Loading ...
Sorry, an error occurred while loading the content.

Re: relay_recipients_maps / generic clash

Expand Messages
  • John Knappers
    ... Sorry, if my explanation was not clear enough: Generic at the mailbub: @domain1.ccom @newdomain1.com @domain2.com @newdomain1.com @domain3.com
    Message 1 of 15 , Oct 1, 2006
    • 0 Attachment
      >John Knappers wrote:
      >>Hello everyone,
      >>
      >>I consolidate a dozen of old domains in 2 domains with the generic table
      >>function of Postfix at our gateway relay / Mail hub.
      >>This works fine, but now. at last I finally wanted to implement the
      >>relay_recipient_maps function. After a night studying the awk syntax to
      >>convert the virtual table of our internal mailserver to a
      >>relay_recipients_map table I created a nice script just doing that.
      >>
      >>But now the problems starts. Only the mail of the 2 consolidated domains
      >>is accepted, and the mail to addresses ending with domains in the generic
      >>table is rejected. Does anyone a way to overcome this? My scripting
      >>knowledge is not sufficient to take the generic table in account when
      >>creating a relay_recipient_table.
      >>
      >>With other words: Is it possible to accept mail / do the generic domain
      >>consolidation, and apply the releay_recipients_maps feature after that?
      >
      >
      >post concrete examples and you'll get concrete answers...
      >
      >if your a map contains things like
      >foo@... bar@...
      >
      >and you want to add "bar@..." then
      >
      > grep -v "^#" $map| grep @ | awk '{print $2 " something"}'
      >
      >will do. if you want to add both key and value, then
      >
      > grep -v "^#" $map| grep @ | awk '{print $1 " got1"; print $2 " got2"}'
      >
      >This assumes that you do not use addresses with spaces (such as "foo
      >bar"@...).
      >
      Sorry, if my explanation was not clear enough:
      Generic at the mailbub:
      @... @...
      @... @...
      @... @...
      @... @...
      and so on

      In the virtual table at our internal mailsystem:
      user1@... user1
      user2@... user2
      and so on.

      At the internal mailsystem I create a relay_recipients_map with the
      following script:
      #Whre to get to virtual table to convert
      RELAY_RECIPIENTS_PATH=/etc/postfix/maps/relay_recipients
      #Name of the created recipients_table
      RELAY_RECIPIENTS=relay_recipients_domain1.com

      AWK_BIN=/bin/awk
      POSTMAP_BIN=/usr/sbin/postmap

      # script vars, do not change anything here
      RELAY_RECIPIENTS_PROTO=relay_recipients_proto
      DB=db

      # Sanity Checks:
      # Laterz, first get it working


      echo " creating $RELAY_RECIPIENTS_PATH/$RELAY_RECIPIENTS"
      $AWK_BIN '!/#/ && /@/ {printf ("%s\tOK\n",$1)}' $VIRTUAL >
      $RELAY_RECIPIENTS_PATH/$RELAY_RECIPIENTS_PROTO

      $POSTMAP_BIN hash:$RELAY_RECIPIENTS_PATH/$RELAY_RECIPIENTS_PROTO

      mv $RELAY_RECIPIENTS_PATH/$RELAY_RECIPIENTS_PROTO
      $RELAY_RECIPIENTS_PATH/$RELAY_RECIPIENTS
      mv $RELAY_RECIPIENTS_PATH/$RELAY_RECIPIENTS_PROTO.$DB
      $RELAY_RECIPIENTS_PATH/$RELAY_RECIPIENTS.$DB

      echo " Done!"

      >

      This is then copied to the mailhub.
      The now created relay_recipient_map has only mail addresses of the
      consolidated maildomains.

      _________________________________________________________________
      500 foto's per maand uploaden, GRATIS! http://spaces.live.com
    • Sandy Drobic
      ... At this point I haven t seen the full configuration (postconf -n) and I am loath to give advice on incomplete information. Are the domains domain1.example
      Message 2 of 15 , Oct 2, 2006
      • 0 Attachment
        John Knappers wrote:
        >
        >> John Knappers wrote:
        >>> Hello everyone,
        >>>
        >>> I consolidate a dozen of old domains in 2 domains with the generic
        >>> table function of Postfix at our gateway relay / Mail hub.
        >>> This works fine, but now. at last I finally wanted to implement the
        >>> relay_recipient_maps function. After a night studying the awk syntax
        >>> to convert the virtual table of our internal mailserver to a
        >>> relay_recipients_map table I created a nice script just doing that.
        >>>
        >>> But now the problems starts. Only the mail of the 2 consolidated
        >>> domains is accepted, and the mail to addresses ending with domains in
        >>> the generic table is rejected. Does anyone a way to overcome this? My
        >>> scripting knowledge is not sufficient to take the generic table in
        >>> account when creating a relay_recipient_table.
        >>>
        >>> With other words: Is it possible to accept mail / do the generic
        >>> domain consolidation, and apply the releay_recipients_maps feature
        >>> after that?

        At this point I haven't seen the full configuration (postconf -n) and I am
        loath to give advice on incomplete information.

        Are the domains domain1.example domain2.example etc in relay_domains, in
        mydestination, in virtual_alias_domains, in virtual_mailbox_domains?

        relay_recipient_maps is only used for domains in relay_domains, while
        virtual_alias_maps is used for all domain classes.

        generic_maps is applied only to outgoing mails.

