I was running a system on a previous server, did a backup and a restore to a new server, but now the virtual users in postfix cannot be found. If I switch on Domains to perform virtual mapping for, then add the domain names, System Settings → Re-Check Configuration complains that it should not be switched on. I have also noticed the user@domain in the virtual file is transformed to user\@domain, escaping the @ symbol no doubt.

Is it set to look in the virtual table?

image517×154 7.52 KB

The next step is to see what the logs are saying.

I’m using the old log system so you might have to play with the filter to get the output you are looking for.

image1298×564 45.7 KB

image1126×609 93.6 KB

We need to see the log entries. We also need to see the exact errors from Re-Check Configuration and the exact option you were trying to change that led to an error, because you need virtual mapping, so I don’t know what you changed that Virtualmin disagreed with (and the right thing is enabled by default when you install Virtualmin, so you shouldn’t need to change anything in that regard).

But, this sounds like one of the following common problems:

1. Your server hostname is the same as one of your domains in Virtualmin, so you’re trying to virtually host mail for the same name as the actual system users, which doesn’t make sense. Postfix then tries to deliver to user@domain.tld@domain.tld. Don’t name your server the same name as something you’ll be hosting virtually in Virtualmin. Name it literally anything else. (e.g. main.domain.tld is fine, srv.domain.tld is fine, domain.tld is not; some completely unrelated name is also fine).
2. You modified mydomain, mydestination, myhostname, or myorigin to be some name hosted Virtualmin in Virtualmin. Don’t do that. It’s kinda like doing the above (though each has different implications, you almost always want to leave these alone).

HI, Yes the Map specifications is set to hash:/etc/postfix/virtual this has had postmap virtual to create the .db file, postfix reload. Normally that would be enough, but when a mail is sent in to the user, the system cannot find the user in the virtual domain. I have had various attempts where the system would look for user or user@domain or the worst “user@domain”@host.domain, but I am back to user@domain Re-Check Configuration shows no errors and Validation Virtual Server, shows All good!

How do you know this? Can you show us the relevant log entries?

Hi Joe, sure:

2025-03-25T16:21:06.344689+00:00 server.mydomain.com milter-greylist: smfi_getsymval failed for {i}
2025-03-25T16:21:06.344862+00:00 server.mydomain.com milter-greylist: (unknown id): Sender IP [SENDER_IP] and address support@senderdomain.com are SPF-compliant, bypassing greylist
2025-03-25T16:21:06.352720+00:00 server.mydomain.com postfix/smtpd[46782]: 560D3C2CDC: client=mail.senderdomain.com[SENDER_IP]
2025-03-25T16:21:06.354387+00:00 server.mydomain.com postfix/cleanup[46787]: 560D3C2CDC: message-id=some-message-id@senderdomain.com
2025-03-25T16:21:06.356071+00:00 server.mydomain.com postfix/smtpd[46782]: disconnect from mail.senderdomain.com[SENDER_IP] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
2025-03-25T16:21:06.356314+00:00 server.mydomain.com postfix/qmgr[46779]: 560D3C2CDC: from=support@senderdomain.com, size=1014, nrcpt=1 (queue active)
2025-03-25T16:21:06.371136+00:00 server.mydomain.com postfix/error[46788]: 560D3C2CDC: to=user@mydomain.com, relay=none, delay=0.08, delays=0.07/0.01/0/0.01, dsn=5.1.1, status=bounced (User unknown in virtual alias table)
2025-03-25T16:21:06.371596+00:00 server.mydomain.com postfix/cleanup[46787]: 5A9AEC3609: message-id=20250325162106.5A9AEC3609@server.mydomain.com
2025-03-25T16:21:06.372581+00:00 server.mydomain.com postfix/bounce[46789]: 560D3C2CDC: sender non-delivery notification: 5A9AEC3609
2025-03-25T16:21:06.372659+00:00 server.mydomain.com postfix/qmgr[46779]: 5A9AEC3609: from=<>, size=3109, nrcpt=1 (queue active)
2025-03-25T16:21:06.372708+00:00 server.mydomain.com postfix/qmgr[46779]: 560D3C2CDC: removed
2025-03-25T16:21:10.366161+00:00 server.mydomain.com postfix/smtp[46790]: 5A9AEC3609: to=support@senderdomain.com, relay=senderdomain.com[SENDER_IP]:25, delay=4, delays=0/0.01/0.02/4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 576F240208)
2025-03-25T16:21:10.366504+00:00 server.mydomain.com postfix/qmgr[46779]: 5A9AEC3609: removed

OK, so, is that user in the virtual table? Note that if you made the user(s) when the system was named the same as a domain being virtually hosted, they will be configured incorrectly.

