Ok, a curly one: our IMGate box is acting as the smarthost for our test (and eventually production) IMail box. So far it works really well, and both internal (old-system bound) and external mail is going through. However, we have a mail-to-pager system running, and I need the IMGate box to relay mail to that system as appropriate. Trouble is, the system is hard-coded to use some fake domains rather than subdomains of our real one.
In short, any mail to ourdomain.sms or ourdomain.pager from inside the company has to go to a specific host. Any mail to those domains from outside the company must bounce. I already have entries in transport.map to take care of the mail routing, and they're not listed in relay_domains.map so outsiders can't relay mail there. Problem is that the reject_unknown_recipient_domain restriction is bouncing the mail for everyone since those domains don't exist. I know this can be fixed by setting up zones on our DNS server for .sms and .pager, but I'd like to avoid that to minimise problems in case ICANN ever approve a real .sms or .pager TLD. I tried entries in the /etc/hosts file (which worked for Sendmail) but Postfix seems to ignore that. So what I was hoping to do is add another line to smtpd_recipient_restrictions in main.cf to deal with it. What I have now is: smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, hash:/etc/postfix/to_recipients_bw.map, reject_unknown_sender_domain, permit_mynetworks, reject_unauth_destination, check_client_access hash:/etc/postfix/mta_clients_bw.map, check_sender_access hash:/etc/postfix/from_senders_bw.map, check_sender_access regexp:/etc/postfix/from_senders.regexp, check_helo_access hash:/etc/postfix/helo_hostnames.map, check_sender_access hash:/etc/postfix/from_senders_slet.map, check_sender_access hash:/etc/postfix/from_senders_clueless.map, check_sender_access hash:/etc/postfix/from_senders_bogus.map, check_sender_access hash:/etc/postfix/from_senders_mybogus.map, reject_maps_rbl, permit I was going to add a line immediately above reject_unknown_recipient_domain that says something like hash:/etc/postfix/pager_domains.map, and then create that file as follows: ourdomain.sms permit_mynetworks ourdomain.pager permit_mynetworks Before I do that on what is now a production system, is it going to do what I want? That is, will it: - Allow mail to those fake domains from internal IP addresses, - Continue to deny mail to those fake domains from elsewhere, - Not affect any other mail. Thanks for any thoughts, Evan
