post...@corwyn.net wrote:
I have a postfix mail server (postfix-2.3.3-2.1.centos.mysql_pgsql)
hosting 20-30 virtual domains on mysql.
Now I find myself with the need to make that server also the secondary
MX for another specific domain that I was for all users.
If I understand the steps correctly (from
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall), I
need to:
Add the MX record to DNS,
Add a relay_domains entry:
relay_domains = the.backed-up.domain.tld
add:
relay_recipient_maps = hash:/etc/postfix/relay_recipients
Yes, the above is correct.
Add an entry to /etc/postfix/relay_recipients:
@the.backed-up.domain.tld x
Technically correct, but unwise.
You must validate recipients for the backed-up domain. Either
create some method for updating the relay_recipients_maps
table, or use postfix's active verification through the
reject_unverified_recipient restriction. Use a
check_recipient_access table to restrict verification probes
to only the relay domain.
[r...@agencymail filter.d]# postconf -n
...
maximal_queue_lifetime = 2d
That's quite short. Do you have lots of undeliverable mail?
smtpd_client_restrictions =
smtpd_data_restrictions = reject_multi_recipient_bounce
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_non_fqdn_sender permit_mynetworks permit_sasl_authenticated
check_client_access hash:/etc/postfix/agencies
reject_unauth_destination check_helo_access
pcre:/etc/postfix/helo_checks check_sender_access
hash:/etc/postfix/access reject_unknown_sender_domain
reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.sorbs.net reject_rbl_client cbl.abuseat.org
cbl.abuseat.org is included in zen.spamhaus.org. You should
remove it.
"The more I learn, it seems, the less I know." Frazz
How true...
-- Noel Jones