On Friday, March 13, 2009 at 18:02 CET,
Marcio Merlone <[email protected]> wrote:
> Long time since I last deployed a postfix server, and things used to be
> much simpler. :) Now I have set a Ubuntu 8.04 server to work as an
> anti-spam/anti-virus gateway. Messages will be sent to amavis via
> transport_maps:
>
> domain.tld smtp:127.0.0.1:10024
Should be:
domain.tld smtp:[127.0.0.1]:10024
> and amavis will deliver the message to the final destination via smtp,
> instead to this gateway server. Is this ok or bad practice?
I don't think it matters much, but it does have the consequence that if
the downstream server is down, the messages will be run through
amavisd-new again and again since it doesn't have a queue of its own.
> Anyway, this seems to be working and the problem is that I want to
> refuse mail for unknown users, so I made:
>
> alias_maps = hash:/etc/postfix/aliases
> relay_recipient_maps = ldap:/etc/postfix/ldapusers.cf $alias_maps
Why list $alias_maps there? relay_recipient_maps is looked up with full
addresses and @example.com wildcards. alias_maps is looked up with bare
username. Besides, alias_maps doesn't even apply for relay domains, only
local domains.
> relay_domains = $transport_maps
This is not recommended. What would happen if you added another entry in
your transport table? Let's say hotmail.com required special handling.
Instant open relay!
[...]
> This way, messages to [email protected] are refused as unknown user. Any
> hint on how to accomplish this? Meanwhile I'll keep searching Google,
> but when searching for postfix, it comes with tons of results, will
> have to sort them all.
To apply aliases to relay domains use virtual aliases.
--
Magnus Bäck
[email protected]
