Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: mouss (moussnetoyen.net)
Date: Thu May 29 2008 - 13:57:51 CDT
Randy Ramsdell wrote:
> mouss wrote:
>> Randy Ramsdell wrote:
>>> Brian Evans wrote:
>>>> Randy Ramsdell wrote:
>>>>> I wanted to know what people thought about the best way to handle
>>>>> a postfix server receiving mail for many domains.
>>>>> For 20 domains:
>>>>> Do you add all the domains with "mydestination" or use the
>>>> mydestination is for domains that exist as local, aka UNIX,
>>>> accounts. virtual_alias_domains can also be used for this purpose
>>>> The virtual_mailbox_domains are for non "local" accounts and do not
>>>> exist with in the system itself.
>>>> See http://www.postfix.org/VIRTUAL_README.html for a more detailed
>>>> look of options.
>>> Thanks for the pointer and I should have more clear about these
>>> accounts being all local. Will read the doc too.
>>> Currently, we are using mydestination and virtual_maps ( outdated
>>> although it works) , but this is not ideal as users can receive mail
>>> from every domain. I inherited this server and all its settings and
>>> did not want every user to receive e-mail from every domain. I will
>>> switch all domains ( which are still for local accounts ) in
>>> mydestination to virtual_aliase_domains for
>>> security/spam/organization reasons, and consider that best practices.
>> it's not really a security or spam issue because you can block spam
>> independently of domain classes.
> If you look at is one way it is a security/spam issue and I really
> meant spam/virues/security related . I just don't need spam/virues
> sent 100 times to the same user but switching to each of the 100 domains.
well, I wouldn't want a virus/spam going to the user mailbox. I
understand that filters can miss it, but this is not related to how you
deliver mail to the various domains. spammers and attackers don't even
know what domains are in mydestination/relay_domains/... so your
security/spam/virus/... measures must handle this junk independently of
how mail is finally delivered to the user. and the difference between
local and virtual is mostly a question of delivery.
>> local domains (mydestination) are ok. they are even better than using
>> virtual_alias_domains (this is because wildcard aliases break address
>> validation, so you need some care when using virtual aliases). but
>> still, there is no problem using virtual domains. it really depends
>> on how you implement your stuff. both ways are reasonable and
>> completely feasible.
>> In short, chose what you prefer based on how you want mail delivered.
>> once you have a decision, you can implement it correctly, with either
>> local or virtual domains.
> Thanks. I want to organize this as old admins were switching back and
> forth between entries in aliases and virtual which we do not even need
> to add to either of those for local. I will read more on how to add
> aliases to the virtual domains.
just make sure not to confuse: virtual_alias_domains and
virtual_mailbox_domains. and do not confuse any of those with
virtual_alias_maps. I am saying this because it seems to confuse a lot