On 10/30/2009 6:57 PM, Robert Lopez wrote:
Postfix places no limit on how many maps you can use, but there is system
overhead with each map. Rule of thumb is to combine maps wherever possible
-- don't use two check_sender_access statements if you can do it with one.
The smart way to do this is use a Makefile to build a single map from
multiple similar input files.
That is interesting. What is the advantage of that over directly
editing a single file?
I can see having unique names that pair with the parameters that cause
them to be read.
It is not clear to me what the benefit of multiple files is beyond
this association.
We do something similar with the virtualaliases table. There is a
table that has all
college employees who use an Exchange server, another that has all customers
(students) who use Sungard Luminis, and a third that has Mailman lists. So email
is delivered to one of those three systems based on that file. We
build that single file
from three separate files.
That's a good example of files that can be automated with a
Makefile. Maintain the separate files for clear management
separation, then just type "make" to build a single postfix
file. General example here:
http://www.postfix.org/DATABASE_README.html#safe_db
message_size_limit = 16777216
mydestination = $myhostname, $mydomain, localhost.localdomain,
cnm.edu, mail.cnm.edu, mg0x.cnm.edu, mg04.cnm.edu, mg05.cnm.edu,
nmvc.org, mail.nmvc.org, mg0x.nmvc.org, mg04.nmvc.org, mg05.nmvc.org,
mg06.nmvc, nmvirtualcollege.org, mail.nmvirtualcollege.org,
mg0x.nmvirtualcollege.org, mg04.nmvirtualcollege.org,
mg05.nmvirtualcollege.org, mg04.nmvirtualcollege.org, nmln.net,
ideal-nm.org, ideal-nm.net, idealnm.org, idealnm.net
Lots of domains in mydestination... Are you sure these don't belong in
relay_domains instead?
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/ADDRESS_CLASS_README.html
No, I am not sure.
All email going students and employees are sent to either Sungard Luminis
servers or to Microsoft Exchange servers.
At the most basic definition, relay_domains are domains that
are accepted by postfix and sent to the same address on
another box for final delivery. Sounds as if these are all
relay_domains. Valid recipients for relay_domains should be
listed in relay_recipient_maps, but it sounds as if you list
them in virtual_alias_maps.
Better to work with the system rather than against it.
relay_domains = $mydestination
relay_domains should be set explicitly, and generally should not include
$mydestination. If there are no relay_domains, it should be set empty.
http://www.postfix.org/ADDRESS_CLASS_README.html
This may be another point where I am confused. I am thinking relay is when a
postfix server accepts email for u...@cnm.edu and then rewrites that address
to what is found in a table for the user where the email is then sent
to u...@other.domain.
Postfix would call those virtual_alias_domains -- domains that
are accepted and rewritten to another domain for either local
or remote delivery. Your domains are relay_domains.
smtpd_banner = cnm.edu
Should be "cnm.edu ESTMP", or better, just leave it at the default.
Is that "cnm.edu ESMTP" or default?
The ESTMP is required to signal other mail servers that your
server accepts "enhanced" command syntax.
But there's usually no reason to change this setting from the
default "$myhostname ESTMP $mail_name", so just remove the
parameter from your main.cf. You can't hide the fact you're
running postfix, so don't worry too much about the $mail_name
in there.
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/greylist check_sender_access
hash:/etc/postfix/sender_access permit_mynetworks
reject_unknown_sender_domain
Seems like permit_mynetworks should come before greylist or other sender
access checks.
Seems like? :-) This greylist program reads the tail of the mail log
and looks for
bursts of email in a short period of time. The program adds the bursting account
to the map which causes the email to be deferred.
OK, you're using that as a outgoing quota control. There are
policy servers that do similar and more, particularly policyd.
http://www.postfix.org/addon.html#policy
-- Noel Jones