        Sandy
        --
        List replies only please!
        Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
      • John Knappers
        ... I will try to clarify more: Mailgateway receiving is receiving mail for multiple domains. A lot of them are old, but still frequently used by customers.
        Message 3 of 15 , Oct 2, 2006
        • 0 Attachment
          >
          >John Knappers wrote:
          >>
          >>>John Knappers wrote:
          >>>>Hello everyone,
          >>>>
          >>>>I consolidate a dozen of old domains in 2 domains with the generic table
          >>>>function of Postfix at our gateway relay / Mail hub.
          >>>>This works fine, but now. at last I finally wanted to implement the
          >>>>relay_recipient_maps function. After a night studying the awk syntax to
          >>>>convert the virtual table of our internal mailserver to a
          >>>>relay_recipients_map table I created a nice script just doing that.
          >>>>
          >>>>But now the problems starts. Only the mail of the 2 consolidated domains
          >>>>is accepted, and the mail to addresses ending with domains in the
          >>>>generic table is rejected. Does anyone a way to overcome this? My
          >>>>scripting knowledge is not sufficient to take the generic table in
          >>>>account when creating a relay_recipient_table.
          >>>>
          >>>>With other words: Is it possible to accept mail / do the generic domain
          >>>>consolidation, and apply the releay_recipients_maps feature after that?
          >
          >At this point I haven't seen the full configuration (postconf -n) and I am
          >loath to give advice on incomplete information.
          >
          >Are the domains domain1.example domain2.example etc in relay_domains, in
          >mydestination, in virtual_alias_domains, in virtual_mailbox_domains?
          >
          >relay_recipient_maps is only used for domains in relay_domains, while
          >virtual_alias_maps is used for all domain classes.
          >
          >generic_maps is applied only to outgoing mails.
          >
          >Sandy
          >--
          >List replies only please!
          >Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

          I will try to clarify more:

          Mailgateway receiving is receiving mail for multiple domains. A lot of them
          are old, but still frequently used by customers.
          Function of mailgateway:
          receive mail: scan it / spanassassin it, rewrite old domains to new domans,
          and push it the final destination (internal mailserver).
          This not a to strange configuration.
          At the mailgateway I consolidate a dozen old (by mergers obsoleted, but by
          customers still frequently used domains) 2 two domains.
          Those to domains are the only domains the internal mailserver know about.
          At the mailgateway all domains are in the relay_domains table
          Old domains are rewritten to the new domains in the generic table like:
          @olddomain1 @newdomain1
          @olddomain2 @newdomain1
          @olddomain3 @newdomain2
          etc etc etc.

          If I create a relay_recpients_maps table based on the virtual table of the
          internal mailserver (which only knows about the 2 consolidated domains). All
          incoming mail with the old domains (which needs te be rewritten by the
          generic funstion) is rejected.
          The relay_recipient_maps table is checked before the address rewritting,
          which is causing the setup to fail

          For completenes I include a postconf -n.txt ( with anonymized domains)

          Please advise what the best solution is for this problem, I cannot imagine,
          that I'm the first facing this problem.

          John

          _________________________________________________________________
          De nieuwste Messenger is live! Download nu
          http://imagine-msn.com/messenger/launch80/default.aspx?locale=nl-nl
        • Sandy Drobic
          ... Okay, forgive me for being slow. Now it makes perfect sense. Indeed, unless configured to be checked earlier with relect_unlisted_recipient,
          Message 4 of 15 , Oct 2, 2006
          • 0 Attachment
            John Knappers wrote:
            >>
            >> John Knappers wrote:
            >>>
            >>>> John Knappers wrote:
            >>>>> Hello everyone,
            >>>>>
            >>>>> I consolidate a dozen of old domains in 2 domains with the generic
            >>>>> table function of Postfix at our gateway relay / Mail hub.
            >>>>> This works fine, but now. at last I finally wanted to implement the
            >>>>> relay_recipient_maps function. After a night studying the awk
            >>>>> syntax to convert the virtual table of our internal mailserver to a
            >>>>> relay_recipients_map table I created a nice script just doing that.
            >>>>>
            >>>>> But now the problems starts. Only the mail of the 2 consolidated
            >>>>> domains is accepted, and the mail to addresses ending with domains
            >>>>> in the generic table is rejected. Does anyone a way to overcome
            >>>>> this? My scripting knowledge is not sufficient to take the generic
            >>>>> table in account when creating a relay_recipient_table.
            >>>>>
            >>>>> With other words: Is it possible to accept mail / do the generic
            >>>>> domain consolidation, and apply the releay_recipients_maps feature
            >>>>> after that?
            >>
            >> At this point I haven't seen the full configuration (postconf -n) and
            >> I am loath to give advice on incomplete information.
            >>
            >> Are the domains domain1.example domain2.example etc in relay_domains,
            >> in mydestination, in virtual_alias_domains, in virtual_mailbox_domains?
            >>
            >> relay_recipient_maps is only used for domains in relay_domains, while
            >> virtual_alias_maps is used for all domain classes.
            >>
            >> generic_maps is applied only to outgoing mails.
            >>
            >> Sandy
            >> --
            >> List replies only please!
            >> Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
            >
            > I will try to clarify more:
            >
            > Mailgateway receiving is receiving mail for multiple domains. A lot of
            > them are old, but still frequently used by customers.
            > Function of mailgateway:
            > receive mail: scan it / spanassassin it, rewrite old domains to new
            > domans, and push it the final destination (internal mailserver).
            > This not a to strange configuration.
            > At the mailgateway I consolidate a dozen old (by mergers obsoleted, but
            > by customers still frequently used domains) 2 two domains.
            > Those to domains are the only domains the internal mailserver know about.
            > At the mailgateway all domains are in the relay_domains table
            > Old domains are rewritten to the new domains in the generic table like:
            > @olddomain1 @newdomain1
            > @olddomain2 @newdomain1
            > @olddomain3 @newdomain2
            > etc etc etc.
            >
            > If I create a relay_recpients_maps table based on the virtual table of
            > the internal mailserver (which only knows about the 2 consolidated
            > domains). All incoming mail with the old domains (which needs te be
            > rewritten by the generic funstion) is rejected.
            > The relay_recipient_maps table is checked before the address rewritting,
            > which is causing the setup to fail

            Okay, forgive me for being slow. Now it makes perfect sense. Indeed,
            unless configured to be checked earlier with relect_unlisted_recipient,
            relay_recipient_maps is checked at the end of the
            smtpd_recipient_restrictions, which happens at the end of the RCPT TO
            during the smtp exchange.

            Rewriting with generic_maps happen, when the mail leaves the Postfix system.

