Loading ...
Sorry, an error occurred while loading the content.

check_recipient_access and transport maps question

Expand Messages
  • Alex
    Hi, I have a postfix-2.9.5 install on fc16 which manages mail for a few domains. The server just relays mail for a few domains and doesn t deliver any mail
    Message 1 of 3 , Mar 9, 2013
    • 0 Attachment
      Hi,

      I have a postfix-2.9.5 install on fc16 which manages mail for a few
      domains. The server just relays mail for a few domains and doesn't
      deliver any mail locally.

      The question I have is regarding precedence. Is the
      smtpd_recipient_restrictions consulted before transport_maps?

      I have a few check_recipient_access, listing each user that exists on
      the remote system, so as to reject any mail for non-existent users.
      However, I've noticed that one of my check_recipient_access maps is
      missing, yet there doesn't appear to be any mail bouncing. Does this
      mean it is all being forwarded to the remote system?

      The transport map looks like this:

      mail01.myserver.com local:
      example.com smtp:[206.111.222.20]
      cs.example.com smtp:[206.111.222.20]
      .cs.example.com smtp:[206.111.222.20]
      mail1.prop.example.com smtp:[66.123.218.101]
      prop.example.com smtp:[66.123.218.100]
      .prop.example.com smtp:[66.123.218.100]

      Is it possible to even specify just mail for the
      mail1.prop.example.com host to be forwarded to a separate host when
      I've also specified the entire domain be forwarded to a different
      host?

      I've included my postconf below.

      alias_database = hash:/etc/postfix/aliases
      alias_maps = hash:/etc/postfix/aliases
      allow_mail_to_files = alias,forward
      always_bcc = bcc-user
      biff = no
      body_checks = regexp:/etc/postfix/body_checks.pcre
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      content_filter = smtp-amavis:[127.0.0.1]:10024
      daemon_directory = /usr/libexec/postfix
      data_directory = /var/lib/postfix
      default_process_limit = 200
      delay_warning_time = 4h
      disable_vrfy_command = yes
      fallback_relay =
      header_checks = pcre:/etc/postfix/header_checks.pcre
      pcre:/etc/postfix/header_checks-jimsun.pcre
      html_directory = no
      inet_protocols = ipv4
      mail_owner = postfix
      mailbox_command = /usr/bin/procmail
      mailbox_size_limit = 200000000
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/share/man
      maximal_queue_lifetime = 2d
      message_size_limit = 13312000
      mime_header_checks = pcre:/etc/postfix/mime_header_checks
      mydestination = $myhostname, localhost.$mydomain
      mydomain = mycompany.com
      myhostname = mail01.mycompany.com
      mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.6.0/24,
      68.111.193.40/29, 64.111.16.0/27, 206.111.161.45/32, 206.111.174.45/32
      newaliases_path = /usr/bin/newaliases
      postscreen_access_list = permit_mynetworks,
      cidr:/etc/postfix/postscreen_access.cidr
      postscreen_blacklist_action = enforce
      postscreen_dnsbl_action = enforce
      postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net*2
      b.barracudacentral.org*1 psbl.surriel.com*1 list.dnswl.org*-2
      postscreen_dnsbl_threshold = 2
      postscreen_greet_action = enforce
      queue_directory = /var/spool/postfix
      rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
      readme_directory = /usr/share/doc/postfix-2.9.5/README_FILES
      relay_domains = $mydestination, $transport_maps, example.com,
      cs.example.com, prop.example.com, mycompany.com
      sample_directory = /usr/share/doc/postfix-2.9.5/samples
      sendmail_path = /usr/sbin/sendmail
      setgid_group = postdrop
      smtpd_helo_required = yes
      smtpd_recipient_restrictions = reject_non_fqdn_recipient,
      check_client_access hash:/etc/postfix/client_checks_special,
      check_sender_access hash:/etc/postfix/sender_checks_special,
      reject_non_fqdn_sender, reject_unlisted_recipient, permit_mynetworks,
      reject_unauth_destination, reject_unknown_sender_domain,
      reject_unknown_recipient_domain, reject_rhsbl_reverse_client
      mykey.dbl.dq.spamhaus.net, reject_rhsbl_sender
      mykey.dbl.dq.spamhaus.net, reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
      check_helo_access pcre:/etc/postfix/helo_checks.pcre,
      reject_invalid_helo_hostname, check_client_access
      hash:/etc/postfix/client_checks, check_sender_access
      hash:/etc/postfix/sender_checks, check_recipient_access
      pcre:/etc/postfix/relay_recips_seg, check_recipient_access
      pcre:/etc/postfix/relay_recips_access, check_recipient_access
      pcre:/etc/postfix/property_recip_map, check_recipient_access
      check_recipient_access pcre:/etc/postfix/recipient_checks,
      check_recipient_access pcre:/etc/postfix/_relay_recip_checks,
      check_recipient_access permit
      transport_maps = hash:/etc/postfix/transport
      virtual_alias_maps = hash:/etc/postfix/virtual, hash:/etc/postfix/virtual-seg

