|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mark Sutton (mark
fubra.com)
Date: Fri Aug 01 2008 - 06:51:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Postfix Users!
I recently updated our email systems to handle our incoming email as
follows:
INTERNET
|
Email Filter (Postfix -> content filter (Amavis) -> Postfix)
|
Email Storage (Postfix/Maildrop) <--- IMAP/POP access
All accounts and aliasing is stored within a MySQL database and we
wrote a script to expand all valid domains, aliases etc into flat
files for performance and reliability.
On the email filter server, the first (public interface) instance is
configured with the following:
relay_domains = hash:/etc/postfix/mexp/relay_domains
relay_recipient_maps = hash:/etc/postfix/mexp/rcpt_access_map [same
content as virtual_alias_maps on email storage server)
smtpd_recipient_restrictions = reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/mexp/content_filter_bypass,
check_policy_service unix:private/policy,
check_sender_access hash:/etc/postfix/mexp/sender_access_map,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
permit
transport_maps = hash:/etc/postfix/mexp/transport_map
The second (post-content-filter interface) instance is configured in
master.cf as so:
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o myhostname=cleanmail.xxxxx
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options
=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o transport_maps=hash:/etc/postfix/mexp/transport_map
-o syslog_name=postfix-clean
The email storage server on the back end is configured as so:
virtual_alias_domains = hash:/etc/postfix/mexp/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/mexp/virtual_alias_map
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_hostname,
reject_invalid_hostname,
check_client_access hash:/etc/postfix/access,
check_helo_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/access,
check_recipient_access hash:/etc/postfix/rejected_recipients,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain
The problem is that while the backend email storage server is happy to
deliver 'user+whateverdomain.tld' to the same place as
'userdomain.tld', the email filter server rejects such email because
the address is not present in the relay_recipient_map.
I am wondering whether I am missing something here - is there a way to
make 'user+whatever' work nicely with relay_recipient_map on the
filtering server? Is there a reason why it shouldn't follow the same
rationale as virtual_alias_maps in resolving a recipient alias?
I hope someone has the answer :) Thanks in advance to anyone who can
clear this up for me.
Best Regards,
Mark Sutton
Fubra Limited
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]