            So, if you want to keep the old domains, you need to change your awk
            script to include valid user addresses for the old domains as well.
            Just put in a loop to add the extracted user for the old domains as well.

            > For completenes I include a postconf -n.txt ( with anonymized domains)
            >
            > Please advise what the best solution is for this problem, I cannot
            > imagine, that I'm the first facing this problem.

            No, this happens indeed every few weeks that someone asks about
            relay_recipient_maps. Though usually the question is "Why doesn't it work
            when I put in '@... OK'?"


            > John
            >
            > _________________________________________________________________
            > De nieuwste Messenger is live! Download nu
            > http://imagine-msn.com/messenger/launch80/default.aspx?locale=nl-nl
            > address_verify_map = btree:/var/spool/postfix/verified_senders
            > alias_maps = hash:/etc/aliases
            > anvil_rate_time_unit = 60s
            > anvil_status_update_time = 600s
            > body_checks =
            > bounce_size_limit = 1024
            > canonical_maps = hash:/etc/postfix/maps/canonical
            > command_directory = /usr/sbin
            > config_directory = /etc/postfix
            > daemon_directory = /usr/lib/postfix
            > debug_peer_level = 2
            > default_destination_concurrency_limit = 40
            > disable_dns_lookups = no
            > disable_vrfy_command = yes
            > empty_address_recipient = MAILER-DAEMON
            > header_checks =
            > regexp:/etc/postfix/maps/header_checks_bcc,
            > regexp:/etc/postfix/maps/header_checks_priv
            > header_size_limit = 32768
            > home_mailbox = Maildir/
            > html_directory = /usr/share/doc/packages/postfix/html
            > inet_interfaces = all
            > local_destination_concurrency_limit = 5
            > local_header_rewrite_clients = permit_mynetworks
            > local_recipient_maps =

            Careful, you accept mails for $myhostname but don't verify recipients!
            Do you have a check to reject Mails from outside your network for $myhostname?

            Sandy

            --
            List replies only please!
            Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
          • John Knappers
            ... Now the problem is completely claer, can you (or anyone else) assist me with the awk script additions to do this, because my scripting knowledge is not
            Message 5 of 15 , Oct 2, 2006
            • 0 Attachment
              >John Knappers wrote:
              >>>
              >>>John Knappers wrote:
              >>>>
              >>>>>John Knappers wrote:
              >>>>>>Hello everyone,
              >>>>>>
              >>>>>>I consolidate a dozen of old domains in 2 domains with the generic
              >>>>>>table function of Postfix at our gateway relay / Mail hub.
              >>>>>>This works fine, but now. at last I finally wanted to implement the
              >>>>>>relay_recipient_maps function. After a night studying the awk syntax
              >>>>>>to convert the virtual table of our internal mailserver to a
              >>>>>>relay_recipients_map table I created a nice script just doing that.
              >>>>>>
              >>>>>>But now the problems starts. Only the mail of the 2 consolidated
              >>>>>>domains is accepted, and the mail to addresses ending with domains in
              >>>>>>the generic table is rejected. Does anyone a way to overcome this? My
              >>>>>>scripting knowledge is not sufficient to take the generic table in
              >>>>>>account when creating a relay_recipient_table.
              >>>>>>
              >>>>>>With other words: Is it possible to accept mail / do the generic
              >>>>>>domain consolidation, and apply the releay_recipients_maps feature
              >>>>>>after that?
              >>>
              >>>At this point I haven't seen the full configuration (postconf -n) and I
              >>>am loath to give advice on incomplete information.
              >>>
              >>>Are the domains domain1.example domain2.example etc in relay_domains, in
              >>>mydestination, in virtual_alias_domains, in virtual_mailbox_domains?
              >>>
              >>>relay_recipient_maps is only used for domains in relay_domains, while
              >>>virtual_alias_maps is used for all domain classes.
              >>>
              >>>generic_maps is applied only to outgoing mails.
              >>>
              >>>Sandy
              >>>--
              >>>List replies only please!
              >>>Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
              >>
              >>I will try to clarify more:
              >>
              >>Mailgateway receiving is receiving mail for multiple domains. A lot of
              >>them are old, but still frequently used by customers.
              >>Function of mailgateway:
              >>receive mail: scan it / spanassassin it, rewrite old domains to new
              >>domans, and push it the final destination (internal mailserver).
              >>This not a to strange configuration.
              >>At the mailgateway I consolidate a dozen old (by mergers obsoleted, but by
              >>customers still frequently used domains) 2 two domains.
              >>Those to domains are the only domains the internal mailserver know about.
              >>At the mailgateway all domains are in the relay_domains table
              >>Old domains are rewritten to the new domains in the generic table like:
              >>@olddomain1 @newdomain1
              >>@olddomain2 @newdomain1
              >>@olddomain3 @newdomain2
              >>etc etc etc.
              >>
              >>If I create a relay_recpients_maps table based on the virtual table of the
              >>internal mailserver (which only knows about the 2 consolidated domains).
              >>All incoming mail with the old domains (which needs te be rewritten by the
              >>generic funstion) is rejected.
              >>The relay_recipient_maps table is checked before the address rewritting,
              >>which is causing the setup to fail
              >
              >Okay, forgive me for being slow. Now it makes perfect sense. Indeed, unless
              >configured to be checked earlier with relect_unlisted_recipient,
              >relay_recipient_maps is checked at the end of the
              >smtpd_recipient_restrictions, which happens at the end of the RCPT TO
              >during the smtp exchange.
              >
              >Rewriting with generic_maps happen, when the mail leaves the Postfix
              >system.
              >
              >So, if you want to keep the old domains, you need to change your awk script
              >to include valid user addresses for the old domains as well.
              >Just put in a loop to add the extracted user for the old domains as well.
              >
              >>For completenes I include a postconf -n.txt ( with anonymized domains)
              >>
              >>Please advise what the best solution is for this problem, I cannot
              >>imagine, that I'm the first facing this problem.
              >
              >No, this happens indeed every few weeks that someone asks about
              >relay_recipient_maps. Though usually the question is "Why doesn't it work
              >when I put in '@... OK'?"
              >
              >
              >>John
              >>
              >>_________________________________________________________________
              >>De nieuwste Messenger is live! Download nu
              >>http://imagine-msn.com/messenger/launch80/default.aspx?locale=nl-nl
              >>address_verify_map = btree:/var/spool/postfix/verified_senders
              >>alias_maps = hash:/etc/aliases
              >>anvil_rate_time_unit = 60s
              >>anvil_status_update_time = 600s
              >>body_checks =
              >>bounce_size_limit = 1024
              >>canonical_maps = hash:/etc/postfix/maps/canonical
              >>command_directory = /usr/sbin
              >>config_directory = /etc/postfix
              >>daemon_directory = /usr/lib/postfix
              >>debug_peer_level = 2
              >>default_destination_concurrency_limit = 40
              >>disable_dns_lookups = no
              >>disable_vrfy_command = yes
              >>empty_address_recipient = MAILER-DAEMON
              >>header_checks = regexp:/etc/postfix/maps/header_checks_bcc,
              >>regexp:/etc/postfix/maps/header_checks_priv
              >>header_size_limit = 32768
              >>home_mailbox = Maildir/
              >>html_directory = /usr/share/doc/packages/postfix/html
              >>inet_interfaces = all
              >>local_destination_concurrency_limit = 5
              >>local_header_rewrite_clients = permit_mynetworks
              >>local_recipient_maps =
              >
              >Careful, you accept mails for $myhostname but don't verify recipients!
              >Do you have a check to reject Mails from outside your network for
              >$myhostname?
              >
              >Sandy
              >
              >So, if you want to keep the old domains, you need to change your awk script
              >to include valid user addresses for the old domains as well.
              >Just put in a loop to add the extracted user for the old domains as well.

