Loading ...
Sorry, an error occurred while loading the content.

Getting tricky with a transport map

Expand Messages
  • Rick Zeman
    Word on a Novell GroupWise list that I belong to is that there s a way to set up postfix (2.1.5) if it s set up to be a relay that it can query the
    Message 1 of 2 , Nov 23, 2005
    • 0 Attachment
      Word on a Novell GroupWise list that I belong to is that there's a way
      to set up postfix (2.1.5) if it's set up to be a relay that it can
      query the destination server to see if the recipient is valid before
      accepting the message from the sender. Eg, postfix will start an esmtp
      conversation with the relay host and if it fails the RCPT TO on the
      destination, postfix will bounce the message. As I'm set up now, my
      postfix accepts mail for all three of our domains and passes every
      message on to our internal mail server. This leads to a mail queue on
      the postfix box that's filled with undeliverable bounces and unnecessary
      work for both mail servers.
      I'd much rather reject these messages outright rather that accepting
      them.
      However, what would happen if the internal server wasn't available?
      Would postfix reject the mail (be very ugly if that was the case), or is
      this an argument for turning on soft_bounce?

      PLEASE cc: any responses to me as I get the digest version. Thanks!


      rzeman@mailhub:~> postconf -n
      alias_maps = hash:/etc/aliases
      biff = no
      canonical_maps = hash:/etc/postfix/canonical
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/lib/postfix
      debug_peer_level = 2
      disable_dns_lookups = no
      disable_vrfy_command = yes
      html_directory = /usr/share/doc/packages/postfix/html
      local_recipient_maps =
      local_transport = error:local mail delivery is disabled
      mail_spool_directory = /var/mail
      mailbox_command =
      mailbox_transport =
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/share/man
      masquerade_classes = envelope_sender, header_sender, header_recipient
      masquerade_domains =
      masquerade_exceptions = root
      maximal_queue_lifetime = 3d
      message_size_limit = 25680000
      mime_header_checks = regexp:/etc/postfix/mime_header_checks
      mydestination =
      myhostname = annex.melwood.com
      mynetworks = 127.0.0.8/8 192.168.1.0/24
      myorigin = $mydomain
      newaliases_path = /usr/bin/newaliases
      parent_domain_matches_subdomains = debug_peer_list smtpd_acess_maps
      readme_directory = /usr/share/doc/packages/postfix/README_FILES
      recipient_delimiter = -
      relay_domains = melwood.com, melwood.org, melwoodgardencenter.com
      relay_recipient_maps =
      relocated_maps = hash:/etc/postfix/relocated
      sample_directory = /usr/share/doc/packages/postfix/samples
      sender_canonical_maps = hash:/etc/postfix/sender_canonical
      sendmail_path = /usr/sbin/sendmail
      setgid_group = maildrop
      smtp_data_xfer_timeout = 120s
      smtp_use_tls = no
      smtpd_banner = smtp.melwood.com - All use is subject to Melwood's
      Internet Use Policy.
      smtpd_client_restrictions = permit_mynetworks, reject_rbl_client
      sbl-xbl.spamhaus.org
      smtpd_hard_error_limit = 12
      smtpd_helo_required = yes
      smtpd_recipient_restrictions =
      permit_mynetworks,reject_unauth_destination
      smtpd_sasl_auth_enable = no
      smtpd_sender_restrictions = hash:/etc/postfix/access
      smtpd_use_tls = no
      soft_bounce = no
      strict_rfc821_envelopes = no
      transport_maps = hash:/etc/postfix/transport
      unknown_local_recipient_reject_code = 550

      Rick Zeman
      Information Technology Department
      Melwood Horticultural Training Center, Inc.
      301.599.4560
      <http://www.melwood.org>
    • Victor Duchovni
      ... Yes, you need recipient validation. ... Postfix would correctly return 4XX codes. Also you can specify a reasonably long positive cache time for recipient
      Message 2 of 2 , Nov 23, 2005
      • 0 Attachment
        On Wed, Nov 23, 2005 at 12:06:08PM -0500, Rick Zeman wrote:

        > Word on a Novell GroupWise list that I belong to is that there's a way
        > to set up postfix (2.1.5) if it's set up to be a relay that it can
        > query the destination server to see if the recipient is valid before
        > accepting the message from the sender. Eg, postfix will start an esmtp
        > conversation with the relay host and if it fails the RCPT TO on the
        > destination, postfix will bounce the message. As I'm set up now, my
        > postfix accepts mail for all three of our domains and passes every
        > message on to our internal mail server. This leads to a mail queue on
        > the postfix box that's filled with undeliverable bounces and unnecessary
        > work for both mail servers.

        Yes, you need recipient validation.

        > However, what would happen if the internal server wasn't available?

        Postfix would correctly return 4XX codes. Also you can specify a reasonably
        long positive cache time for recipient verification.

        > canonical_maps = hash:/etc/postfix/canonical
        > sender_canonical_maps = hash:/etc/postfix/sender_canonical

        Avoid wildcard in canonical tables if at all possible.

        > smtpd_banner = smtp.melwood.com - All use is subject to Melwood's
        > Internet Use Policy.

        You should preserve the "hostname ESMTP ..." form.

        smtpd_banner = smtp.melwood.com ESMTP <stuff nobody reads>

        > smtpd_recipient_restrictions =
        > permit_mynetworks, reject_unauth_destination

        Better than recipient verification (which assumes that the nexthop
        has recipient validation) is direct recipient validation on the
        gateway. Is there no way to clone (or live query) the list of valid
        recipients directly?

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      Your message has been successfully submitted and would be delivered to recipients shortly.