From: Andrew Houghton (aahroarmouse.org)
Date: Mon Jan 22 2007 - 15:51:57 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(re-sent with subject)

Thanks to mouss for previous help with my setup.

I've got five web servers behind a firewall relaying outgoing mail
through a gateway. The outgoing mail is to user-supplied aliases --
frequently wrong, sometimes no longer available.

The gateway acts as a centralized bounce handler; permit_mynetworks
is the first item on my smtpd_recipient_restrictions list (which is
based almost entirely on 'The Book of Postfix'), but given this setup
those restrictions are obviously only working on incoming mail.

smtpd_recipient_restrictions =
   permit_mynetworks
   reject_non_fqdn_recipient
   reject_non_fqdn_sender
   reject_unknown_sender_domain
   reject_unknown_recipient_domain
   reject_unauth_destination
   reject_non_fqdn_hostname
   reject_invalid_hostname
   check_helo_access pcre:/etc/postfix/helo_checks
   check_sender_mx_access cidr:/etc/postfix/bogus_mx
   permit

The goal here is to let the internal servers concentrate on their
role as web servers, and hand off all mail to the gateway. This, of
course, means that the gateway slowly accumulates mail that can't be
sent, by virtue of accepting mail from my internal servers without
applying any restrictions to them.

I've poked around and can't seem to find a way to apply restrictions
like 'reject_unknown_recipient_domain' to mail that's already in the
gateway's queue. Once the mail bounces, the gateway does the right
thing -- processes the bounce, removes the alias, notifies my users,
etc. -- but the current setup allows mail to sit in my gateway's
deferred queue until it times out, rather than being bounced on first
relay attempt.

Is there any easy way to fix this? If I have to decentralize the
bounce processing, I can, but I'd rather not.

- a.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]