Alias causing 'User unknown in virtual mailbox table' error

jeffshead · October 14, 2023, 3:17am

I’ll do my best to keep this as short and concise as possible. I have two separate, external email servers. One server handles email for example.net and the other is a MIAB instance and it handles email for example.com.

I have a couple of Dell servers that have iDrac 7. In the iDrac settings, I have specified my external MIAB server as the SMTP server for iDrac to use for sending alerts. Unfortunately, iDrac 7 will only use the domain name of the Dell server as the sender (from address). That domain name differs from my MIAB domain so I had to add an alias to MIAB so that the iDrac alert emails are not rejected.

For example, my Dell server’s from email address is: idrac-1@corp.example.net Due to iDarc 7 limitations, this from email address cannot be changed to match the domain of my MIAB server which is: example.com. In the iDrac settings, I use my noreply@example.com user account and it’s password to send the emails.

So in MIAB, I have idrac-1@corp.example.net set as an alias for noreply@example.com which forwards the alerts to me@example.com. I encountered this same type of limitation on some different Linux servers that also use my MIAB server to send email. For those servers, I had to set up an additional alias. So I have the following aliases specified in MIAB:

idrac-1@corp.example.net set as an alias for noreply@example.com
root@example.net set as an alias for cloud@example.com

This all works but doing it this way creates another problem.

Now when I use any MIAB example.com user email account to send an email to any remote example.net account, I get the following error:

Your message did not reach some or all of the intended recipients.

      Subject:	test
      Sent:	10/13/2023 10:40 PM

The following recipient(s) cannot be reached:

      'John Doe' on 10/13/2023 10:40 PM
            Server error: '550 5.1.1 <me@example.net>: Recipient address rejected: User unknown in virtual mailbox table'

So it seems just adding those aliases to MIAB causes MIAB to not consider example.net a remote domain. At least that’s what it looks like to me.

On MIAB, I have tried setting the correct, custom A records and an MX record for example.net but that did not seem to make any difference.

Can someone help me sort this out, please?

jeffshead · October 14, 2023, 1:56pm

I also tried adding transport_maps (instructions) with and without custom DNS pointing to the external mail server example.net. It did not seem to make any difference.

KiekerJan · October 14, 2023, 2:01pm

Ok, I might be wrong here, but this is what I think is happening:
If you add an alias e.g. idrac-1@corp.example.net, MIAB will assume it should be the mailserver for handling all mail to example.net. Because MIAB is the only machine on the internet that thinks that (I think), your hack of setting a .net address as an alias for a .com address works. (I consider this a hack, as MIAB is not meant to be the email server for the .net domain)
However, if you then want to send email to a .net mailbox that is not known to MiaB (meaning you didn’t set an alias for it, so MIAB doesn’t recognize it) from the MIAB box (that is, a .com address), MIAB will rightfully complain that there is no recipient on that address. It only knows the aliases you set on the .net domain, and it will not try the real .net mail server, because the MIAB box thinks it is.

jeffshead · October 14, 2023, 2:56pm

Thanks for responding! I concur.

So what’s the workaround since I can’t change the domain name on the Dell server? Do I have to add the example.net and corp.example.net domains to the MIAB server? If so, what changes would I need to make to the DNS records on MIAB. Would I also need to modify the current, external DNS records for example.net and it’s mail server which are being hosted elsewhere?

KiekerJan · October 14, 2023, 3:41pm

So, why don’t you use the .net SMTP server?

jeffshead · October 14, 2023, 9:31pm

It’s hosted on the internal Dell server. If the Dell server goes down, I can still get the iDrac alerts from the MIAB server since it is in the cloud.

stylnchris · October 15, 2023, 12:31am

@jeffshead

So I’m not sure I would be adding any kind of alias at all.

Do you run your internal MIAB behind a Router? Having an internal IP address and External IP?

Edit your /etc/postfix/main.cf

vim /etc/postfix/main.cf

locate:  mynetworks = 

Before the 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
put in your interal IP address scheme.

So something like this: 

mynetworks = 192.168.1.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

Note Spacing here is very imporaint and putting the ip scheme in the begininning of the 127.0.0.0/8 is too.

Once you’ve added this then just do a

service postfix restart

Now point your iDrac at your internal IP address of your mail server (port 25)
Use whatever email address you want it really doesnt matter. Your MIAB server basically becomes an open mail relay for anything on your private network.

If you are not sure of yourself its always a good idea to back up the /etc/postfix/main.cf file before you start.

jeffshead · October 15, 2023, 3:01am

Thank you for the great info. My previous post may have muddied the waters, so to speak. My MIAB (example.com) instance is hosted externally, not locally. I use the external MIAB server mainly for alert emails. I chose it instead of my local, internal email server (example.net) because I would still be able to receive alerts from iDrac and from other external servers if the physical server hosting my internal email server went down.

caylakpenguen · October 15, 2023, 12:46pm

Create the domain name server.example.net for miab. The problem will be solved.

stylnchris · October 15, 2023, 1:08pm

I think your missing it.

You can also do this with your external mail server.

mynetworks = PUBLICIPOFYOURHOUSE/32 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

Point at the external mail server. (no authenticaiton required.

jeffshead · October 15, 2023, 3:00pm

In an effort to keep this thread easy to understand, I originally only listed two example domains. I actually have about a dozen different domains (internal and external) that use the external MIAB email server for sending alerts. Most of them are subdomains of example.net.

So I took your advise and deleted all aliases on the external MIAB email server. I reconfigured postfix on all of my other servers so that they all now use an email address of the following format which includes the subdomain: user@sub.example.net. Prior to making this change, the only email addresses that had a subdomain in them were the uneditable ones in iDrac.

On the external MIAB email server, I created a new domain for each of my other servers by adding a new user account for each one. Now any account on the MIAB server can send emails to any account on my other email server (e.g. user@example.net).

Thanks everyone for your help. This helped me better understand configs and email routing. I still don’t understand why MIAB considers the domain of any and all aliases to be an internal domain even when it isn’t. It would be nice if there was a check box to toggle email routing to remote or local exchanger, per domain, so MIAB knows where to route email. This option exists in web panels such as cPanel and CWP Control.