              Now the problem is completely claer, can you (or anyone else) assist me
              with the awk script additions to do this, because my scripting knowledge is
              not suffient for this. :(
              I have a relay_recipients_maps with all valid mail addresses, but only for
              the consolidated domains, and I have a generic_maps file, with what
              olddomains will be rewritten to what newdomains.
              Or is there an other around / better way solve this setup problem?

              >No, this happens indeed every few weeks that someone asks about
              >relay_recipient_maps. Though usually the question is "Why doesn't it work
              >when I put in '@... OK'?"
              It's was not to hard for me to understand this....

              >Careful, you accept mails for $myhostname but don't verify recipients!
              >Do you have a check to reject Mails from outside your network for
              >$myhostname?

              I accept only mail for the standard aliases which RFC want to be present
              (postmaster /abuse / etc)
              If the mailaddress@$myhostname doesn't resolve to a valid mailaddress, it
              bounce with user unknown. What is the problem with it? Or better asked: Do
              I miss anything, what I shouldn't miss?

              _________________________________________________________________
              De nieuwste Messenger is live! Download nu
              http://imagine-msn.com/messenger/launch80/default.aspx?locale=nl-nl
            • mouss
              ... but which of these would you want to add to relay_recipient_maps? these are domain addresses. you can add them, but this means you ll accept any address
              Message 6 of 15 , Oct 2, 2006
              • 0 Attachment
                John Knappers wrote:
                >
                >> John Knappers wrote:
                >>> Hello everyone,
                >>>
                >>> I consolidate a dozen of old domains in 2 domains with the generic
                >>> table function of Postfix at our gateway relay / Mail hub.
                >>> This works fine, but now. at last I finally wanted to implement the
                >>> relay_recipient_maps function. After a night studying the awk syntax
                >>> to convert the virtual table of our internal mailserver to a
                >>> relay_recipients_map table I created a nice script just doing that.
                >>>
                >>> But now the problems starts. Only the mail of the 2 consolidated
                >>> domains is accepted, and the mail to addresses ending with domains
                >>> in the generic table is rejected. Does anyone a way to overcome
                >>> this? My scripting knowledge is not sufficient to take the generic
                >>> table in account when creating a relay_recipient_table.
                >>>
                >>> With other words: Is it possible to accept mail / do the generic
                >>> domain consolidation, and apply the releay_recipients_maps feature
                >>> after that?
                >>
                >>
                >> post concrete examples and you'll get concrete answers...
                >>
                >> if your a map contains things like
                >> foo@... bar@...
                >>
                >> and you want to add "bar@..." then
                >>
                >> grep -v "^#" $map| grep @ | awk '{print $2 " something"}'
                >>
                >> will do. if you want to add both key and value, then
                >>
                >> grep -v "^#" $map| grep @ | awk '{print $1 " got1"; print $2 "
                >> got2"}'
                >>
                >> This assumes that you do not use addresses with spaces (such as "foo
                >> bar"@...).
                >>
                > Sorry, if my explanation was not clear enough:
                > Generic at the mailbub:
                > @... @...
                > @... @...
                > @... @...
                > @... @...
                > and so on


                but which of these would you want to add to relay_recipient_maps? these
                are domain addresses. you can add them, but this means you'll accept any
                address for the added domain. if you want so, awk is enough. (print $1 "
                ok" or print $2 " ok" depending on which one you want to add) but see if
                you can get a real list of users addresses.
              • mouss
                ... consider using perl (or friends). if you insist on shell, do something like awk ... | while read domain; do awk ... | while read user; do echo
                Message 7 of 15 , Oct 2, 2006
                • 0 Attachment
                  John Knappers wrote:
                  > Now the problem is completely claer, can you (or anyone else) assist
                  > me with the awk script additions to do this, because my scripting
                  > knowledge is not suffient for this. :(
                  > I have a relay_recipients_maps with all valid mail addresses, but only
                  > for the consolidated domains, and I have a generic_maps file, with
                  > what olddomains will be rewritten to what newdomains.
                  > Or is there an other around / better way solve this setup problem?

                  consider using perl (or friends).

                  if you insist on shell, do something like


                  awk ... | while read domain; do
                  awk ... | while read user; do
                  echo $user@$domain OK >> $file
                  done
                  done