      Thanks,
      Alex
    • Reindl Harald
      ... be specific in your configuration avoid .domain.tld mail1.prop.example.com smtp:[66.123.218.101] prop.example.com smtp:[66.123.218.100] works,
      Message 2 of 3 , Mar 9, 2013
      • 0 Attachment
        Am 09.03.2013 23:41, schrieb Alex:
        > Hi,
        >
        > I have a postfix-2.9.5 install on fc16 which manages mail for a few
        > domains. The server just relays mail for a few domains and doesn't
        > deliver any mail locally.
        >
        > The question I have is regarding precedence. Is the
        > smtpd_recipient_restrictions consulted before transport_maps?
        >
        > I have a few check_recipient_access, listing each user that exists on
        > the remote system, so as to reject any mail for non-existent users.
        > However, I've noticed that one of my check_recipient_access maps is
        > missing, yet there doesn't appear to be any mail bouncing. Does this
        > mean it is all being forwarded to the remote system?
        >
        > The transport map looks like this:
        >
        > mail01.myserver.com local:
        > example.com smtp:[206.111.222.20]
        > cs.example.com smtp:[206.111.222.20]
        > .cs.example.com smtp:[206.111.222.20]
        > mail1.prop.example.com smtp:[66.123.218.101]
        > prop.example.com smtp:[66.123.218.100]
        > .prop.example.com smtp:[66.123.218.100]
        >
        > Is it possible to even specify just mail for the
        > mail1.prop.example.com host to be forwarded to a separate host when
        > I've also specified the entire domain be forwarded to a different
        > host?

        be specific in your configuration
        avoid .domain.tld

        mail1.prop.example.com smtp:[66.123.218.101]
        prop.example.com smtp:[66.123.218.100]

        works, for postfix these are two completly different domains

        .prop.example.com smtp:[66.123.218.100]

        is additionally to mouch
      • Alex
        Hi, ... Okay, I have done this. Are the domains with the preceding period not necessary because mail to any specific host in that domain would go directly to
        Message 3 of 3 , Mar 9, 2013
        • 0 Attachment
          Hi,

          >> I have a postfix-2.9.5 install on fc16 which manages mail for a few
          >> domains. The server just relays mail for a few domains and doesn't
          >> deliver any mail locally.
          >>
          >> The question I have is regarding precedence. Is the
          >> smtpd_recipient_restrictions consulted before transport_maps?
          >>
          >> I have a few check_recipient_access, listing each user that exists on
          >> the remote system, so as to reject any mail for non-existent users.
          >> However, I've noticed that one of my check_recipient_access maps is
          >> missing, yet there doesn't appear to be any mail bouncing. Does this
          >> mean it is all being forwarded to the remote system?
          >>
          >> The transport map looks like this:
          >>
          >> mail01.myserver.com local:
          >> example.com smtp:[206.111.222.20]
          >> cs.example.com smtp:[206.111.222.20]
          >> .cs.example.com smtp:[206.111.222.20]
          >> mail1.prop.example.com smtp:[66.123.218.101]
          >> prop.example.com smtp:[66.123.218.100]
          >> .prop.example.com smtp:[66.123.218.100]
          >>
          >> Is it possible to even specify just mail for the
          >> mail1.prop.example.com host to be forwarded to a separate host when
          >> I've also specified the entire domain be forwarded to a different
          >> host?
          >
          > be specific in your configuration
          > avoid .domain.tld
          >
          > mail1.prop.example.com smtp:[66.123.218.101]
          > prop.example.com smtp:[66.123.218.100]
          >
          > works, for postfix these are two completly different domains
          >
          > .prop.example.com smtp:[66.123.218.100]
          >
          > is additionally to mouch

          Okay, I have done this. Are the domains with the preceding period not
          necessary because mail to any specific host in that domain would go
          directly to the host itself, and never pass through this server
          anyway?

          I'm trying to test a new host to receive mail from this relay. I'm
          trying to figure out if it's possible to use a transport map to send
          mail for specific users to this new test system,
          mail1.prop.example.com. Can this be done?

          In other words, using a sender at aol.com for example, I'd like to do this:

          user@... -> user1@... managed by relayhost ->
          mail1.prop.example.com
          user@... -> user2@... managed by relayhost ->
          mail2.prop.example.com

          mail2 is the current production server where all mail from the
          relayhost is currently forwarded. It's the prop.example.com in the
          transport map above.

          The only other way for me to test whether mail1.prop.example.com can
          successfully receive mail is to send mail to it directly, which is not
          a true test.

          Thanks,
          Alex
        Your message has been successfully submitted and would be delivered to recipients shortly.