|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mouss (mlist.only
free.fr)
Date: Sun Jun 24 2007 - 06:51:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
maillist2koppelaar.org wrote:
> Everyone many thanks for your quick replies. I was a little confused about
> my changes, so I had a fresh reinstall of Postfix on server 3.
> It is working now. The only thing I would like to change is the fact that
> I'm still using user verification. Because I would like to keep it as
> simple, and as 'transparent' as possible, it would be great to skip the
> user verification. How should I get around that?
>
you can use reject_unverified_recipient in the right place, provided
your exchange server does validate addresses (reject invalid recipient).
But this should be implemented on server 1, not 2 or 3. It is server 1
that must reject invalid addresses. once this server accepts mail, it is
too late to reject it (because this would result in backscatter).
I would recommend getting servers 2 and 3 out for a moment, have a
working setup and only then adding the remaining servers. more comments
below.
> Below is my configuration.
>
> --postconf -n
> [snip]
>
> relay_recipient_maps = hash:/etc/postfix/test_gebruikers
>
you have no relay domains, so relay_recipient_maps is useless. you may
want to add
relay_domains = test.lan
> relayhost = testiis.test.lan
>
Is this "server 2"?
> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
> smtpd_use_tls = yes
> transport_maps = hash:/etc/postfix/transport
>
> --test_gebruikers
> Administratortest.lan OK
> postmastertest.lan OK
> test2test.lan OK
> testtest.lan OK
> testuser1test.lan OK
>
> --transport
> test.lan relay:testdc.test.lan
>
>
is testdc.test.lan the exchange server?
You should use brakets to avoid an MX lookup.
test.lan relay:[testdc.test.lan]
> [snip]
>>>> local_recipient_maps =
>>>>
>>> This is bad. if you disabled the local transport, then it is useless. If
>>> not, then you'll be a source of backscatter (see the BACKSCATTER README
>>> on the postfix site or in the sources).
>>>
>> It shouldn't matter in his setup since it is not connected to the internet
>> (according to his little picture).
>>
well, it always starts safe, and things are modified over time, until it
crosses the safety border...
This can also hide other configuration problems.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]