                  If you have sql/ldap running and (partially) used, you can have this
                  done via sql/ldap statements.
                • Sandy Drobic
                  ... I think my coffeine input is reaching the neccessary level. So the situation is as follows: - internal server (knows only the two domains) and has the
                  Message 8 of 15 , Oct 2, 2006
                  • 0 Attachment
                    John Knappers wrote:

                    >>> If I create a relay_recpients_maps table based on the virtual table
                    >>> of the internal mailserver (which only knows about the 2 consolidated
                    >>> domains). All incoming mail with the old domains (which needs te be
                    >>> rewritten by the generic funstion) is rejected.
                    >>> The relay_recipient_maps table is checked before the address
                    >>> rewritting, which is causing the setup to fail

                    I think my coffeine input is reaching the neccessary level.
                    So the situation is as follows:

                    - internal server (knows only the two domains) and has the valid users in
                    virtual.
                    - gateway accepts mails for all domains (including the old domains), but
                    doesn't have a list of valid users and thus accepts all the invalid users.

                    You want to extract the valid users from the virtual on the internal
                    server and apply the users to all domains, so that only valid recipients
                    for all domains are accepted.

                    Question: does the internal server knows two separate domains, or does it
                    simply combine the mails for the two domains for each user into one single
                    account?

                    >>> local_recipient_maps =
                    >>
                    >> Careful, you accept mails for $myhostname but don't verify recipients!
                    >> Do you have a check to reject Mails from outside your network for
                    >> $myhostname?
                    >>
                    >> So, if you want to keep the old domains, you need to change your awk
                    >> script to include valid user addresses for the old domains as well.
                    >> Just put in a loop to add the extracted user for the old domains as well.
                    >
                    > Now the problem is completely claer, can you (or anyone else) assist me
                    > with the awk script additions to do this, because my scripting knowledge
                    > is not suffient for this. :(

                    Is user1@... the same as user1@...?

                    > I have a relay_recipients_maps with all valid mail addresses, but only
                    > for the consolidated domains, and I have a generic_maps file, with what
                    > olddomains will be rewritten to what newdomains.
                    > Or is there an other around / better way solve this setup problem?

                    So you just need to grab the local part of each address in the incomplete
                    relay_recipient_maps and add the generics domains to it, write the address
                    into a new file and then postmap it and set it up as relay_recipient_maps.

                    # Just add these lines to your script
                    #
                    domains=("@..." "@..." "@...")
                    #
                    cat in_complete_relay_recipient_maps | while read line;
                    do
                    {
                    user_name=`echo $line|cut -f1 -d"@"`
                    for i in `echo ${domains[*]}`; do
                    echo -e "$user_name$i" >> /etc/postfix/relay_recipients
                    done
                    }
                    done

                    If you have a long list to process you might want to use a perl script.
                    This shell script is not the fastest.


                    >> No, this happens indeed every few weeks that someone asks about
                    >> relay_recipient_maps. Though usually the question is "Why doesn't it
                    >> work when I put in '@... OK'?"
                    > It's was not to hard for me to understand this....
                    >
                    >> Careful, you accept mails for $myhostname but don't verify recipients!
                    >> Do you have a check to reject Mails from outside your network for
                    >> $myhostname?
                    >
                    > I accept only mail for the standard aliases which RFC want to be present
                    > (postmaster /abuse / etc)
                    > If the mailaddress@$myhostname doesn't resolve to a valid mailaddress,
                    > it bounce with user unknown. What is the problem with it? Or better
                    > asked: Do I miss anything, what I shouldn't miss?

                    Does it really REJECT mails to invalid addresses or does it accept the
                    mails first and then BOUNCE the mails to the forged sender of the spam?

                    Sandy
                    --
                    List replies only please!
                    Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
                  • John Knappers
                    ... YES! ... When I started this, the first thing I encounterd was the need to eliminate domain linking in virtual table on the internal server like @domain1
                    Message 9 of 15 , Oct 2, 2006
                    • 0 Attachment
                      >I think my coffeine input is reaching the neccessary level.
                      >So the situation is as follows:
                      >
                      >- internal server (knows only the two domains) and has the valid users in
                      >virtual.
                      >- gateway accepts mails for all domains (including the old domains), but
                      >doesn't have a list of valid users and thus accepts all the invalid users.
                      >
                      >You want to extract the valid users from the virtual on the internal
                      >server and apply the users to all domains, so that only valid recipients
                      >for all domains are accepted.
                      YES!
                      >
                      >Question: does the internal server knows two separate domains, or does it
                      >simply combine the mails for the two domains for each user into one single
                      >account?

                      When I started this, the first thing I encounterd was the need to eliminate
                      "domain linking in virtual table"on the internal server like
                      @domain1 @domain2
                      user@domain2 user

                      So I already has expanded the 2 domains on the Internal mailserver in the
                      virtual table like:
                      user1@newdomain1 user1
                      user1@newdomain2 user1
                      Etc.

                      But it do not mean that every old domain resolved to the two new domains.
                      On the mailgateway:
                      Example:
                      @... @...
                      @... @...
                      @... @...
                      @... @...


                      >>>So, if you want to keep the old domains, you need to change your awk
                      >>>script to include valid user addresses for the old domains as well.
                      >>>Just put in a loop to add the extracted user for the old domains as well.
                      >>
                      >>Now the problem is completely claer, can you (or anyone else) assist me
                      >>with the awk script additions to do this, because my scripting knowledge
                      >>is not suffient for this. :(
                      >
                      >Is user1@... the same as user1@...?
                      Not always,
                      Depents on how generic table. This makes it more difficult
                      >
                      >>I have a relay_recipients_maps with all valid mail addresses, but only for
                      >>the consolidated domains, and I have a generic_maps file, with what
                      >>olddomains will be rewritten to what newdomains.
                      >>Or is there an other around / better way solve this setup problem?
                      >
                      >So you just need to grab the local part of each address in the incomplete
                      >relay_recipient_maps and add the generics domains to it, write the address
                      >into a new file and then postmap it and set it up as relay_recipient_maps.
                      >
                      ># Just add these lines to your script
                      >#
                      >domains=("@..." "@..." "@...")
                      >#
                      >cat in_complete_relay_recipient_maps | while read line;
                      >do
                      >{
                      > user_name=`echo $line|cut -f1 -d"@"`
                      > for i in `echo ${domains[*]}`; do
                      > echo -e "$user_name$i" >> /etc/postfix/relay_recipients
                      > done
                      >}
                      >done
                      >
                      Tonight I'm gonna try this.

