Loading ...
Sorry, an error occurred while loading the content.

cname resolution

Expand Messages
  • Huaqing Zheng
    I have a sort of odd dilemma. My company maps user their respective IMAP servers using the CNAME .pobox.foobar.com. The user s @foobar.com s forwarding
    Message 1 of 9 , Feb 28, 2007
    • 0 Attachment
      I have a sort of odd dilemma. My company maps user their respective
      IMAP servers using the CNAME <user>.pobox.foobar.com. The user's
      @...'s forwarding addresses is stored in LDAP. For example, if
      you send mail to user@..., postfix looks up the forwarding
      addresses for user in LDAP and returns

      user@...
      user@...

      This all works and is fine. However, for our mailman server, this is
      causing some bottlenecks. Since we have lists with thousands of users
      and each user's forwarding address resolves to
      <user>@<user>.pobox.foobar.com, postfix is delivering the mail to each
      user separately, instead of resolving the CNAME
      <user>.pobox.foobar.com down to one of a dozen real IMAP servers and
      delivering to multiple recipients on the IMAP server in one shot. Is
      there any way to force Postfix resolve the CNAME to the A record after
      the alias lookup? I tried messing with the
      smtp_cname_overrides_servername option to no avail.

      --
      Huaqing Zheng
      Beer and Code Wrangler at Large
    • Victor Duchovni
      ... This would have to happen pre-queue in virtual_alias_maps, mapping mapping each CNAME back to the real server. As cleanup(8) does not do DNS lookups, you
      Message 2 of 9 , Feb 28, 2007
      • 0 Attachment
        On Wed, Feb 28, 2007 at 03:09:45PM -0800, Huaqing Zheng wrote:

        > I have a sort of odd dilemma. My company maps user their respective
        > IMAP servers using the CNAME <user>.pobox.foobar.com. The user's
        > @...'s forwarding addresses is stored in LDAP. For example, if
        > you send mail to user@..., postfix looks up the forwarding
        > addresses for user in LDAP and returns
        >
        > user@...
        > user@...
        >
        > This all works and is fine. However, for our mailman server, this is
        > causing some bottlenecks. Since we have lists with thousands of users
        > and each user's forwarding address resolves to
        > <user>@<user>.pobox.foobar.com, postfix is delivering the mail to each
        > user separately, instead of resolving the CNAME
        > <user>.pobox.foobar.com down to one of a dozen real IMAP servers and
        > delivering to multiple recipients on the IMAP server in one shot. Is
        > there any way to force Postfix resolve the CNAME to the A record after
        > the alias lookup? I tried messing with the
        > smtp_cname_overrides_servername option to no avail.

        This would have to happen "pre-queue" in virtual_alias_maps, mapping
        mapping each CNAME back to the real server. As cleanup(8) does not do
        DNS lookups, you have to rethink your design.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • Steven F Siirila
        ... FWIW, we have used that design (username.something.umn.edu as IMAP server, username@umn.edu as e-mail address) for 15 years now. However, we do not use
        Message 3 of 9 , Feb 28, 2007
        • 0 Attachment
          On Wed, Feb 28, 2007 at 06:15:51PM -0500, Victor Duchovni wrote:
          > On Wed, Feb 28, 2007 at 03:09:45PM -0800, Huaqing Zheng wrote:
          >
          > > I have a sort of odd dilemma. My company maps user their respective
          > > IMAP servers using the CNAME <user>.pobox.foobar.com. The user's
          > > @...'s forwarding addresses is stored in LDAP. For example, if
          > > you send mail to user@..., postfix looks up the forwarding
          > > addresses for user in LDAP and returns
          > >
          > > user@...
          > > user@...
          > >
          > > This all works and is fine. However, for our mailman server, this is
          > > causing some bottlenecks. Since we have lists with thousands of users
          > > and each user's forwarding address resolves to
          > > <user>@<user>.pobox.foobar.com, postfix is delivering the mail to each
          > > user separately, instead of resolving the CNAME
          > > <user>.pobox.foobar.com down to one of a dozen real IMAP servers and
          > > delivering to multiple recipients on the IMAP server in one shot. Is
          > > there any way to force Postfix resolve the CNAME to the A record after
          > > the alias lookup? I tried messing with the
          > > smtp_cname_overrides_servername option to no avail.
          >
          > This would have to happen "pre-queue" in virtual_alias_maps, mapping
          > mapping each CNAME back to the real server. As cleanup(8) does not do
          > DNS lookups, you have to rethink your design.

          FWIW, we have used that design (username.something.umn.edu as IMAP server,
          username@... as e-mail address) for 15 years now. However, we do not
          use Postfix on our outward facing MX servers.

