We have an email gateway appliance at the network edge for spam/virus filtering. It relays mail to multiple postfix+imap servers behind the firewall. The back-end servers communicate directly with each other for internal mail accoss our VPN. The appliance will do smtp level recipient verification provided that our back-end services have it implemented. The problem is that we have some recipient addresses (linux /etc/alias entries as well as Active Directory distribution lists) that are intended for internal use only. We do not want these aliases to appear as valid recipients to the outside world.
So, is there a way to configure postfix to report one set of valid recipients to our internal mail servers and clients and report a subset of valid recipients to the gateway appliance? I can easily break the recipient lists into separate maps, I just don't know how to apply them based on the address of the relay or client. The internal interface of the gateway appliance is on the same subnet as everything else, but does have a static IP address that could be used to identify it. # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 inet_interfaces = $myhostname, localhost local_destination_concurrency_limit = 5 local_destination_recipient_limit = 300 local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-users.cf, ldap:/etc/postfix/ldap-aliases.cf mail_owner = postfix mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.0.0/16, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES sample_directory = /usr/share/doc/packages/postfix/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unverified_recipient transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 The ldap-alias.cf and ldap-users.cf are lookups for Active Directory distribution lists and real users. -- Jeff
