George Vilches wrote:
The question: Is it possible to have a domain do address rewriting and
relaying in some combination?
The network structure is as follows:
All mail goes to a single border gateway server, which is the one that
all of the following will talk about. From this gateway, mail then
passes to a spam filtering server, with particular requirements. Then,
mail is passed to one of the internal servers.
The requirements of the spam filtering server:
1) The e-mail address arriving must be a real user (i.e. all address
resolution must already be done)
2) The e-mail address of the envelope must be the real user's e-mail
address. i.e. [EMAIL PROTECTED], not [EMAIL PROTECTED]
This document should be helpful:
http://www.postfix.org/SOHO_README.html
Given that, here's what our current virtual tables look like (the last
entry was changed for illustrating the point):
example.net Domain
@example.net @example.org
Don't use "@domain @domain" wildcard mappings. These defeat
recipient validation and turn you into a backscatter source.
Rather use an explicit list of all valid user mappings. Use
your scripting skills to generate the list rather than keeping
it by hand.
example.info Domain
[EMAIL PROTECTED] [EMAIL PROTECTED]
example.org Domain
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] bob <------ ILLUSTRATION ONLY! To point out
a real user.
Typically the real user would be a 1-1 address mapping:
[EMAIL PROTECTED] [EMAIL PROTECTED]
or mapped to localhost:
[EMAIL PROTECTED] [EMAIL PROTECTED]
What this indicates is that bob is the only real user in the entire
system, and hence the only user that mail should ever be passed through
from the border gateway server to the spam server. All other users need
their addresses resolved (or bounces need to occur) to
[EMAIL PROTECTED] before being passed on to the spam server. Naturally
this is a simplification, but if I can get it working for one user on
one domain, more should be straightforward.
Examples:
1) [EMAIL PROTECTED] arrives at border gateway, gets rewritten to
[EMAIL PROTECTED], gets relayed to spam filtering service with new
envelope sender)
2) [EMAIL PROTECTED] arrives at border gateway, gets rewritten to
[EMAIL PROTECTED], gets relayed to spam filtering service with new
envelope sender)
3) [EMAIL PROTECTED] arrives at border gateway, gets rewritten to
[EMAIL PROTECTED], cannot be rewritten further, cannot be found, bounces.
I've tried putting [EMAIL PROTECTED] in the transport table with a
transport of smtp:[www.xxx.yyy.zzz] which causes a relay denied error.
I've tried setting it up as a relay_domain which gets this warning:
"warning: do not list domain example.org in BOTH virtual_alias_domains
and relay_domains" and doesn't seem to give the expected behavior
anyway. I've changed the virtual alias line for [EMAIL PROTECTED] to have
a value of [EMAIL PROTECTED] as well, with no change in results.
Sounds as if you need to decide what address class your domain
belongs to. Please see:
http://www.postfix.org/ADDRESS_CLASS_README.html
--
Noel Jones
