virtual - Postfix virtual alias table format
postmap -q "string" /etc/postfix/virtual
postmap -q - /etc/postfix/virtual <inputfile
The optional virtual
(5) alias table rewrites recipient addresses for all
local, all virtual, and all remote mail destinations. This is unlike the
(5) table which is used only for local
Virtual aliasing is recursive, and is implemented by the Postfix
(8) daemon before mail is queued.
The main applications of virtual aliasing are:
- To redirect mail for one address to one or more
- To implement virtual alias domains where all addresses are
aliased to addresses in other domains.
Virtual alias domains are not to be confused with the virtual mailbox
domains that are implemented with the Postfix virtual(8) mail
delivery agent. With virtual mailbox domains, each recipient address can
have its own mailbox.
Virtual aliasing is applied only to recipient envelope addresses, and does not
affect message headers. Use canonical
(5) mapping to rewrite header and
envelope addresses in general.
Normally, the virtual
(5) alias table is specified as a text file that
serves as input to the postmap
(1) command. The result, an indexed file
format, is used for fast searching by the mail
system. Execute the command " postmap /etc/postfix/virtual
to rebuild an indexed file after changing the corresponding text file.
When the table is provided via other means such as NIS, LDAP or SQL, the same
lookups are done as for ordinary indexed files.
Alternatively, the table can be provided as a regular-expression map where
patterns are given as regular expressions, or lookups can be directed to
TCP-based server. In those case, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES" or
The search string is folded to lowercase before database lookup. As of Postfix
2.3, the search string is not case folded with database types such as regexp:
or pcre: whose lookup fields can match both upper and lower case.
The input format for the postmap
(1) command is as follows:
- pattern address, address, ...
- When pattern matches a mail address, replace it by
the corresponding address.
- blank lines and comments
- Empty lines and whitespace-only lines are ignored, as are
lines whose first non-whitespace character is a `#'.
- multi-line text
- A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
With lookups from indexed files such as DB or DBM, or from networked tables such
as NIS, LDAP or SQL, each user
query produces a sequence
of query patterns as described below.
Each query pattern is sent to each specified lookup table before trying the next
query pattern, until a match is found.
- user@domain address, address, ...
- Redirect mail for user@domain to
address. This form has the highest precedence.
- user address, address, ...
- Redirect mail for user@site to address
when site is equal to $myorigin, when site is listed
in $ mydestination, or when it is listed in $inet_interfaces
or $ proxy_interfaces.
This functionality overlaps with functionality of the local
aliases(5) database. The difference is that virtual(5)
mapping can be applied to non-local addresses.
- @domain address, address, ...
- Redirect mail for other users in domain to
address. This form has the lowest precedence.
Note: @ domain is a wild-card. With this form, the Postfix SMTP
server accepts mail for any recipient in domain, regardless of
whether that recipient exists. This may turn your mail system into a
backscatter source: Postfix first accepts mail for non-existent recipients
and then tries to return that mail as "undeliverable" to the
often forged sender address.
The lookup result is subject to address rewriting:
- When the result has the form @otherdomain, the
result becomes the same user in otherdomain. This works only
for the first address in a multi-address lookup result.
- When "append_at_myorigin=yes", append
" @$myorigin" to addresses without
- When "append_dot_mydomain=yes", append
" .$mydomain" to addresses without
When a mail address localpart contains the optional recipient delimiter (e.g.,
), the lookup order becomes:
, and @ domain
parameter controls whether an
unmatched address extension ( +foo
) is propagated to the result of
Besides virtual aliases, the virtual alias table can also be used to implement
virtual alias domains. With a virtual alias domain, all recipient addresses
are aliased to addresses in other domains.
Virtual alias domains are not to be confused with the virtual mailbox domains
that are implemented with the Postfix virtual
(8) mail delivery agent.
With virtual mailbox domains, each recipient address can have its own mailbox.
With a virtual alias domain, the virtual domain has its own user name space.
Local (i.e. non-virtual) usernames are not visible in a virtual alias domain.
In particular, local aliases
(5) and local mailing lists are not visible
Support for a virtual alias domain looks like:
virtual_alias_maps = hash:/etc/postfix/virtual
Note: some systems use dbm
databases instead of hash
. See the
output from " postconf -m
" for available database types.
virtual-alias.domain anything (right-hand content does not matter)
email@example.com address2, address3
The virtual-alias.domain anything
entry is required for a virtual alias
domain. Without this entry, mail is rejected with "relay access
denied", or bounces with "mail loops back to
Do not specify virtual alias domain names in the main.cf
With a virtual alias domain, the Postfix SMTP server accepts mail for
, and rejects mail for
Instead of specifying the virtual alias domain name via the
table, you may also specify it via the main.cf
configuration parameter. This latter parameter uses
the same syntax as the main.cf mydestination
This section describes how the table lookups change when the table is given in
the form of regular expressions. For a description of regular expression
lookup table syntax, see regexp_table
(5) or pcre_table
Each pattern is a regular expression that is applied to the entire address being
looked up. Thus, user@domain
mail addresses are not broken up into
constituent parts, nor is user+foo
broken up into user
Patterns are applied in the order as specified in the table, until a pattern is
found that matches the search string.
Results are the same as with indexed file lookups, with the additional feature
that parenthesized substrings from the pattern can be interpolated as
and so on.
This section describes how the table lookups change when lookups are directed to
a TCP-based server. For a description of the TCP client/server lookup
protocol, see tcp_table
(5). This feature is not available up to and
including Postfix version 2.4.
Each lookup operation uses the entire address once. Thus, user@domain
mail addresses are not broken up into their user
constituent parts, nor is user+foo
broken up into user
Results are the same as with indexed file lookups.
The table format does not understand quoting conventions.
The following main.cf
parameters are especially relevant to this topic.
See the Postfix main.cf
file for syntax details and for default values.
Use the " postfix reload
" command after a configuration
- List of virtual aliasing tables.
- List of virtual alias domains. This uses the same syntax as
the mydestination parameter.
- A list of address rewriting or forwarding mechanisms that
propagate an address extension from the original address to the result.
Specify zero or more of canonical, virtual, alias,
forward, include, or generic.
Other parameters of interest:
- The network interface addresses that this system receives
mail on. You need to stop and start Postfix when this parameter
- List of domains that this mail system considers local.
- The domain that is appended to any address that does not
have a domain.
- Give special treatment to owner-xxx and
xxx -request addresses.
- Other interfaces that this machine receives mail on by way
of a proxy agent or network address translator.
cleanup(8), canonicalize and enqueue mail
postmap(1), Postfix lookup table manager
postconf(5), configuration parameters
canonical(5), canonical address mapping
Use " postconf readme_directory
" or " postconf
" to locate this information.
ADDRESS_REWRITING_README, address rewriting guide
DATABASE_README, Postfix lookup table overview
VIRTUAL_README, domain hosting guide
The Secure Mailer license must be distributed with this software.
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
111 8th Avenue
New York, NY 10011, USA