JDP wrote:
Internet <-> Postfix-Gateway <-> internal Mailserver
All Mails are running through the Postfix server either from outside or inside. If you have three domains that postfix should accept mails for and then relay to the internal server you should set up the domains as relay domains.
Yes, this is correct; Internet -> Postfix/MailScanner -> Internal MailServer
/etc/postfix/main.cf:
# internal trusted net that is allowed to relay mynetworks = 192.168.1.0/24, 127.0.0.0/8 # domains that postfix should accept mails for from the internet relay_domains = domain1.example.com, domain2.example.com, domain3.example.com # reject not listed recipients as invalid, otherwise mail would bounce later relay_recipient_maps = hash:/etc/postfix/relay_recipients This is interesting; how to I tell Postfix to check the internal mailserver (Exchange) for address verification?
recipient validation uses a file, in this example /etc/postfix/relay_recipients. Recipient verification is a lot more resource intensive and simply queries the backend server while the mail is transmitted to check if the recipient address is valid. This only works if your version of Exchange can reject invalid recipients during the smtp dialogue. You tell postfix to check if the recipient address is valid or not.
# accept mails for relay_domains and relay for mynetworks smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
For recipient verification you would insert a check to invoke the restriction: main.cf: smtpd_recipient_restriction = permit_mynetworks, reject_unauth_destination, reject_unverified_recipient Since the restriction reject_unauth_destination already filters out all mail that Postfix does not feel responsible for, the reject_unverified_recipient will query the internal servers, if the address is valid. That's all. This will only work as long as your internal exchange is running. Otherwise mail will be rejected with a temporary error. That is the reason why a local file with valid recipients is the most stable way to operate a mail gateway.
# send mail for special domains to the servers within: transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport: # brackets to suppress mx lookup domain1.example.com: relay:[192.168.1.13] domain2.example.com: relay:[192.168.1.13] domain2.example.com: relay:[192.168.1.13]
/path/to/file/with/valid/addresses: address1@domain1.example.com OK address2@domain1.example.com OK address1@domain2.example.com OK address2@domain2.example.com OK address1@domain3.example.com OK address2@domain3.example.com OK ....
This should give you a working installation without any whistles and bells. If you don't have a list with valid addresses then you either need to extract it (use an automated script later), use address verification ( postfix asks the internal server if the address is valid), This is very promising. How does this work against an Exchange server?
See above. More details are available on the postfix site: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient There are scripts available that can extract the valid recipients from an exchange server. If you have ldap enabled you can use a script on the mail gateway to query the server directly.
or, worst case, disable recipient validation. That would lead to
bounces, so I advise against it.
If you want to get startet as fast as possible set "relay_recipient_maps = ", that will disable the recipient validation.
All files with hash: in the beginning need to be converted to databases with the postmap command after every change:
postmap /etc/postfix/transport postmap /etc/postfix/relay_recipients
Okay, when running postmap I get an error of,
postmap: warning: /etc/postfix/transport, line 274: record is in "key: value" format; is this an alias file?
Should I drop the colon after the doamin name?
Oops! Yes, colons are only allowed in alias files. My bad... Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com