> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:owner-postfix- > [EMAIL PROTECTED] On Behalf Of mouss > Sent: 08/25/2008 23:42 > Cc: postfix-users@postfix.org > Subject: Re: Suggestions wanted > > Ulf Zimmermann wrote: > > Hello, everyone. > > > > I thought before I potential reinvent the wheel, I would ask here if > > someone hasn't done this before: > > > > I am looking at doing 3 things in postfix on a relay which is set as > the > > smart relay on a number of machines. > > > > 1.) Check the client host name, if in table 1, allow relay > > unconditional, stop further checks > > mynetworks = cidr:/etc/postfix/mynetworks > > == mynetworks > 127.0.0.1/32 OK > 192.168.1.0/24 OK > ... > > > > 2.) Check if recipient address is [EMAIL PROTECTED], [EMAIL PROTECTED] > but > > not [EMAIL PROTECTED], if true, then allow relay and stop further > > checks. > > put domain1.com and domain2.com in ONE of mydestination, relay_domains, > virtual_mailbox_domains, virtual_alias_domains. > > do not put ml.domain2.com there. and set > parent_domain_matches_subdomains= > well. read the docs for what you can/should do. > > > > 3.) Check the client host name, if in table 2, use field in table to > > rewrite the recipient address and insert header with original > recipient > > address, stop further checks. > > What if the message is addressed to many recipients. would you add 100 > headers if you have 100 recipients? > > and worst, what if some of these recipients were BCC'ed. you don't want > to expose the Bcc to the recipients.
As this rewrite is to catch development emails (Stage, Test, Demo, Performance environment), a single recipient rewrite would be the case. > > > > 4.) And last if all fails, rewrite the recipient address to > > [EMAIL PROTECTED], which will allow us to classify the > > client host into 1 or 3. > > > > what is the goal here? Any machine is to be classified. Many of the machines should not be allowed to send email to the outside world. Normally when we copy our production database to the stage/test/etc environment, emails addresses in those environments get changed to something like [EMAIL PROTECTED] or [EMAIL PROTECTED] which end up in a public folder on the corporate Exchange server for developers to look at. Unfortunately if now a developer loads feeds from our customers which could include emails, live emails get introduced into these development environments. Also there is sometimes hardcoded email addresses in the code these developers write and again this has lead to problems. > > > Anyone done something similar and cares to share? Any other > suggestions? Ulf Zimmermann | Senior System Architect OPENLANE 4600 Bohannon Drive, Suite 100 Menlo Park, CA 94025 O: 650-532-6382 M: (510) 396-1764 F: (510) 580-0929 Email: [EMAIL PROTECTED] | Web: www.openlane.com
