Hi, everyone!
I need to build an email gateway that will forward emails to users in our
internal Exchange. But some need to be forwarded to our old Linux-based
external server instead. Reading the Postfix documentation and examples I
was able to find on the web, I was still left a bit confused and was hoping
someone would take the time to clear things up. I'm using Postfix 2.9
I'm able to get a big chunk of our users via LDAP (query done by another
machine that "pushes" the list with a cron-job to the gateway machine). The
gateway machine will monitor the file change and add new entries to the
file for the relay_recipient_maps directive and "postmap /path/to/file".
The linux-based server users list rarely changes and I manage adding them
by hand (at this moment). Correct me if I'v misunderstood in saying this is
only a check whether a entry (user email) exists; relay_domains list the
domains the gateway machine is willing to relay (e.g. if example.biz not
listed, it will never be taken into consideration for relaying via the
gateway) and relay_transport is a "routing table" about to which server
should a email be sent. In my case a have used transport_maps instead,
because it overrides/supersedes the relay_transport directive. (Question 1)
Have I gotten the gist ?
So finally we get to main question. (Question 2)Is their any other and
perhaps a more reasonable way of forwarding emails to user that do not
exist in Exchange (172.16.1.1) without adding lines to
/etc/postfix/transport file? Maybe list non-Exchange users in other file
and add it to transport_maps, i.e. transport_maps =
hash:/etc/postfix/no_exchange_account, hash:/etc/postfix/transport. Are the
lookups done in the order they are listed? I am assuming having a couple of
thousand entries in these lookup tables is performance wise a non-issue?
Especially compared to storing them in a Mysql base?
(Question 3) Also, will/could this setup create backscatter?
Any other tips, links to tutorials and suggestions would be highly
appreciated.
MAIN.CF
mydomain = example.com
myhostname = gateway
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = gateway.example.com, gateway, localhost.localdomain,
localhost
#DISABLES LOCAL DELIVERY
#mydestination =
#local_recipient_maps =
#myorigin = example.com
####LINES IN QUESTION####
#List of user emails which are accepted for relaying
relay_recipient_maps = hash:/etc/postfix/relay_recipients
#Possible solution, when disabling local delivery but still forward
postmaster, abuse emails to admins
#virtual_alias_domains = hash:/etc/postfix/virtual_domains
#virtual_alias_maps = hash:/etc/postfix/virtual
#destination domains (and subdomains thereof) this system will relay mail to
#we accept example.com ,example.net
relay_domains = $mydestination, hash:/etc/postfix/virtual_domains
#"routing"
transport_maps = hash:/etc/postfix/transport
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 195.222.6.0/26
172.16.1.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#IPv4/IPv6 support
inet_protocols = all
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
### RESTRICTIONS
smtpd_client_restrictions =
permit_mynetworks,
reject_unknown_client_hostname,
permit
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
#blocked senders
hash:/etc/postfix/access_blacklist,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
RBLs,
permit
LOOKUP FILES:::
VIRTUAL_DOMAINS:
example.com #official domain
example.net #old domain
RELAY_RECEPIENTS- mainly to keep inwards traffic to a minimum (email to
user that do not exist in our system are rejected):
#USERS - info gathered with LDAP and exeptions by hand
us...@example.com OK
us...@example.com OK
us...@example.net OK
.
user4...@example.net OK
TRANSPORT
user...@example.net :[172.16.1.200]
user...@example.net :[172.16.1.200]
user...@example.net :[172.16.1.200]
example.com :[172.16.1.1]
.example.com :[172.16.1.1]
example.net :[172.16.1.1]
.example.net :[172.16.1.1]
#* smtp:[smtp.example.int]
could it be turned into two separate files:
1)no_exchange_account:
user...@example.net :[172.16.1.200]
user...@example.net :[172.16.1.200]
.
user...@example.net :[172.16.1.200]
2)transport:
example.com :[172.16.1.1]
.example.com :[172.16.1.1]
example.net :[172.16.1.1]
.example.net :[172.16.1.1]
