Loading ...
Sorry, an error occurred while loading the content.

smtp relay insertion between internet and mx

Expand Messages
  • Fabio Sangiovanni
    Hello list, I need to put a SMTP relay between Internet and my company s mx (which stores inboxes), in order to do some processing. Current situation is that
    Message 1 of 3 , Sep 3, 2013
    • 0 Attachment
      Hello list,

      I need to put a SMTP relay between Internet and my company's mx (which
      stores inboxes), in order to do some processing.
      Current situation is that the mx receives messages directly from the
      Internet, without hops inbetween; on the mx, postfix is configured to
      retrieve allowed recipients from a mysql database, in particular with
      the following directives in main.cf:

      virtual_mailbox_domains =
      proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
      virtual_mailbox_maps =
      proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf,
      proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf

      On the relay, I'm going to use a relay domain address class, with the
      following directives:

      relay_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
      relay_recipient_maps =
      proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf,
      proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf
      relay_transport = relay:[my.mx.ip]

      At the moment, everything is working as expected; of course my goal is
      preserving access policies: I need to accept/reject the same recipients
      before and after the relay adoption (smtpd_recipient_restrictions will
      also be the same, obviously).
      Do you see any outstanding issues in this particular confiuguration,
      provided that the database will be exactly the same? According to the
      docs, maps referred by those directives should be identical in syntax,
      so a swap shouldn't be problematic.

      Summary:
      current situation: internet -> mx
      wanted configuration: internet -> relay -> mx, with the same allowed
      recipients

      Please let me know if you need more information on my setup.

      Thanks,

      Fabio Sangiovanni
    • Wietse Venema
      ... One subtle difference is that for historical reasons relay_domains matches subdomains by default (i.e. example.com matches foo.example.com) while
      Message 2 of 3 , Sep 3, 2013
      • 0 Attachment
        Fabio Sangiovanni:
        > Hello list,
        >
        > I need to put a SMTP relay between Internet and my company's mx (which
        > stores inboxes), in order to do some processing.
        > Current situation is that the mx receives messages directly from the
        > Internet, without hops inbetween; on the mx, postfix is configured to
        > retrieve allowed recipients from a mysql database, in particular with
        > the following directives in main.cf:
        >
        > virtual_mailbox_domains =
        > proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
        > virtual_mailbox_maps =
        > proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf,
        > proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf
        >
        > On the relay, I'm going to use a relay domain address class, with the
        > following directives:
        >
        > relay_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
        > relay_recipient_maps =
        > proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf,
        > proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf
        > relay_transport = relay:[my.mx.ip]

        One subtle difference is that for historical reasons relay_domains
        matches subdomains by default (i.e. example.com matches foo.example.com)
        while virtual_mailbox_domains does not.

        To avoid surprises you may want to set parent_domain_matches_subdomains
        explicitly, without "relay_domains". You could specify an empty
        value, or just "parent_domain_matches_subdomains = smtpd_access_maps".

        There are some tips in STANDARD_CONFIGURATION_README to ensure that
        Postfix does something reasonable with mail addressed to
        user@[gateway-ipaddress].

        http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

        Wietse
      • Fabio Sangiovanni
        ... Thanks Wietse, very helpful. Fabio
        Message 3 of 3 , Sep 3, 2013
        • 0 Attachment
          Wietse Venema <wietse <at> porcupine.org> writes:

          > One subtle difference is that for historical reasons relay_domains
          > matches subdomains by default (i.e. example.com matches foo.example.com)
          > while virtual_mailbox_domains does not.
          > [...]
          > http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
          >
          > Wietse

          Thanks Wietse, very helpful.

          Fabio
        Your message has been successfully submitted and would be delivered to recipients shortly.