On Tue, Oct 7, 2008 at 4:06 PM, Paul Cocker <[EMAIL PROTECTED]> wrote: > This server is only the secondary mail server for incoming mail, so it > won't be bouncing anything just passing it onto the primary server which > does perform valid recipient checks. I don't see any point doing it here > too as it just means more hits against the AD servers for no greater > effect, unless I needed to lessen the load on the primary MX server > which I don't.
please do get a relay_recipients map. That way you block all mail at the gate which should not be there. Otherwise you are becoming a source of backscatter. We have a similar setup here. I have writtten a simple batch file which dumps all the e-mail addresses of AD to a file. I copy this file to the postfix gateway, a bit of perl and it is done. It is quite simple actually. the batch file uses adfind.exe (http://www.joeware.net/freetools/tools/adfind/index.htm) and pscp (from putty); you need to create a key to be able to copy the files to the unix host (but this is not the place to ask). I use a unix user at the postfix box with inlogname: exchangeuxdf -===============batch.bat================== @echo off d: cd d:\scripts\ldap adfind -sc exchaddresses:smtp > d:\scripts\ldap\virtual.txt pscp -i "d:\scripts\ldap\exchangeuser.ppk" "D:\Scripts\ldap\virtual.txt" [EMAIL PROTECTED]:/home/exchangeuser ============================================= adfind dumps all smtp addresses to the file virtual.txt and then that file gets copied to the postfix server. The format of the virtual.txt is this: dn:CN=cn,OU=ou,OU=ou,DC=dc,DC=dc >proxyAddresses: SMTP:[EMAIL PROTECTED] >proxyAddresses: smtp:[EMAIL PROTECTED] >proxyAddresses: smtp:[EMAIL PROTECTED] Postfix expects this format: [EMAIL PROTECTED] OK ^^^^^ -> this is a tab so using your favourite scripting langauge you can quite easily parse it and adapt it to the format postifx wants. I have this script, it works for me: ====================== #!/usr/bin/perl use warnings; use strict; use File::Copy; my $valid_recpts = "/home/exchange/virtual.txt"; # original file from exchange my $relay_recps = "/home/exchange/relay_recipients"; # final file that will be postmapped my $dos2unix = `/usr/bin/dos2unix $valid_recpts`; # fix those pesky differences between dos en unix my $postfix_relayrcpts = "/etc/postfix/relay_recipients.db"; # final relay_recipients map my $relay_recpsdb = "/home/exchange/relay_recipients.db"; # original relay_recipients map open(VALID,"< $valid_recpts") or die "$!\n"; open(RELAY,"> $relay_recps") or die "$!\n"; while(<VALID>) { next unless $_ =~ /^.*(smtp:)(.*\.nl)$/i; print RELAY "$2\tOK\n"; } close(VALID); close(RELAY); chown exchangeuser, exchangeuser, $valid_recpts; # otherwise exchange cannot overwrite it my $postmap = `/usr/sbin/postmap $relay_recps`; move($relay_recpsdb, $postfix_relayrcpts); ============================================ in main.cf the relevant part for relay_recipients is: relay_recipient_maps = hash:/etc/postfix/relay_recipients We run those scripts every 6 hours. This setup has been working for over a year now and e-mail has stopped being an issue for us. HTH. -- Groeten, J.Asenjo