                      This looks almost complete, but now every user has an mailaddress in every
                      oldmaildomain. If this the limit for scripting maybe I need to accept this
                      compromise.

                      >If you have a long list to process you might want to use a perl script.
                      >This shell script is not the fastest.
                      The table is not to large, So I think shell scripting will do for me, But if
                      someone is willing to write a perl script for this, it would maybe a good
                      idea to publish it somewhere in the howto and faqs page on the postfix
                      website. The their effort servers a larger comunity.
                      >
                      >
                      >>>No, this happens indeed every few weeks that someone asks about
                      >>>relay_recipient_maps. Though usually the question is "Why doesn't it work
                      >>>when I put in '@... OK'?"
                      >>It's was not to hard for me to understand this....
                      >>
                      >>>Careful, you accept mails for $myhostname but don't verify recipients!
                      >>>Do you have a check to reject Mails from outside your network for
                      >>>$myhostname?
                      >>
                      >>I accept only mail for the standard aliases which RFC want to be present
                      >>(postmaster /abuse / etc)
                      >>If the mailaddress@$myhostname doesn't resolve to a valid mailaddress, it
                      >>bounce with user unknown. What is the problem with it? Or better asked:
                      >>Do I miss anything, what I shouldn't miss?
                      >
                      >Does it really REJECT mails to invalid addresses or does it accept the
                      >mails first and then BOUNCE the mails to the forged sender of the spam?
                      >
                      You mean if you don't specify a local_repipient_maps, mail for non local
                      users will be accepted and rejected afterwards, resulting that my
                      gatewaymailserver is responsible for delivering the Delvery Notification,
                      which of cause fail by faked sender addresses?
                      I will check this out.

                      >Sandy
                      >--
                      >List replies only please!
                      >Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

                      _________________________________________________________________
                      Gratis bellen van PC naar PC? Download de nieuwste Messenger!
                      http://imagine-msn.com/messenger/launch80/default.aspx?locale=nl-nl
                    • Sandy Drobic
                      ... Not much more difficult. You only have to add another decision. ... grep example.com cat in_complete_relay_recipient_maps | while read line; ... Do
                      Message 10 of 15 , Oct 3, 2006
                      • 0 Attachment
                        John Knappers wrote:

                        >>> Now the problem is completely claer, can you (or anyone else) assist
                        >>> me with the awk script additions to do this, because my scripting
                        >>> knowledge is not suffient for this. :(
                        >>
                        >> Is user1@... the same as user1@...?
                        > Not always,
                        > Depents on how generic table. This makes it more difficult

                        Not much more difficult. You only have to add another decision.

                        >>
                        >>> I have a relay_recipients_maps with all valid mail addresses, but
                        >>> only for the consolidated domains, and I have a generic_maps file,
                        >>> with what olddomains will be rewritten to what newdomains.
                        >>> Or is there an other around / better way solve this setup problem?
                        >>
                        >> So you just need to grab the local part of each address in the incomplete
                        >> relay_recipient_maps and add the generics domains to it, write the
                        >> address
                        >> into a new file and then postmap it and set it up as
                        >> relay_recipient_maps.
                        >>
                        >> # Just add these lines to your script
                        >> #
                        >> domains=("@..." "@..." "@...")
                        >> #
                        >> cat in_complete_relay_recipient_maps | while read line;

                        grep "example.com" cat in_complete_relay_recipient_maps | while read line;

                        >> do
                        >> {
                        >> user_name=`echo $line|cut -f1 -d"@"`
                        >> for i in `echo ${domains[*]}`; do
                        >> echo -e "$user_name$i" >> /etc/postfix/relay_recipients
                        >> done
                        >> }
                        >> done

                        Do another grep run for the other domain and adapt the domains list. There
                        are many ways to do this, but this is probably the easiest for you to
                        understand.

                        >>
                        > Tonight I'm gonna try this.
                        >
                        > This looks almost complete, but now every user has an mailaddress in
                        > every oldmaildomain. If this the limit for scripting maybe I need to
                        > accept this compromise.

                        See above. You can do almost anything with scripting/programming. What you
                        haven't seen is, that while the script will probably do exactly what you
                        want, there are no checks to verify that the script will only produce the
                        desired output.

                        One example is that the script assumes that there are NO empty lines in
                        in_complete_relay_recipient_maps. If an empty line is processed by that
                        script then the result would be...
                        @... OK
                        @... OK
                        ...

                        Which would make all the effort go to waste. The grep command will also
                        take care of that, since only lines which have example.com in it are given
                        to the script to be processed.

                        >> If you have a long list to process you might want to use a perl
                        >> script. This shell script is not the fastest.
                        > The table is not to large, So I think shell scripting will do for me,
                        > But if someone is willing to write a perl script for this, it would
                        > maybe a good idea to publish it somewhere in the howto and faqs page on
                        > the postfix website. The their effort servers a larger comunity.

                        Everyone has different needs, so it's just not practical to post a script
                        for general usage. The only common basis is that you have a file with
                        valid addresses.

                        >>> I accept only mail for the standard aliases which RFC want to be
                        >>> present (postmaster /abuse / etc)
                        >>> If the mailaddress@$myhostname doesn't resolve to a valid
                        >>> mailaddress, it bounce with user unknown. What is the problem with
                        >>> it? Or better asked: Do I miss anything, what I shouldn't miss?
                        >>
                        >> Does it really REJECT mails to invalid addresses or does it accept the
                        >> mails first and then BOUNCE the mails to the forged sender of the spam?
                        >>
                        > You mean if you don't specify a local_repipient_maps, mail for non local
                        > users will be accepted and rejected afterwards, resulting that my
                        > gatewaymailserver is responsible for delivering the Delvery
                        > Notification, which of cause fail by faked sender addresses?
                        > I will check this out.

