|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mouss (mlist.only
free.fr)
Date: Wed Nov 28 2007 - 15:24:33 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Arpi wrote:
> Hi,
>
> We have a posfix mail server, which does content filtering (spam virus etc)
> for all of our mail servers, as a relay. I've enabled address verify
> (both sender and recipient) for all of our server domains. It's working fine.
>
> Now I've added
> virtual_alias_maps = hash:/etc/postfix/virtual, ldap:ldapforward, ldap:ldapvirtual
> which does address translation for many of our domains where the
> addresses are redirected to other addresses (users moved and have their
> old mail forwarded, and some users moved to an ms exchange server).
> The problem is, that I dont want to do address verification for these
> foregin domains, where some of our addresses are forwarded/virtaal_aliased.
> (there are some servers, where address verify doesnt work)
>
> Is there any way, to tell postfix which domains NOT to verify
> mail to? Adding it to check_recipient_access maps in
> smtpd_recipient_restrictions doesnt work, as it's used by smtpd only,
> and address verify ignores that when doing the address verify.
> Or any way to force verify to verify only mails to listed domains,
> and do this domain check _after_ resolving virtual_alias mappings ?
>
> For example:
> smtpd receives a connection, with recipient arpibmf.hu.
> there is a such line in the check_recipient_access map:
> bmf.hu reject_unverified_recipient
> so it does address verify. it's ok.
> but this address is mapped to an external address in virtual_alias_maps:
> arpibmf.hu arpithot.banki.hu
> so the verify process connects thot.banki.hu to verify this address.
> but i dont want it to connect thot.banki.hu!
>
please show evidence (relevant logs).
and while you are at it, show output of 'postconf -n'. is there a
transport entry for bmf.hu?
> if the address is listed in virtual_alias_maps, then it's an existing
> address (but at least an address i can assume it's a working one)
> so no further checks needed!
>
> i hope the problem is clear now.
> any ideas?
>
> A'rpi
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]