Hi, everyone! I need to build an email gateway that will forward emails to users in our internal Exchange. But some need to be forwarded to our old Linux-based external server instead. Reading the Postfix documentation and examples I was able to find on the web, I was still left a bit confused and was hoping someone would take the time to clear things up. I'm using Postfix 2.9
I'm able to get a big chunk of our users via LDAP (query done by another machine that "pushes" the list with a cron-job to the gateway machine). The gateway machine will monitor the file change and add new entries to the file for the relay_recipient_maps directive and "postmap /path/to/file". The linux-based server users list rarely changes and I manage adding them by hand (at this moment). Correct me if I'v misunderstood in saying this is only a check whether a entry (user email) exists; relay_domains list the domains the gateway machine is willing to relay (e.g. if example.biz not listed, it will never be taken into consideration for relaying via the gateway) and relay_transport is a "routing table" about to which server should a email be sent. In my case a have used transport_maps instead, because it overrides/supersedes the relay_transport directive. (Question 1) Have I gotten the gist ? So finally we get to main question. (Question 2)Is their any other and perhaps a more reasonable way of forwarding emails to user that do not exist in Exchange (172.16.1.1) without adding lines to /etc/postfix/transport file? Maybe list non-Exchange users in other file and add it to transport_maps, i.e. transport_maps = hash:/etc/postfix/no_exchange_account, hash:/etc/postfix/transport. Are the lookups done in the order they are listed? I am assuming having a couple of thousand entries in these lookup tables is performance wise a non-issue? Especially compared to storing them in a Mysql base? (Question 3) Also, will/could this setup create backscatter? Any other tips, links to tutorials and suggestions would be highly appreciated. MAIN.CF mydomain = example.com myhostname = gateway alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = gateway.example.com, gateway, localhost.localdomain, localhost #DISABLES LOCAL DELIVERY #mydestination = #local_recipient_maps = #myorigin = example.com ####LINES IN QUESTION#### #List of user emails which are accepted for relaying relay_recipient_maps = hash:/etc/postfix/relay_recipients #Possible solution, when disabling local delivery but still forward postmaster, abuse emails to admins #virtual_alias_domains = hash:/etc/postfix/virtual_domains #virtual_alias_maps = hash:/etc/postfix/virtual #destination domains (and subdomains thereof) this system will relay mail to #we accept example.com ,example.net relay_domains = $mydestination, hash:/etc/postfix/virtual_domains #"routing" transport_maps = hash:/etc/postfix/transport relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 195.222.6.0/26 172.16.1.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all #IPv4/IPv6 support inet_protocols = all smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 disable_vrfy_command = yes smtpd_delay_reject = yes smtpd_helo_required = yes ### RESTRICTIONS smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname, permit smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, #blocked senders hash:/etc/postfix/access_blacklist, permit smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, RBLs, permit LOOKUP FILES::: VIRTUAL_DOMAINS: example.com #official domain example.net #old domain RELAY_RECEPIENTS- mainly to keep inwards traffic to a minimum (email to user that do not exist in our system are rejected): #USERS - info gathered with LDAP and exeptions by hand us...@example.com OK us...@example.com OK us...@example.net OK . user4...@example.net OK TRANSPORT user...@example.net :[172.16.1.200] user...@example.net :[172.16.1.200] user...@example.net :[172.16.1.200] example.com :[172.16.1.1] .example.com :[172.16.1.1] example.net :[172.16.1.1] .example.net :[172.16.1.1] #* smtp:[smtp.example.int] could it be turned into two separate files: 1)no_exchange_account: user...@example.net :[172.16.1.200] user...@example.net :[172.16.1.200] . user...@example.net :[172.16.1.200] 2)transport: example.com :[172.16.1.1] .example.com :[172.16.1.1] example.net :[172.16.1.1] .example.net :[172.16.1.1]