> On Mar 26, 2023, at 16:23, Viktor Dukhovni via Postfix-users
> <postfix-users@postfix.org> wrote:
>
>> ...
>
> Well, this does not have the "inline:{{...}}" guard.
>
>>> incoming_smtpd_restrictions =
>>> check_policy_service inet:127.0.0.1:10040,
>>> reject_invalid_hostname,
>>> reject_non_fqdn_sender,
>>> reject_non_fqdn_recipient,
>>> check_sender_access inline:{
>>> {digitalinsight.firefightersfirstcreditunion.org =
>>> permit_auth_destination}
>>> },
>>> reject_unknown_sender_domain,
>
>>
>
> You can now either whitelist the client IP, or the exclude the domain
> name from tests of DNS existence. Use whatever you think is most
> manageable (I'd go with exempting the name).
I decided to go with exempting the name as shown above. It works. However, I
have been studying the recommended:
http://www.postfix.org/ADDRESS_REWRITING_README.html
I am beginning to understand how the tables are used now. I made a list in the
order shown in that page and came to the initial conclusion that all I needed
was the virtual aliasing tables. I don't need any of the canonical,
masquerading, or bcc functions. That should be all I need to get a received
email into the queue properly. To test this, I started up ktrace on the master
process and all it's siblings, and then sent in an email. Grabbing the NAMI
entries from the output, removing the non-postfix entries and the duplicates
yields a small list:
18128 postscreen NAMI "/var/db/postfix"
18128 postscreen NAMI "/var/db/postfix/postscreen_cache.db"
18129 smtpd NAMI "/usr/local/etc/postfix/aliases.db"
18129 smtpd NAMI "/usr/local/etc/postfix/vmail_aliases.db"
18129 smtpd NAMI "/usr/local/etc/postfix/vcsc_aliases.db"
18129 smtpd NAMI "/usr/local/etc/postfix/lafn_aliases.db"
18129 smtpd NAMI "/usr/local/mailman/data/aliases.db"
18129 smtpd NAMI "/usr/local/etc/postfix/vmail_mailbox.db"
18129 smtpd NAMI "/usr/local/etc/postfix/tempfail.db"
18131 trivial-rewrite NAMI "/usr/local/etc/postfix/vmail_aliases.db"
18131 trivial-rewrite NAMI "/usr/local/etc/postfix/vcsc_aliases.db"
18131 trivial-rewrite NAMI "/usr/local/etc/postfix/lafn_aliases.db"
18131 trivial-rewrite NAMI "/usr/local/mailman/data/aliases.db"
18131 trivial-rewrite NAMI "/usr/local/etc/postfix/vmail_domains.db"
18131 trivial-rewrite NAMI "/usr/local/etc/postfix/relocated.db"
18132 cleanup NAMI "/usr/local/etc/postfix/vmail_aliases.db"
18132 cleanup NAMI "/usr/local/etc/postfix/vcsc_aliases.db"
18132 cleanup NAMI "/usr/local/etc/postfix/lafn_aliases.db"
18132 cleanup NAMI "/usr/local/mailman/data/aliases.db"
18133 local NAMI "/usr/local/etc/postfix/aliases.db"
18133 local NAMI "/usr/local/etc/postfix/aliases.db"
The first thing I noticed is that smtpd accesses some of the tables. That I
didn't expect based on the README. I don't think it is using those tables to
rewrite addresses, but it is not obvious why it accesses them. The aliases,
vmail_aliases, lafn_alises,and mailman/data/aliases are all in the
virtual_address_maps. I have them split into multiple files to make
maintenance easier. smtpd accesses the vmail_mailbox table
(virtual_mailbox_maps) also. It would appear that is required, but I don't see
why. trivial-rewrite appears to be what I expected. I don't use relocated
entries at this time, but I can see why it would use them. The rest of the
entries seem obvious.
-- Doug
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
