Getting tricky with a transport map
- Word on a Novell GroupWise list that I belong to is that there's a way
to set up postfix (2.1.5) if it's set up to be a relay that it can
query the destination server to see if the recipient is valid before
accepting the message from the sender. Eg, postfix will start an esmtp
conversation with the relay host and if it fails the RCPT TO on the
destination, postfix will bounce the message. As I'm set up now, my
postfix accepts mail for all three of our domains and passes every
message on to our internal mail server. This leads to a mail queue on
the postfix box that's filled with undeliverable bounces and unnecessary
work for both mail servers.
I'd much rather reject these messages outright rather that accepting
However, what would happen if the internal server wasn't available?
Would postfix reject the mail (be very ugly if that was the case), or is
this an argument for turning on soft_bounce?
PLEASE cc: any responses to me as I get the digest version. Thanks!
rzeman@mailhub:~> postconf -n
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix/html
local_transport = error:local mail delivery is disabled
mail_spool_directory = /var/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_exceptions = root
maximal_queue_lifetime = 3d
message_size_limit = 25680000
mime_header_checks = regexp:/etc/postfix/mime_header_checks
myhostname = annex.melwood.com
mynetworks = 127.0.0.8/8 192.168.1.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
parent_domain_matches_subdomains = debug_peer_list smtpd_acess_maps
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_delimiter = -
relay_domains = melwood.com, melwood.org, melwoodgardencenter.com
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_data_xfer_timeout = 120s
smtp_use_tls = no
smtpd_banner = smtp.melwood.com - All use is subject to Melwood's
Internet Use Policy.
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = no
soft_bounce = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
Information Technology Department
Melwood Horticultural Training Center, Inc.
- On Wed, Nov 23, 2005 at 12:06:08PM -0500, Rick Zeman wrote:
> Word on a Novell GroupWise list that I belong to is that there's a wayYes, you need recipient validation.
> to set up postfix (2.1.5) if it's set up to be a relay that it can
> query the destination server to see if the recipient is valid before
> accepting the message from the sender. Eg, postfix will start an esmtp
> conversation with the relay host and if it fails the RCPT TO on the
> destination, postfix will bounce the message. As I'm set up now, my
> postfix accepts mail for all three of our domains and passes every
> message on to our internal mail server. This leads to a mail queue on
> the postfix box that's filled with undeliverable bounces and unnecessary
> work for both mail servers.
> However, what would happen if the internal server wasn't available?Postfix would correctly return 4XX codes. Also you can specify a reasonably
long positive cache time for recipient verification.
> canonical_maps = hash:/etc/postfix/canonicalAvoid wildcard in canonical tables if at all possible.
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> smtpd_banner = smtp.melwood.com - All use is subject to Melwood'sYou should preserve the "hostname ESMTP ..." form.
> Internet Use Policy.
smtpd_banner = smtp.melwood.com ESMTP <stuff nobody reads>
> smtpd_recipient_restrictions =Better than recipient verification (which assumes that the nexthop
> permit_mynetworks, reject_unauth_destination
has recipient validation) is direct recipient validation on the
gateway. Is there no way to clone (or live query) the list of valid
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.