Postfix gateway question

Wed, 21 Oct 2009 10:29:11 -0700 

I'm running postfix as a mail gateway for my campus. I want to direct
all inbound SMTP traffic from the world through the gateway systems.

There are about 30 mail systems on campus... one large central system
which handles 99 percent of all mail and 29 small mail systems that
either exist for a single purpose (our CA, for example) OR serve small
departments that have legacy systems or special needs.

For the central domain my config looks like this:

main.cf
-----------
smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit

parent_domain_matches_subdomains = mynetworks

mynetworks = 127.0.0.0/8
        1.2.3.0/24
# 1.2.3.0/24 is the vLAN for the core mail system

relay_domains = ku.edu
        mail.ku.edu
        abc.org
        def.org
        ghi.com
        jkl.org
# All these domains are part of the core mail system

relay_recipient_maps = proxy:ldap:/postfix/etc/ldap_lookup.cf
-----------

ldap_lookup.cf
-----------
server_host = lookupserver.ku.edu
server_port = 389
domain = ku.edu, mail.ku.edu, abc.org, def.org, ghi.com, jkl.org
version = 3
timeout = 10
query_filter = (proxyAddresses=smtp:%s)
result_attribute = mail
search_base = dc=ku,dc=edu
scope = sub
bind_dn = cn=ldap_lookup_user,ou=users,dc=ku,dc=edu
bind_pw = xxxxxxx
-----------

With a transport map pointing to the mailbox servers and all this
works flawlessly.

So now I want to handle inbound mail for the domain
'certificate-authority.ku.edu'. For this domain I am not able to do
any sort of a lookup... rather, I just want to accept inbound mail,
run it through hygiene services, and forward it on to the destination
server if it passes hygiene.

If I add certificate-authority.ku.edu to the list of relay domains,
mail sent to it is rejected with a "User unknown in relay recipient
table" -- which is accurate since there is no lookup table for it.
Adding "permit_auth_destination, as the second item under
smtpd_recipient_restrictions doesn't help.

Anyone have any thoughts on how I can do this?

:Jim

Reply via email to