Hello, I have implemented the "recipient_relay_map" in main.cf, and have my email server & gateway automatically building a fresh recipient hash every hour.. yet, it doesnt work. If I create an account on my internal email server, and dont put that address in my hash, the account can still receive email.
Here is my postconf -n info: biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix default_destination_concurrency_limit = 20 default_privs = nobody fast_flush_domains = $relay_domains html_directory = no in_flow_delay = 1s inet_interfaces = all local_destination_concurrency_limit = 5 local_recipient_maps = local_transport = local mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, XXX.com, localhost, localhost.$mydomain mydomain = XXX.com myhostname = XXX.com mynetworks = XXX.XXX.XXX.XXX/24, 127.0.0.0/8 myorigin = $myhostname newaliases_path = /usr/bin/newaliases notify_classes = protocol, resource, software queue_directory = /var/spool/postfix readme_directory = no relay_domains = hash:/etc/postfix/relay_domains relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, check_policy_service inet:127.0.0.1:10023 transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 I have obfuscated my hostnames and IP addresses for security. My instinct tells me this has something to do with the fact that im specifying "relay_domains" AND "recipient_relay_maps", but maybe im missing somethign in the documentation? Any assistance is greatly appreciated. Thank you! ++ Amaru --- On Tue, 8/12/08, Noel Jones <[EMAIL PROTECTED]> wrote: From: Noel Jones <[EMAIL PROTECTED]> Subject: Re: PostFix with Postgrey (large mail queue) To: "Amaru Netapshaak" <[EMAIL PROTECTED]> Cc: postfix-users@postfix.org Date: Tuesday, August 12, 2008, 2:57 AM Amaru Netapshaak wrote: > Thanks for your response. The emails in the queue are bounces > from my email server. This box is just an email gateway which relays > to an internal email server. > > I believe NDR means "Non Deliverable Return" -- im basing my decisions > on that assumption. :) So yes, these are NDRs. > > All the MAILER-DAEMON messages are for recipients on my internal > email server, but those recipients no longer exist. There are thousands > of accounts on the internal email server, so specifying them in a > recipient list seems excessive. Perhaps im not reading those documents > carefully enough. I am already specifying $relay_domains. But since > I am relaying, using "local_recipient_maps" wont help, and a "relay_ > recipient_map" would be a major hassle. Any other tips? You need to validate recipients. The best way to do that is to create a relay_recipient_maps table. Automate the procedure so you don't have to mess with updates. The trouble of implementing proper recipient validation will pay off handsomely when compared with dealing with an overloaded server. And you will be blacklisted as a backscatter source, which will be a major headache. If it's simply not possible to get a user list from the internal server, let postfix build one automatically by using recipient verification. This only works if the internal server rejects unknown recipients during SMTP, and doesn't itself accept and bounce. http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient -- Noel Jones