Yes the user is in the virtual table:-

user@mydomain.uk user\@mydomain.uk
mydomain@mydomain.uk mydomain
hostmaster@mydomain.uk mydomain

You’ve used three different TLDs in your anonymized form of these addresses (.com, co.uk and .uk). I have no idea what you’re showing me and no way to know if any of it is behaving as expected.

Sorry I have switched off the .co.uk site, so above reflects what is left.

Here is the main.cf, maybe I have created a problem within this:-

General configuration for Postfix

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

appending .domain is the MUA’s job.

append_dot_mydomain = no

Readme and compatibility

readme_directory = no
compatibility_level = 3.6

TLS parameters using custom Postfix certificates

smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_security_level = may

Enable encryption for SMTP

smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Set domain and hostname for mydomain

mydomain = mydomain
myhostname = server.mydomain
#myorigin = /etc/mailname

Ensure no conflicts in virtual domains

mydestination = $myhostname, localhost.$mydomain, localhost

Relay settings

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

Network settings

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
inet_interfaces = all
inet_protocols = all

Mailbox setup

mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +

DNS settings

smtp_dns_support_level = disabled
smtp_host_lookup = dns

Security settings (TLS)

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tls_server_sni_maps = hash:/etc/postfix/sni_map

Virtual alias and mailbox maps

virtual_alias_maps = hash:/etc/postfix/virtual
home_mailbox = Maildir/

SASL authentication

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_rbl_client b.barracudacentral.org
reject_rbl_client dsn.rfc-ignorant.org
reject_rbl_client list.dsbl.org
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client combined.rbl.msrbl.net
reject_rbl_client rabl.nuclearelephant.com
reject_unknown_recipient_domain
reject_unknown_reverse_client_hostname

SASL settings

broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Enable TLS (recommended)

smtpd_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes

Greylisting with milter

milter_default_action = accept
smtpd_milters = local:/var/run/milter-greylist/milter-greylist.sock
non_smtpd_milters = local:/var/run/milter-greylist/milter-greylist.sock

Define the alias and virtual users

Ensure that this matches your virtual alias settings in /etc/postfix/virtual

Example virtual alias mapping

Use postmap /etc/postfix/virtual to generate the hash file

smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_dependent_default_transport_maps

This is almost certainly where things have gone wrong. Once again, your anonymization that leaves me guessing what I’m looking at (mydomain = mydomain?) has me unsure. But, if you’ve modified these, you’ve almost certainly confused Postfix about how it’s supposed to deliver locally to and how. 99.9% of users should leave mydomain, myhostname, mydestination, and myorigin alone.

Hi Joe, thanks for the response.
OK, if i have changed these, what would have been their default values or should I just spin up a virtual machine and install it and see?

Hi Joe,

I did try running this in a vm and it worked, so I rebuilt the online server and just restoring everything in the same way as on the vm and it doesn’t work! I know I haven’t touched any of the files, manually.

Just an update, it is all working now!!! Yeah, thanks for your help.

On my Rocky 9 they commented out, does anyone else work on your system?
Best for you to post how you fixed issue.
People use forums to search to find a solution to a problem before the need to create a new topic.

image656×327 30.9 KB

Hi stefan1959,

Thanks for the info, I have actually rebuilt the server, which is now working.
The line for mydestination = $myhostname, virtual.domain.ltd, localhost.domain.ltd, localhost

I have this in my config FYI, I’d be worried on using virtual.domain.ltd in global if your using more then one virtual server. (you do mean virtual.domain.ltd = FQDN)

image648×164 18.6 KB