Re: relay_recipient_maps and transport_maps
- Excellent, thanks very much for the advice Noel. In particular, glad to hear wildcard entries won't open me up to accepting more than desired!I'll split up transport and implement as you suggest ;) I am trying hard to avoid makefiles for my pretty static configurations, but I'll keep that in mind if the box configurations start differing too much.On Wed, Mar 20, 2013 at 2:17 PM, Noel Jones <njones@...> wrote:On 3/20/2013 1:05 PM, Jon A. wrote:You can reuse a transport map as a relay_recipients_map, but better
> I've a number of "nobody" type aliases that I map in transport_maps
> to the discard service. Our incoming MX boxes also reject mail
> based on the valid userlist from our internal mail server.
> It would appear that the relay_recipient_maps is applied before
> transport, thus anything listed in transport that isn't also in
> relay_recipients_maps bounces.
> The obvious solution would be to add the various "nobody" users to
> the recipient table, however that's generated off box and moved
> over/rebuilt via remote ssh cron job. I'd have to maintain the
> transport list in two places for that box to push the complete list
> to all our incoming mx servers.
> My second thought is to maintain two relay_recipient_maps table
> entries, something like:
> relay_recipient_maps = hash:/etc/postfix/primary_mail_recipients,
> As the documentation indicates it only cares if a recipient lookup
> succeeds (and not the return value), is it reasonable to expect I
> could just use the transport_maps file both cases without issue?
> Right now transport is pretty simple but the documentation in the
> transports file indicates wildcards are possible. Would this be a
> bad choice to implement not knowing what may ultimately end up in
> this file in the future?
> Are there other best practices that better solve this problem?
to name it something else so you don't accidentally add eg. a
hotmail transport and become an open relay.
# in your case, the transport file might be empty
# but "postmap transport" it anyway.
# relay_transport contains relay recipients
An alternative is to use a simple Makefile to build both files from
a common list of names. Google has examples.
-- Noel Jones
- On 3/20/2013 1:22 PM, Jon A. wrote:
> Excellent, thanks very much for the advice Noel. In particular,I didn't address wildcards...
> glad to hear wildcard entries won't open me up to accepting more
> than desired!
The wildcard syntax for transport_maps is different from that used
in relay_recipient_maps, so a wildcard transport or a domain
transport shouldn't defeat recipient validation in relay_recipient_maps.
>Don't knock Makefiles -- they're a great way to automate simple
> I'll split up transport and implement as you suggest ;) I am
> trying hard to avoid makefiles for my pretty static configurations,
> but I'll keep that in mind if the box configurations start differing
> too much.
multi-step processes, and they're easy to set up (although a first
attempt might take a few tries due to the unique syntax).
-- Noel Jones