                        No, if you don't specify a local_recipient_maps, the DEFAULT value for
                        local_recipient_maps is used. "postconf -d local_recipient_maps" gives
                        local_recipient_maps = proxy:unix:passwd.byname $alias_maps

                        If you specifically add "local_recipient_maps = ", you deactivate the
                        default with the result that no local_recipient_maps is checked.

                        Please check carefully if you bounce or actually reject. According to your
                        setup I would say you bounce (accept and later reject the complete mail).

                        Sandy
                        --
                        List replies only please!
                        Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
                      • John Knappers
                        ... Ok, tonight I will try this. Thanx for your effort. Some people say to me, you know a lot about Postfix, I reply them with, there always people be who
                        Message 11 of 15 , Oct 3, 2006
                        • 0 Attachment
                          >
                          >John Knappers wrote:
                          >
                          >>>>Now the problem is completely claer, can you (or anyone else) assist me
                          >>>>with the awk script additions to do this, because my scripting knowledge
                          >>>>is not suffient for this. :(
                          >>>
                          >>>Is user1@... the same as user1@...?
                          >>Not always,
                          >>Depents on how generic table. This makes it more difficult
                          >
                          >Not much more difficult. You only have to add another decision.
                          >
                          >>>
                          >>>>I have a relay_recipients_maps with all valid mail addresses, but only
                          >>>>for the consolidated domains, and I have a generic_maps file, with what
                          >>>>olddomains will be rewritten to what newdomains.
                          >>>>Or is there an other around / better way solve this setup problem?
                          >>>
                          >>>So you just need to grab the local part of each address in the incomplete
                          >>>relay_recipient_maps and add the generics domains to it, write the
                          >>>address
                          >>>into a new file and then postmap it and set it up as
                          >>>relay_recipient_maps.
                          >>>
                          >>># Just add these lines to your script
                          >>>#
                          >>>domains=("@..." "@..." "@...")
                          >>>#
                          >>>cat in_complete_relay_recipient_maps | while read line;
                          >
                          >grep "example.com" cat in_complete_relay_recipient_maps | while read line;
                          >
                          >>>do
                          >>>{
                          >>> user_name=`echo $line|cut -f1 -d"@"`
                          >>> for i in `echo ${domains[*]}`; do
                          >>> echo -e "$user_name$i" >> /etc/postfix/relay_recipients
                          >>> done
                          >>>}
                          >>>done
                          >
                          >Do another grep run for the other domain and adapt the domains list. There
                          >are many ways to do this, but this is probably the easiest for you to
                          >understand.
                          >
                          >>>
                          >>Tonight I'm gonna try this.
                          >>
                          >>This looks almost complete, but now every user has an mailaddress in every
                          >>oldmaildomain. If this the limit for scripting maybe I need to accept this
                          >>compromise.
                          >
                          >See above. You can do almost anything with scripting/programming. What you
                          >haven't seen is, that while the script will probably do exactly what you
                          >want, there are no checks to verify that the script will only produce the
                          >desired output.
                          >
                          >One example is that the script assumes that there are NO empty lines in
                          >in_complete_relay_recipient_maps. If an empty line is processed by that
                          >script then the result would be...
                          >@... OK
                          >@... OK
                          >...
                          >
                          >Which would make all the effort go to waste. The grep command will also
                          >take care of that, since only lines which have example.com in it are given
                          >to the script to be processed.
                          Ok, tonight I will try this.
                          Thanx for your effort. Some people say to me, you know a lot about Postfix,
                          I reply them with, there always people be who knows more about it or are
                          better then me, and sometimes I ask them for help.

                          >
                          >>>If you have a long list to process you might want to use a perl script.
                          >>>This shell script is not the fastest.
                          >>The table is not to large, So I think shell scripting will do for me, But
                          >>if someone is willing to write a perl script for this, it would maybe a
                          >>good idea to publish it somewhere in the howto and faqs page on the
                          >>postfix website. The their effort servers a larger comunity.
                          >
                          >Everyone has different needs, so it's just not practical to post a script
                          >for general usage. The only common basis is that you have a file with valid
                          >addresses.
                          >
                          >>>>I accept only mail for the standard aliases which RFC want to be present
                          >>>>(postmaster /abuse / etc)
                          >>>>If the mailaddress@$myhostname doesn't resolve to a valid mailaddress,
                          >>>>it bounce with user unknown. What is the problem with it? Or better
                          >>>>asked: Do I miss anything, what I shouldn't miss?
                          >>>
                          >>>Does it really REJECT mails to invalid addresses or does it accept the
                          >>>mails first and then BOUNCE the mails to the forged sender of the spam?
                          >>>
                          >>You mean if you don't specify a local_repipient_maps, mail for non local
                          >>users will be accepted and rejected afterwards, resulting that my
                          >>gatewaymailserver is responsible for delivering the Delvery Notification,
                          >>which of cause fail by faked sender addresses?
                          >>I will check this out.
                          >
                          >No, if you don't specify a local_recipient_maps, the DEFAULT value for
                          >local_recipient_maps is used. "postconf -d local_recipient_maps" gives
                          >local_recipient_maps = proxy:unix:passwd.byname $alias_maps
                          >
                          >If you specifically add "local_recipient_maps = ", you deactivate the
                          >default with the result that no local_recipient_maps is checked.
                          >
                          >Please check carefully if you bounce or actually reject. According to your
                          >setup I would say you bounce (accept and later reject the complete mail).
                          >
                          Your were right, I did miss something what I shouldn't miss. It accepted and
                          then bounced. I commented out the "local_recipients_maps =" and now unkwon
                          users are rejected before end of SMTP talking as it should

