> Ok, a curly one: our IMGate box is acting as the smarthost for our test (and > eventually production) IMail box. So far it works really well, and both > internal (old-system bound) and external mail is going through. However, we > have a mail-to-pager system running, and I need the IMGate box to relay mail > to that system as appropriate. Trouble is, the system is hard-coded to use > some fake domains rather than subdomains of our real one. > > In short, any mail to ourdomain.sms or ourdomain.pager from inside the > company has to go to a specific host. Any mail to those domains from outside > the company must bounce. I already have entries in transport.map to take > care of the mail routing, and they're not listed in relay_domains.map so > outsiders can't relay mail there. Problem is that the > reject_unknown_recipient_domain restriction is bouncing the mail for > everyone since those domains don't exist. > > I know this can be fixed by setting up zones on our DNS server for .sms and > .pager, but I'd like to avoid that to minimise problems in case ICANN ever > approve a real .sms or .pager TLD. I tried entries in the /etc/hosts file > (which worked for Sendmail) but Postfix seems to ignore that.
Odd, the HOSTS file works fine for me. I used it to fix a few faked things here. Move permit_mynetworks up is one option. > I was going to add a line immediately above reject_unknown_recipient_domain > that says something like hash:/etc/postfix/pager_domains.map, and then > create that file as follows: > ourdomain.sms permit_mynetworks > ourdomain.pager permit_mynetworks > > Before I do that on what is now a production system, is it going to do what > I want? That is, will it: > - Allow mail to those fake domains from internal IP addresses, > - Continue to deny mail to those fake domains from elsewhere, > - Not affect any other mail. Actually, I like your use of permit_mynetworks inside a map better. It should create the exemption you want, but not open up more holes. This following the principal of "least window of opportunity for abuse" is a very good one. --Eric
