Hi Noel, On Wed, Jan 21, 2015, at 07:37 AM, Noel Jones wrote: > general docs are here: > http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
Wow, thanks. As usual (sigh) I wasn looking in the wrong place, just http://www.postfix.org/BASIC_CONFIGURATION_README.html > > (1) minimal changes to the 3 current servers > > You'll need some way to export valid recipients to postfix > If that's not possible, use recipient_address_verification > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient Those lists are big, and of course, in 3 different places, but they're pretty static. So originally, I was thinking of a 'kludge'. Extract the list from each server, aggregate them into a single list, clean it up, rsync it over to the Postfix box, and convert it to an LMDB list. The 'Recipient address verification' stuff I'd seen but wasn't sure exactly what the Postfix was "doing to" the SMTP servers downstream. IIUC, something like -- it sends a test message to the upstream, and then stores in LOCAL-to-Postfix, persistent cache whether that's a good/bad address. Sounds like it only does that ONCE per address, but not sure. I don't wnat to make the current downstream servers "angry" for invalid recipients/senders, and mistakenly lock out the upstream postfix. I know I can make those changes in the downstream's config -- somewhere. Need to understnad this more. > Minimal changes to inside boxes will include, > - don't accept mail from the internet (duh!) > - trust the postfix IP to minimize bounces > - set the postfix box as smarthost/relay/gateway or whatever they > call it for outgoing mail. These all make sense and were on my list. > - I probably forgot something else... Well, if YOU did, then I did for sure! :-) > > (2) the Postfix system storing, then later forwarding, inbound mail if the > > Postfix -> domainX connection is ever down > > (3) the Postfix system storing, then later sending, outbound mail if the > > Postfix -> 'net connection is ever down > > both these are default behavior. I've read about Queing. I thought it might be safe enough. Wasn't sure what happens if the server's restarted, whether the Queued emails -- in either direction -- survive. I think they do as they're written to disk in the Queue directory and Postfix on restart simply looks there and puts them back in line to be processed when possible. > > I hope that's clear enough. I can explain more or differently if you jave > > any particular questions. > > > > I guess the right question for me here is -- can I do this? SHOULD I do it > > this way? > > This is a good first step Well, THAT'S a 1st for me! > that should be relatively easy to implement. Thanks for the help! Roger
