Loading ...
Sorry, an error occurred while loading the content.

Re: Virtual domain and masquerading

Expand Messages
  • Viktor Dukhovni
    ... There s nothing to manage, just set myorigin = $mydomain on each null client, and enable masquerading there. Null clients only receive mail from local
    Message 1 of 26 , Mar 14, 2013
    View Source
    • 0 Attachment
      On Thu, Mar 14, 2013 at 03:19:59PM +0100, Ansgar Wiechers wrote:

      > On 2013-03-14 Gerald Vogt wrote:
      > > On 14.03.2013 12:10, DTNX Postmaster wrote:
      > >>> It seems easier to me to keep the configuration on 100+ servers as
      > >>> simple as possible and do all the rewriting on the central relays.
      > >>> Seems to be the better approach to me. That's why I came up with
      > >>> this.
      > >>
      > >> Solve the problem at the source; masquerade on each individual
      > >> server, and avoid jumping through hoops on the central relay.
      > >>
      > >> Easier to maintain. Scales better, too.
      > >
      > > IMHO, maintaining consistent postfix configurations on 100+ servers is
      > > definitively harder than a handful of relay servers with a fixed
      > > configuration on the other servers.
      >
      > That's what configuration management was invented for. You may want to
      > look into puppet et al.

      There's nothing to manage, just set "myorigin = $mydomain" on each
      null client, and enable masquerading there. Null clients only
      receive mail from local submission (and loopback:25) so doing
      masquerading there is safe and natural.

      The MULTI_INSTANCE_README.html document happens to contain a
      reasonaly complete null-client recipe, start there and tweak to
      requirements. Once configured, these stay stable.

      As for mailhubs, my advice is to separate the MSA mailhub
      (the one the null clients are configured to sent to), from
      the MTA mailhub (the one routing internal mail to various
      mailbox servers and to the outside).

      The MSA mailhub can also do masquerading safely, and recipient
      validation is not an issue there, it does not receive mail from
      outside.

      All this assumes an organization large enough that masquerading is
      of some interest in the first place, and you have lots of sub-domains,
      and multiple IP addresses to play with to deploy dedicated service
      endpoints.

      --
      Viktor.
    • Gerald Vogt
      ... Well, it s not that simple. In fact, I don t want to masquerade everything in example.com but most except a few servers which require e-mails (list
      Message 2 of 26 , Mar 14, 2013
      View Source
      • 0 Attachment
        On 14.03.2013 21:19, Viktor Dukhovni wrote:
        > There's nothing to manage, just set "myorigin = $mydomain" on each
        > null client, and enable masquerading there. Null clients only
        > receive mail from local submission (and loopback:25) so doing
        > masquerading there is safe and natural.

        Well, it's not that simple. In fact, I don't want to masquerade
        everything in example.com but most except a few servers which require
        e-mails (list servers, some for historical reasons...) This list may
        change...

        -Gerald
      Your message has been successfully submitted and would be delivered to recipients shortly.