I'm trying to build a small Postfix/Cyrus server on my Linux workstation to act as a proxy between my e-mail client (Thunderbird) and my company's mail server, but also handle local system e-mails (stuff sent by crontabs for example).
On the Cyrus server I created a mailbox which mimics my company's e-mail address, configured aliases in /etc/aliases to send local e-mails destined to root or postmaster to this address, and thanks to the transport_maps directive, which has precedence over everything else, instructed Postfix to deliver e-mails destined to this e-mail address directly to Cyrus' lmtp socket. This part works perfectly fine: all local mail destined to those users present in /etc/aliases is delivered to my local Cyrus mailbox, whereas all mail for other domains (or even my company's domain) goes to the relay host (my company's actual mail server), after the From: header is rewritten to my actual company e-mail address thanks to smtp_generic_maps (which acts only on outbound mail, unlike sender_canonical_maps or recipient_canonical_maps). This is almost perfect.
The problem I'm facing is that Postfix accepts all mail destined to local users, even system users, and delivers it to mbox files in /var/spool/mail, which I don't want.
I tried to set local_recipient_maps to only $alias_maps (excluding proxy:unix:passwd.byname which is contained in the default value), but this doesn't change anything.
I also tried to set mailbox_transport to deliver those e-mails to Cyrus' lmtp socket, but then Postfix sends to Cyrus everything which is not listed in $alias_maps, whether it exists in the Unix passwd database or not (setting mailbox_transport_maps = $alias_maps doesn't help).
With this settings, mail to non-existent users (or existing Unix accounts not aliased in $alias_maps) ends up rejected by Cyrus (with 550-Mailbox unknown), but I'd like to have those e-mails rejected by Postfix directly, avoiding the useless (IMHO) round-trip to Cyrus.
If what I'm trying to achieve is really impossible, I will settle for this.
I also tried to set local_transport to Cyrus' lmtp socket, but it's even worse: all mail is sent directly to Cyrus, without any aliasing (so all local mail is rejected, even when the local user is present in $alias_maps).
I know I could ignore local completely and handle all mail with the virtual delivery agent (it's what I usually do when I set up a real mail server, using only virtual domains/mailboxes), but I like the very simple configuration I ended up with so far (/etc/postfix/main.cf currently contains only 10 actual lines or so), and I find it very surprising that local can't be instructed to ignore the Unix password database and reject everything that isn't actually listed in $alias_maps (unless I misunderstood the documentation, it's what local_recipient_maps is for).
Here is my configuration:
/etc/postfix/main.cf
compatibility_level = 2
myhostname = <my workstation's FQDN in lan>
inet_interfaces = loopback-only
mynetworks_style = host
relayhost = <my company's internal MX>
alias_maps = hash:/etc/aliases (to exclude nis:mail.aliases)
transport_maps = hash:$config_directory/transport_maps
smtp_generic_maps = hash:$config_directory/smtp_generic_maps
biff = no
/etc/aliases
postmaster: root
root: <my actual company e-mail address>
/etc/postfix/transport_maps
<my actual company e-mail address> lmtp:unix:/run/cyrus/socket/lmtp
/etc/postfix/smtp_generic_maps
@<my workstation's FQDN in lan> <my actual company e-mail address>
As you see, very simple.
Isn't there a way to instruct Postfix to reject mail for system users, or more precisely, reject mail for users not explicitly listed in $alias_maps ?