          --

          Steven F. Siirila Office: Lind Hall, Room 130B
          Internet Services E-mail: sfs@...
          Office of Information Technology Voice: (612) 626-0244
          University of Minnesota Fax: (612) 626-7593
        • Huaqing Zheng
          ... Urg. That s what I was afraid of. Unfortunately, redoing this design is out of the question since I inherited this ball of wax. We just switched from
          Message 4 of 9 , Feb 28, 2007
          • 0 Attachment
            On 2/28/07, Victor Duchovni <Victor.Duchovni@...> wrote:
            > This would have to happen "pre-queue" in virtual_alias_maps, mapping
            > mapping each CNAME back to the real server. As cleanup(8) does not do
            > DNS lookups, you have to rethink your design.

            Urg. That's what I was afraid of. Unfortunately, redoing this design
            is out of the question since I inherited this ball of wax. We just
            switched from majordomo/sendmail to mailman/postfix which is why I'm
            only seeing the problem now. Sendmail did the CNAME to A record
            lookup.

            Well, I'll continue to poke at this thing and see if I can come up
            with a fix. Maybe I'll hack openldap to map the CNAME back to the A
            record before passing the results back to postfix.

            Thanks.
            --
            Huaqing Zheng
            Beer and Code Wrangler at Large
          • Huaqing Zheng
            ... The mx and smtp servers aren t the problem since they don t get messages addressed to thousands of recipients. The mailing list server is a whole
            Message 5 of 9 , Feb 28, 2007
            • 0 Attachment
              On 2/28/07, Steven F Siirila <sfs@...> wrote:
              > FWIW, we have used that design (username.something.umn.edu as IMAP server,
              > username@... as e-mail address) for 15 years now. However, we do not
              > use Postfix on our outward facing MX servers.

              The mx and smtp servers aren't the problem since they don't get
              messages addressed to thousands of recipients. The mailing list
              server is a whole different ball of wax.

              --
              Huaqing Zheng
              Beer and Code Wrangler at Large
            • Steven F Siirila
              ... I guess the difference between us is that we do not advertise username@username.something.umn.edu as the user s e-mail address (though it does work). --
              Message 6 of 9 , Feb 28, 2007
              • 0 Attachment
                On Wed, Feb 28, 2007 at 03:42:29PM -0800, Huaqing Zheng wrote:
                > On 2/28/07, Steven F Siirila <sfs@...> wrote:
                > >FWIW, we have used that design (username.something.umn.edu as IMAP server,
                > >username@... as e-mail address) for 15 years now. However, we do not
                > >use Postfix on our outward facing MX servers.
                >
                > The mx and smtp servers aren't the problem since they don't get
                > messages addressed to thousands of recipients. The mailing list
                > server is a whole different ball of wax.

                I guess the difference between us is that we do not advertise
                username@... as the user's e-mail address
                (though it does work).

                --

                Steven F. Siirila Office: Lind Hall, Room 130B
                Internet Services E-mail: sfs@...
                Office of Information Technology Voice: (612) 626-0244
                University of Minnesota Fax: (612) 626-7593
              • Victor Duchovni
                ... The IP address will not do any good if this address rewriting rather than a gateway setting. What envelope recipient address do the backend IMAP servers
                Message 7 of 9 , Feb 28, 2007
                • 0 Attachment
                  On Wed, Feb 28, 2007 at 03:31:47PM -0800, Huaqing Zheng wrote:

                  > On 2/28/07, Victor Duchovni <Victor.Duchovni@...> wrote:
                  > >This would have to happen "pre-queue" in virtual_alias_maps, mapping
                  > >mapping each CNAME back to the real server. As cleanup(8) does not do
                  > >DNS lookups, you have to rethink your design.
                  >
                  > Urg. That's what I was afraid of. Unfortunately, redoing this design
                  > is out of the question since I inherited this ball of wax. We just
                  > switched from majordomo/sendmail to mailman/postfix which is why I'm
                  > only seeing the problem now. Sendmail did the CNAME to A record
                  > lookup.
                  >
                  > Well, I'll continue to poke at this thing and see if I can come up
                  > with a fix. Maybe I'll hack openldap to map the CNAME back to the A
                  > record before passing the results back to postfix.

                  The IP address will not do any good if this address rewriting rather
                  than a gateway setting. What envelope recipient address do the backend
                  IMAP servers expect?

                  RCPT TO:<user@...>
                  OR
                  RCPT TO:<user@...>

                  The best way to do this with Postfix is to use virtual_alias_maps
                  to rewrite:

                  user@... -> user@some-imap-host@...

                  and deliver that envelope to the IMAP server, (though you can use
                  smtp_generic_maps to reverse the mapping and give the IMAP server the
                  original address).

                  The second best is to use per-user transport_maps, and somehow resolve:

                  user@... smtp:[some-imap-host-or-ip-address]
                  OR
                  user@... lmtp:inet:[some-imap-host-or-ip-address]

                  this gives the IMAP server the original address. Your current design is
                  not compatible with queue managers that manage separate logical queues
                  to each destination prior to delivery and MX resolution...

                  Changing the OpenLDAP source code to do your DNS lookups also seems unwise
                  (don't burden your successors with that customization).

