I'm running postfix as a mail gateway for my campus. I want to direct all inbound SMTP traffic from the world through the gateway systems.
There are about 30 mail systems on campus... one large central system which handles 99 percent of all mail and 29 small mail systems that either exist for a single purpose (our CA, for example) OR serve small departments that have legacy systems or special needs. For the central domain my config looks like this: main.cf ----------- smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit parent_domain_matches_subdomains = mynetworks mynetworks = 127.0.0.0/8 1.2.3.0/24 # 1.2.3.0/24 is the vLAN for the core mail system relay_domains = ku.edu mail.ku.edu abc.org def.org ghi.com jkl.org # All these domains are part of the core mail system relay_recipient_maps = proxy:ldap:/postfix/etc/ldap_lookup.cf ----------- ldap_lookup.cf ----------- server_host = lookupserver.ku.edu server_port = 389 domain = ku.edu, mail.ku.edu, abc.org, def.org, ghi.com, jkl.org version = 3 timeout = 10 query_filter = (proxyAddresses=smtp:%s) result_attribute = mail search_base = dc=ku,dc=edu scope = sub bind_dn = cn=ldap_lookup_user,ou=users,dc=ku,dc=edu bind_pw = xxxxxxx ----------- With a transport map pointing to the mailbox servers and all this works flawlessly. So now I want to handle inbound mail for the domain 'certificate-authority.ku.edu'. For this domain I am not able to do any sort of a lookup... rather, I just want to accept inbound mail, run it through hygiene services, and forward it on to the destination server if it passes hygiene. If I add certificate-authority.ku.edu to the list of relay domains, mail sent to it is rejected with a "User unknown in relay recipient table" -- which is accurate since there is no lookup table for it. Adding "permit_auth_destination, as the second item under smtpd_recipient_restrictions doesn't help. Anyone have any thoughts on how I can do this? :Jim