|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: virtual_alias_maps: rewriting outbound
From: mouss (usebsd
free.fr)
Date: Sun Jul 02 2006 - 07:32:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris McKeever wrote:
> I have a virtual_alias_maps setup to handle legacy emails names:
to handle "legacy" addresses, canonical is a better place. That said,
you can also consider that first.lastdomain.example is an "alternate"
address and is ok. If so, (virtual) aliases are the right place. I'll
assume this latter choice here.
> first.lastexample.com -> flastexample.com
>
> /(.)[^\.]*\.(.*)(.*)$/ $1$2$3
>
Two notes here:
1- you are rewriting all the adresses in the world, not just yours. so
the first thing is to only specify aliases for your domains. as
suggested by Magnus. You can use IF as suggested by Rob.
2- you are breaking recipient validation: you are making all addresses
valid. This is only acceptable if you have a catchall. In no case should
later bounce a message if you finally don't find its mailbox.
Outscatters will be block listed.
To fix this, either:
*) use a script to only generate aliases for valid addresses. That
script would parse your valid mailbox addresses and generate a
virtual_alias_map (as hash or whatever), and reload postfix. the script
may be run manually, periodically (from a cron) or automatically
depending on your setup, your OS (possibility to wait for an event on a
file) and your programming skills.
*) use mysql, pgsql or ldap and write the statements so that the
virtual alias is only returned if the "target" address exists. Some
examples have been posted to the list in the past.
*) implement recipient validation using a policy service.
> we run multiple domains that had that setup.
>
> It works great for the inbound and does what I expect. Unfortunately,
> outbound email gets checked against that alias, then is rewritten and
> thus
> fails when sending.
An alternative to the above is use different instances for inbound and
outbound mail, and configured different virtual aliases for each. for
instance, ask your users to use the MSA port (587) and let port 25
handle inbound mail only. (instead of asking your users, you can also
redirect their traffic with NAT/redir/... if you know their IPs).
>
> Is there a way (outside of explicitley listing each possible hosted mail
> domain) to not have the outbound email run through the alias?
>
> Thanks
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]