                  Consider making the list processing Postfix instance use a fixed SMTP
                  proxy as a relayhost, with the proxy doing the rewriting to the physical
                  IMAP server (DNS lookup, ...) and handling the mail back to Postfix?
                  Set a large destination recipient limit into and the proxy to improve
                  batching, and a large smtpd_recipient_limit for the sink behind the proxy.

                  --
                  Viktor.

                  Disclaimer: off-list followups get on-list replies or get ignored.
                  Please do not ignore the "Reply-To" header.

                  To unsubscribe from the postfix-users list, visit
                  http://www.postfix.org/lists.html or click the link below:
                  <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                  If my response solves your problem, the best way to thank me is to not
                  send an "it worked, thanks" follow-up. If you must respond, please put
                  "It worked, thanks" in the "Subject" so I can delete these quickly.
                • Wietse Venema
                  ... /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: .pobox.foobar.com smtp:pobox.foobar.com This will bundle
                  Message 8 of 9 , Mar 1, 2007
                  • 0 Attachment
                    Huaqing Zheng:
                    > I have a sort of odd dilemma. My company maps user their respective
                    > IMAP servers using the CNAME <user>.pobox.foobar.com. The user's
                    > @...'s forwarding addresses is stored in LDAP. For example, if
                    > you send mail to user@..., postfix looks up the forwarding
                    > addresses for user in LDAP and returns
                    >
                    > user@...
                    > user@...
                    >
                    > This all works and is fine. However, for our mailman server, this is
                    > causing some bottlenecks. Since we have lists with thousands of users
                    > and each user's forwarding address resolves to
                    > <user>@<user>.pobox.foobar.com, postfix is delivering the mail to each
                    > user separately, instead of resolving the CNAME
                    > <user>.pobox.foobar.com down to one of a dozen real IMAP servers and
                    > delivering to multiple recipients on the IMAP server in one shot. Is

                    /etc/postfix/main.cf:
                    transport_maps = hash:/etc/postfix/transport

                    /etc/postfix/transport:
                    .pobox.foobar.com smtp:pobox.foobar.com

                    This will bundle different <user>.pobox.foobar.com deliveries
                    in the same mail delivery transaction.

                    Wietse

                    > there any way to force Postfix resolve the CNAME to the A record after
                    > the alias lookup? I tried messing with the
                    > smtp_cname_overrides_servername option to no avail.
                    >
                    > --
                    > Huaqing Zheng
                    > Beer and Code Wrangler at Large
                    >
                    >
                  • Victor Duchovni
                    ... The OP s problem is that not .pobox.foobar.com destinations are the same, the logical to physical mapping has a large domain and small range. The
                    Message 9 of 9 , Mar 1, 2007
                    • 0 Attachment
                      On Thu, Mar 01, 2007 at 07:16:41AM -0500, Wietse Venema wrote:

                      > Huaqing Zheng:
                      > > I have a sort of odd dilemma. My company maps user their respective
                      > > IMAP servers using the CNAME <user>.pobox.foobar.com. The user's
                      > > @...'s forwarding addresses is stored in LDAP. For example, if
                      > > you send mail to user@..., postfix looks up the forwarding
                      > > addresses for user in LDAP and returns
                      > >
                      > > user@...
                      > > user@...
                      > >
                      > > This all works and is fine. However, for our mailman server, this is
                      > > causing some bottlenecks. Since we have lists with thousands of users
                      > > and each user's forwarding address resolves to
                      > > <user>@<user>.pobox.foobar.com, postfix is delivering the mail to each
                      > > user separately, instead of resolving the CNAME
                      > > <user>.pobox.foobar.com down to one of a dozen real IMAP servers and
                      > > delivering to multiple recipients on the IMAP server in one shot. Is
                      >
                      > /etc/postfix/main.cf:
                      > transport_maps = hash:/etc/postfix/transport
                      >
                      > /etc/postfix/transport:
                      > .pobox.foobar.com smtp:pobox.foobar.com
                      >
                      > This will bundle different <user>.pobox.foobar.com deliveries
                      > in the same mail delivery transaction.

                      The OP's problem is that not <mumble>.pobox.foobar.com destinations
                      are the same, the logical to physical mapping has a large domain and
                      small range. The domain is the set of users, the range is the set of
                      IMAP servers which have per-user CNAME records in DNS. This design
                      breaks a-priori grouping of users by the "actual" nexthop, requiring
                      CNAME expansion first, which Postfix will not (and should not) do in
                      the active queue.

                      --
                      Viktor.

                      Disclaimer: off-list followups get on-list replies or get ignored.
                      Please do not ignore the "Reply-To" header.

                      To unsubscribe from the postfix-users list, visit
                      http://www.postfix.org/lists.html or click the link below:
                      <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                      If my response solves your problem, the best way to thank me is to not
                      send an "it worked, thanks" follow-up. If you must respond, please put
                      "It worked, thanks" in the "Subject" so I can delete these quickly.
                    Your message has been successfully submitted and would be delivered to recipients shortly.