Loading ...
Sorry, an error occurred while loading the content.

295701RE: postfix multi-domain relay recipient verification problem with DNS and internal IP [SOLVED]

Expand Messages
  • no@spam@mgedv.net
    Sep 30, 2013
    • 0 Attachment
      > -----Original Message-----
      > From: owner-postfix-users@... [mailto:owner-postfix-
      > users@...] On Behalf Of Noel Jones
      > Sent: Monday, September 30, 2013 1:36 PM
      > To: postfix-users@...
      > Subject: Re: postfix multi-domain relay recipient verification problem
      with
      > DNS and internal IP
      >
      > On 9/30/2013 5:21 AM, no@spam@... wrote:
      > > hi,
      > >
      > > my postfix should be the 1st entry point for a multi-domain-environment.
      > > i want postfix to do recipient verification in order to avoid mails
      being
      > > relayed to
      > > the internal host for users, which do not exists (actually, legal
      compliance
      > > needs
      > > to be achieved that mail is not accepted until a valid receiver mailbox
      > > exists).
      > >
      > > situation:
      > > - postfix runs on it's own server
      > > - 4 well registered domains
      > > x1.com
      > > x1.net
      > > x1.org
      > > x2.us
      > > - 1 external IP for all (DNS MX points there for all of them, this
      works):
      > > 222.111.222.111
      > > - 1 internal mailsystem (ms-exchange), which is authoritative for all 4
      > > mail-domains.
      > > hostname: mail.int.demo.lan
      > > ip-address: 10.10.10.1
      > > - postfix is the 1st contact from outside
      > > - manual entry in /etc/hosts that tells postfix to use the internal IP
      for
      > > mail.x?.*
      > > (eg. "10.10.10.1 mail.int.demo.lan mail.x1.com mail.x2.com mail.x3.com
      > > mail.x2.us")
      > > - all domains listed in "relay_domains" in main.cf
      > >
      > > all this stuff works perfectly for x2.us. but not for the others. for
      any
      > > reason
      > > postfix always resolves the "outside" IP for the x1.* domains, although
      the
      > > entry in /etc/hosts should point it to the inside IP.
      > > of course, the connect times out (loop-connect across the fw does not
      > work).
      >
      > /etc/hosts does not override MX records.
      >
      > Use transport_maps to tell postfix where to deliver mail.
      > http://www.postfix.org/postconf.5.html#transport_maps
      >
      > And define external firewall IP addresses in proxy_interfaces so
      > postfix knows which IPs should not be used for delivery.
      > http://www.postfix.org/postconf.5.html#proxy_interfaces
      >
      >
      >
      > -- Noel Jones
      >
      > >
      > > syslog entries as follows:
      > > postfix/smtpd 2013-09-30 10:45:23 NOQUEUE: reject: RCPT from
      > > mail.xxx.yyy[222.222.222.222]: 450 4.1.1 <user@...>: Recipient
      address
      > > rejected: unverified address: Address verification in progress;
      > > from=<user@...> to=<user@...> proto=ESMTP
      > helo=<mail.xxx.yyy>
      > > postfix/smtp 2013-09-30 10:45:47 connect to
      > mail.x1.com[222.111.222.111]:25:
      > > Operation timed out
      > > postfix/smtp 2013-09-30 10:45:47 BB2D44AF07: to=<user@...>,
      > relay=none,
      > > delay=30, delays=0/0.01/30/0, dsn=4.4.1, status=undeliverable (connect
      to
      > > mail.x1.com[222.111.222.111]:25: Operation timed out)
      > >
      > > any ideas how i can tell postfix to use the internal IP for my hosted
      > > domains?
      > > faking DNS with an own server is not an option, btw, as other DNS
      records
      > > from
      > > these domains need to be resolved properly for web-tools and such.
      > >
      > > regards,
      > > martin
      > >
      > >
      hi, @noel: you're so true. i found this out the same time, i forgot my own
      config ;)

      the solution is: to add the x1.* domains to transport_maps, and not to fake
      around
      dns and/or the lookup configurations. i did this for the x1.us domain years
      ago, and
      therefore i did not think about the transport_maps.

      thx for pointing me in the right directions, it works now.