DJ Lucas a écrit : > Hi guys, I believe that I already have the answer to this pretty basic > setup, but I just wanted to do a quick sanity check. > > I'm setting up a backup MX, and for one of the domains that it will > relay to, it should do no filtering whatsoever as there is a Symantec > device in front of the primary. The device is configured with a > catch-all, and I have verified that no backscatter is generated when > sending to an invalid address, and the admin of that server wants to > review everything coming at him. >
the question is: does the symantec device reject spam or does it "tag and deliver" or "quarantine". it should not reject mail since you have accepted it. > The other three domains are very small, servicing less than 80 users > total. I had planned to validate the recipient addresses via hash > tables...I can automatically generate these..in fact probably only one > table need be present for (I think) only something like 74 users. > > Anyway, in addition to the default configuration, I plan to add the > following: > > /etc/postfix/transport: > example.com relay:[primary.example.com] > example1.com relay:[primary.example1.com] > example2.com relay:[primary.example2.com] > example3.com relay:[primary.example3.com] > > /etc/postfix/example.com: > example.com OK > > /etc/postfix/otherdomains: > us...@example1.com OK > us...@example3.com OK > us...@example2.com OK > us...@example1.com OK > ... > use...@example2.com OK > > > main.cf: > # Begin /etc/postfix/main.cf > ... > # Domains to accept mail for. > relay_domains = example.com, example1.com, example2.com, example3.com > > # IP address is currently unknown (will be replaced with real when > determined) > proxy_interfaces = 0.0.0.0 > > # Map recipient addresses to the primary MX > transport_maps = hash:/etc/postfix/transport > > # Validate recipients (except for example.com) and do normal checks > smtpd_recipient_restrictions = > check_recipient_access hash:/etc/postfix/example.com, > reject_non_fqdn_sender, > reject_unauth_pipelining, this is useless. > reject_non_fqdn_recipient, put reject_unauth_destination here. > reject_rbl_client b.barracudacentral.org, > reject_rbl_client zen.spamhaus.org, > check_policy_service unix:postgrey/socket, > check_recipient_access hash:/etc/postfix/otherdomains, > reject_unauth_destination, > reject_unknown_recipient_domain This is useless. > ... > # End /etc/postfix/main.cf > > It just seems entirely too simple. Does that config work like I think > it will, or am I off in La La land? Also, this server will handle no > mail locally. I explicitly ignored 'permit_mynetworks'. I simply use > the internal domain name of the site that it is at, since it is not > resolvable from the outside world (backupmx.mailhost.local). > Additionally, I did not use relay_recipient_maps, is it still required > with the suggested configuration? > without relay_recipient_maps, anyth...@example1.com will be accepted. you can use: relay_recipient_maps = hash:/etc/postfix/otherdomains after adding: @example.com OK to that file. (this entry won't match a check_recipient_access. so it changes nothing to your checks).
