying the virtual alias domain name via the vir‐
tual_alias_maps table, you may also specify it via the main.cf vir‐
tual_alias_domains configuration parameter. This latter parameter uses
the same syntax as the main.cf mydestination configuration parameter.
REGULAR EXPRESSION TABLES
This section describes how the table lookups change when the table is
given in the form of regular expressions. For a description of regular
expression lookup table syntax, see regexp_table(5) or pcre_table(5).
Each pattern is a regular expression that is applied to the entire ad‐
dress being looked up. Thus, user@domain mail addresses are not broken
up into their user and @domain constituent parts, nor is user+foo bro‐
ken up into user and foo.
Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string.
Results are the same as with indexed file lookups, with the additional
feature that parenthesized substrings from the pattern can be interpo‐
lated as $1, $2 and so on.
TCP-BASED TABLES
This section describes how the table lookups change when lookups are
directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see tcp_table(5). This feature is
available in Postfix 2.5 and later.
Each lookup operation uses the entire address once. Thus, user@domain
mail addresses are not broken up into their user and @domain con‐
stituent parts, nor is user+foo broken up into user and foo.
Results are the same as with indexed file lookups.
BUGS
The table format does not understand quoting conventions.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant to this topic.
See the Postfix main.cf file for syntax details and for default values.
Use the "postfix reload" command after a configuration change.
virtual_alias_maps ($virtual_maps)
Optional lookup tables that are often searched with a full email
address (including domain) and that apply to all recipients: lo‐
cal(8), virtual, and remote; this is unlike alias_maps that are
only searched with an email address localpart (no domain) and
that apply only to local(8) recipients.
virtual_alias_domains ($virtual_alias_maps)
Postfix is the final destination for the specified list of vir‐
tual alias domains, that is, domains for which all addresses are
aliased to addresses in other local or remote domains.
propagate_unmatched_extensions (canonical, virtual)
What address lookup tables copy an address extension from the
lookup key to the lookup result.
Other parameters of interest:
inet_interfaces (all)
The local network interface addresses that this mail system re‐
ceives mail on.
mydestination ($myhostname, localhost.$mydomain, localhost)
The list of domains that are delivered via the $local_transport
mail delivery transport.
myorigin ($myhostname)
The domain name that locally-posted mail appears to come from,
and that locally posted mail is delivered to.
owner_request_special (yes)
Enable special treatment for owner-listname entries in the
aliases(5) file, and don't split owner-listname and listname-re‐
quest address localparts when the recipient_delimiter is set to
"-".
proxy_interfaces (empty)
The remote network interface addresses that this mail system re‐
ceives mail on by way of a proxy or network address translation
unit.
SEE ALSO
cleanup(8), canonicalize and enqueue mail
postmap(1), Postfix lookup table manager
postconf(5), configuration parameters
canonical(5), canonical address mapping
README FILES
ADDRESS_REWRITING_README, address rewriting guide
DATABASE_README, Postfix lookup table overview
VIRTUAL_README, domain hosting guide
LICENSE
The Secure Mailer license must be distributed with this software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
VIRTUAL(5)