OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Address verification + aliases on gateway

From: Guy (wyldfurygmail.com)
Date: Fri Jan 30 2009 - 10:46:18 CST


Hi,

I've got two gateway machines that process aliases. If there is an
alias that maps to a remote address (eg. hotmail) the mail is relayed
directly to the remote domain, or if the alias maps to a local domain
the message is relayed to the back end servers. If there is no alias
the message is also relayed to the back end servers.

My main.cf currently has the following in it:
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
proxy:mysql:/etc/postfix/mysql_virtual_catchall_maps.cf
virtual_transport = smtp:backend-server.mail.net

If I want to add address verification on the gateways as well as
process the aliases do I just add:
relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/mysql_relay_recipient_maps.cf
relay_transport = smtp:backend-server.mail.net

Would replacing virtual_transport and relay_transport with a
"transport" table matching local domains to
smtp:backend-server.mail.net also work?

Something like
transport = mysql:/etc/postfix/mysql_transport.cf

mysql_transport.cf
query = SELECT transport FROM table WHERE local_domain=1 and domain='%s'

Or is there some more elegant way of doing it?

Thanks
Guy

Below is the current postconf -n:
rootaardwolf:/etc/postfix# postconf -n
2bounce_notice_recipient = postmastermail.net
anvil_rate_time_unit = 60s
biff = no
bounce_notice_recipient = postmastermail.net
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
cyrus_sasl_config_path = /etc/postfix/sasl/
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 30
delay_notice_recipient = postmastermail.net
error_notice_recipient = postmastermail.net
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix/html
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 31240000
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps
$relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$virtual_alias_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
remote_header_rewrite_domain = domain.unspecified
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_connection_count_limit = 100
smtpd_client_connection_rate_limit = 100
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 50
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
 permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, check_client_access
cidr:/etc/postfix/postfix-dnswl-permit, reject_invalid_hostname,
     reject_rbl_client zen.spamhaus.org, reject_rbl_client
bl.spamcop.net, reject_rbl_client b.barracudacentral.org,
reject_rbl_client psbl.surriel.com, reject_rhsbl_client
zen.spamhaus.org, reject_rhsbl_client bl.spamcop.net,
check_policy_service inet:127.0.0.1:10031, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_soft_error_limit = 10
smtpd_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtpd_tls_cert_file = /etc/ssl/certs/imapd.pem
smtpd_tls_key_file = /etc/ssl/private/imapd.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
proxy:mysql:/etc/postfix/mysql_virtual_catchall_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_transport = smtp:backend-server.mail.net

--
Don't just do something...sit there!