Loading ...
Sorry, an error occurred while loading the content.

291457Problem with relay_domains lookups

Expand Messages
  • Geoff Shang
    Feb 20, 2013

      Sorry for having to obscure stuff in the below, but I have to.

      I'm setting up an MX for our new customer mail setup. I'm having a
      problem where relay_domains are not being looked up in LDAP as they

      We have a bunch of test users in LDAP under the domain example.com, for

      The relay parameters are as follows:

      relay_domains = proxy:ldap:/etc/postfix/ldap-domains.cf
      relay_recipient_maps =
      relay_transport = relay:[<mailscanner.ourdomain>.net]

      I have to specify <ourdomain>.com specifically in the relay_domains, as
      <ourdomain>.com isn't yet listed in LDAP. It will be.

      The relay_recipient_maps funkiness is because we will have both corporate
      mail and customer mail on the same domain, at least for a time (don't get
      me started on what a good idea that was).

      If I try a lookup of test000001@... against our recipient_domains
      LDAP configuration file, it works:

      $ postmap -q test000001@... ldap:/etc/postfix/ldap-domains.cf

      If I send a test Email from the host to a corporate address at
      <ourdomain>.com, it arrives just fine. I even see it look on the LDAP
      server first to see if it is a domain listed there.

      But if I try to send a message to test000001@..., it doesn't even
      do a look-up in LDAP, it tries to deliver it to example.com instead.

      Feb 19 16:35:55 mx postfix/pickup[4988]: B393F86592: uid=0
      Feb 19 16:35:55 mx postfix/cleanup[5599]: B393F86592:
      Feb 19 16:35:55 mx postfix/qmgr[4987]: B393F86592:
      from=<root@mx.<ourdomain>.net>, size=366, nrcpt=1 (queue active)
      Feb 19 16:35:59 mx postfix/smtp[5603]: connect to
      example.com[2001:500:88:200::10]:25: Connection refused
      Feb 19 16:36:20 mx postfix/smtp[5603]: connect to
      example.com[]:25: Connection timed out
      Feb 19 16:36:20 mx postfix/smtp[5603]: B393F86592:
      to=<test000001@...>, relay=none, delay=134, delays=109/0.01/24/0,
      dsn=4.4.1, status=deferred
      (connect to example.com[]:25: Connection timed out)

      I put in the proxy: for performance reasons. I tried taking it out but it
      made no difference and I didn't really expect it to.

      I'd understand it if LDAp was returning something that Postfix wasn't
      happy with. But it's not even asking. It does appear to connect but
      never sends a query. It's as if, somehow, it's deciding that example.com
      is not a domain we relay for.

      I've tried upping the logging, and also tried a debug Email with sendmail
      -bv. But neither give me any indication of how Postfix decides what it's
      going to do with the message.

      I'm clearly overlooking something obvious. Any ideas?

      Here's the postconf -n output:

      alias_database = hash:/etc/aliases
      alias_maps = hash:/etc/aliases
      append_dot_mydomain = no
      biff = no
      config_directory = /etc/postfix
      html_directory = /usr/share/doc/postfix/html
      inet_interfaces = all
      inet_protocols = ipv6,ipv4
      mailbox_size_limit = 0
      mydestination = mx.<ourdomain>.net, localhost
      myhostname = mx.<ourdomain>.net
      mynetworks = [::ffff:]/104 [::1]/128
      <our v6 range> <our v4 range>
      myorigin = /etc/mailname
      readme_directory = /usr/share/doc/postfix
      recipient_delimiter = +
      relay_domains = proxy:ldap:/etc/postfix/ldap-domains.cf <ourdomain>.com
      relay_recipient_maps =
      relay_transport = relay:[<mailscanner.ourdomain>.net]
      smtp_tls_ciphers = high
      smtp_tls_mandatory_ciphers = high
      smtp_tls_mandatory_exclude_ciphers = RC4,MD5
      smtp_tls_note_starttls_offer = yes
      smtp_tls_protocols = !SSLv2,!SSLv3
      smtp_tls_security_level = may
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
      smtpd_error_sleep_time = 2s
      smtpd_hard_error_limit = 10
      smtpd_helo_required = yes
      smtpd_helo_restrictions = permit_mynetworks
      smtpd_recipient_restrictions = permit_mynetworks
      reject_unauth_pipelining reject_non_fqdn_sender
      reject_invalid_hostname reject_non_fqdn_hostname
      reject_unknown_sender_domain reject_unlisted_recipient
      reject_non_fqdn_recipient reject_unknown_recipient_domain
      reject_unauth_destination reject_multi_recipient_bounce
      smtpd_soft_error_limit = 5
      smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
      smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
      smtpd_tls_loglevel = 1
      smtpd_tls_received_header = yes
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtpd_use_tls = yes

    • Show all 6 messages in this topic