From: Aaron Bennett (abennettclarku.edu)
Date: Thu Nov 16 2006 - 14:25:01 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Our mail gateways are set up using an ldap backend querying against
virtual_alias_maps. They are almost entirely for inbound email, but we
do have a handful of hosts who need to use them as smarthosts as well.

So we have: "smtpd_recipient_restrictions = check_client_access
hash:/etc/postfix/relay_hosts, reject_unauth_destination"

The problem with this setup is, during the reject_unauth_destination
check, postfix queries our ldap source. We only accept inbound email
for clarku.edu. Leaving aside how dumb it may or may not be to use
virtual_alias_maps to store mail routing info, ( it's hard to change
that now, we've got a ton of custom middleware that expects that field
to be in use ), I'd rather not have all the spam that arrives for
'foobar.com' etc trigger an ldap query. So I was thinking of doing
something like this:
smtpd_recipient_restrictions = check_client_access
hash:/etc/postfix/relay_hosts,
                                check_recipient_access
pcre:/etc/postfix/valid_domains,
                                reject_unauth_destination

with:
"!/clarku\.edu/ REJECT" in valid_domains. I've tested it a little bit
and it seems to work, my question is, is this insane? Can anyone
suggest a simpler approach?

Best,

Aaron Bennett
Sr. Unix Administrator
Clark University

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]