                          John

                          >Sandy
                          >--
                          >List replies only please!
                          >Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com

                          _________________________________________________________________
                          Een eigen webpagina voor foto's en weblog in 2 tellen!
                          http://spaces.live.com
                        • John Knappers
                          ... I m trying to create a nice script out of you suggetions, ans it start to work ! :) I changed: grep example.com cat in_complete_relay_recipient_maps |
                          Message 12 of 15 , Oct 4, 2006
                          • 0 Attachment
                            >John Knappers wrote:
                            >
                            >
                            >>>
                            >>># Just add these lines to your script
                            >>>#
                            >>>domains=("@..." "@..." "@...")
                            >>>#
                            >>>cat in_complete_relay_recipient_maps | while read line;
                            >
                            >grep "example.com" cat in_complete_relay_recipient_maps | while read line;
                            >
                            >>>do
                            >>>{
                            >>> user_name=`echo $line|cut -f1 -d"@"`
                            >>> for i in `echo ${domains[*]}`; do
                            >>> echo -e "$user_name$i" >> /etc/postfix/relay_recipients
                            >>> done
                            >>>}
                            >>>done
                            >
                            >Do another grep run for the other domain and adapt the domains list. There
                            >are many ways to do this, but this is probably the easiest for you to
                            >understand.
                            >
                            >>>
                            >>Tonight I'm gonna try this.
                            I'm trying to create a nice script out of you suggetions, ans it start to
                            work ! :)
                            I changed: grep "example.com" cat in_complete_relay_recipient_maps | while
                            read line;
                            in cat relay_recipients_imcomplete_smal |grep "domain1.com" | while read
                            line;
                            and
                            # echo -e "$user_name$i" >>
                            /home/john/testing/relay_recipients_smal in
                            printf "$user_name$i\tOK\n" >>
                            /home/john/testing/relay_recipients_smal
                            (was missing the tab and OK)

                            But there is one thing left I can't get fixed.
                            domains=("@..." "@..." "@...")
                            It would be nice it read this list out of the generic file(s). But I failed
                            to do so.
                            At the comand line I was able to at get the following output:
                            "@..." "@..." "@..."
                            with the syntax:
                            awk '!length < 1 && !/#/ && /@/h {printf ("\"%s\" ",$1)}' generic_smal
                            But is still misses the ( ) surrounding the domain list and adding the line:
                            domains=awk '!length < 1 && !/#/ && /@/h {printf ("\"%s\" ",$1)}'
                            generic_smal
                            causes the script to fail
                            Sandy, do you know how to do this right?
                            Thanx for you efford.

                            John

                            _________________________________________________________________
                            Ontmoet nieuwe vrienden via je eigen vrienden! http://spaces.live.com
                          • Sandy Drobic
                            ... It gives the same result though my direct grep needs one command (cat) less, so it s a bit less overhead. ... Correct. It doesn t really matter, what the
                            Message 13 of 15 , Oct 5, 2006
                            • 0 Attachment
                              John Knappers wrote:
                              >> John Knappers wrote:
                              >>
                              >>
                              >>>>
                              >>>> # Just add these lines to your script
                              >>>> #
                              >>>> domains=("@..." "@..." "@...")
                              >>>> #
                              >>>> cat in_complete_relay_recipient_maps | while read line;
                              >>
                              >> grep "example.com" cat in_complete_relay_recipient_maps | while read
                              >> line;
                              >>
                              >>>> do
                              >>>> {
                              >>>> user_name=`echo $line|cut -f1 -d"@"`
                              >>>> for i in `echo ${domains[*]}`; do
                              >>>> echo -e "$user_name$i" >> /etc/postfix/relay_recipients
                              >>>> done
                              >>>> }
                              >>>> done
                              >>
                              >> Do another grep run for the other domain and adapt the domains list.
                              >> There are many ways to do this, but this is probably the easiest for
                              >> you to understand.
                              >>
                              >>>>
                              >>> Tonight I'm gonna try this.
                              > I'm trying to create a nice script out of you suggetions, ans it start
                              > to work ! :)
                              > I changed: grep "example.com" cat in_complete_relay_recipient_maps |
                              > while read line;
                              > in cat relay_recipients_imcomplete_smal |grep "domain1.com" | while read
                              > line;

                              It gives the same result though my direct grep needs one command (cat)
                              less, so it's a bit less overhead.

                              > and
                              > # echo -e "$user_name$i" >>
                              > /home/john/testing/relay_recipients_smal in
                              > printf "$user_name$i\tOK\n" >>
                              > /home/john/testing/relay_recipients_smal
                              > (was missing the tab and OK)

                              Correct. It doesn't really matter, what the result is, though. You could
                              also return the key again, which is sometimes nice for debugging work.
                              Postfix doesn't care as long as the lookup is successful it doesn't use
                              the result in any way (for relay_recipient_maps).

                              > But there is one thing left I can't get fixed.
                              > domains=("@..." "@..." "@...")
                              > It would be nice it read this list out of the generic file(s). But I
                              > failed to do so.
                              > At the comand line I was able to at get the following output:
                              > "@..." "@..." "@..."
                              > with the syntax:
                              > awk '!length < 1 && !/#/ && /@/h {printf ("\"%s\" ",$1)}' generic_smal
                              > But is still misses the ( ) surrounding the domain list and adding the
                              > line:
                              > domains=awk '!length < 1 && !/#/ && /@/h {printf ("\"%s\" ",$1)}'
                              > generic_smal
                              > causes the script to fail
                              > Sandy, do you know how to do this right?
                              > Thanx for you efford.

                              # set domainsnew as result of awk command (one line!)
                              domainsnew=`awk '!length < 1 && !/#/ && /@/h {printf ("\"%s\" ",$1)}'
                              generic`
                              arraydom=($domainsnew)
                              echo $domainsnew
                              # number of elements in array
                              echo ${#arraydom[*]}

                              Sandy
                              --
                              List replies only please!
                              Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
                            Your message has been successfully submitted and would be delivered to recipients shortly.