295701RE: postfix multi-domain relay recipient verification problem with DNS and internal IP [SOLVED]
- Sep 30, 2013
> -----Original Message-----with
> From: owner-postfix-users@... [mailto:owner-postfix-
> users@...] On Behalf Of Noel Jones
> Sent: Monday, September 30, 2013 1:36 PM
> To: postfix-users@...
> Subject: Re: postfix multi-domain relay recipient verification problem
> DNS and internal IPbeing
> On 9/30/2013 5:21 AM, no@spam@... wrote:
> > hi,
> > my postfix should be the 1st entry point for a multi-domain-environment.
> > i want postfix to do recipient verification in order to avoid mails
> > relayed tocompliance
> > the internal host for users, which do not exists (actually, legal
> > needsworks):
> > to be achieved that mail is not accepted until a valid receiver mailbox
> > exists).
> > situation:
> > - postfix runs on it's own server
> > - 4 well registered domains
> > x1.com
> > x1.net
> > x1.org
> > x2.us
> > - 1 external IP for all (DNS MX points there for all of them, this
> > 188.8.131.52for
> > - 1 internal mailsystem (ms-exchange), which is authoritative for all 4
> > mail-domains.
> > hostname: mail.int.demo.lan
> > ip-address: 10.10.10.1
> > - postfix is the 1st contact from outside
> > - manual entry in /etc/hosts that tells postfix to use the internal IP
> > mail.x?.*any
> > (eg. "10.10.10.1 mail.int.demo.lan mail.x1.com mail.x2.com mail.x3.com
> > mail.x2.us")
> > - all domains listed in "relay_domains" in main.cf
> > all this stuff works perfectly for x2.us. but not for the others. for
> > reasonthe
> > postfix always resolves the "outside" IP for the x1.* domains, although
> > entry in /etc/hosts should point it to the inside IP.address
> > of course, the connect times out (loop-connect across the fw does not
> /etc/hosts does not override MX records.
> Use transport_maps to tell postfix where to deliver mail.
> And define external firewall IP addresses in proxy_interfaces so
> postfix knows which IPs should not be used for delivery.
> -- Noel Jones
> > syslog entries as follows:
> > postfix/smtpd 2013-09-30 10:45:23 NOQUEUE: reject: RCPT from
> > mail.xxx.yyy[184.108.40.206]: 450 4.1.1 <user@...>: Recipient
> > rejected: unverified address: Address verification in progress;to
> > from=<user@...> to=<user@...> proto=ESMTP
> > postfix/smtp 2013-09-30 10:45:47 connect to
> > Operation timed out
> > postfix/smtp 2013-09-30 10:45:47 BB2D44AF07: to=<user@...>,
> > delay=30, delays=0/0.01/30/0, dsn=4.4.1, status=undeliverable (connect
> > mail.x1.com[220.127.116.11]:25: Operation timed out)records
> > any ideas how i can tell postfix to use the internal IP for my hosted
> > domains?
> > faking DNS with an own server is not an option, btw, as other DNS
> > fromhi, @noel: you're so true. i found this out the same time, i forgot my own
> > these domains need to be resolved properly for web-tools and such.
> > regards,
> > martin
the solution is: to add the x1.* domains to transport_maps, and not to fake
dns and/or the lookup configurations. i did this for the x1.us domain years
therefore i did not think about the transport_maps.
thx for pointing me in the right directions, it works now.