-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, 2024-02-13 at 18:32 +0100, Geert Hendrickx via Postfix-users wrote: > On Tue, Feb 13, 2024 at 12:23:32 -0500, Wietse Venema via Postfix- > users wrote: > > - masquerade_domains complicates table-driven address validation. > > Log a deprecation warning with compatibility_levels>=3.9. > > > What's the alternative for masquerade_domains ?
FWIW I use multi-master LDAP with a bunch of virtual transport and relay records in main.cf. This also has the benefit that my MX hosts can authenticate users and allow them to send email out via that route in the event of the main [submission] host being down. The solution may not be for everyone, but has worked for me in a number of scenarios - even one where the actual mail server was "hidden" (the bosses term, not mine) behind a couple of layers of MX and was (I'm not going to name names) a particular "collaboration suite" that was a java web frontend with a combination of different FOSS tools underneath - the ones that were of use to me were openldap, postfix, dovecot, and mysql/maraidb. This allowed us to extract lists of valid domains, and email addresses to let through the remote MX's (both in and out) - all we had to do was run a small script once an hour to get those lists, and if they had changed push them out to the MX hosts. This solution was _almost_ as good as having either multi-master or slave nodes for LDAP (or a database server if that is you weapon of choice). Distributing your data like this can be good for redundancy purposes as well (being able to dump and backup a database, ldap directory, or even just text lists in multiple locations can save your bacon when things get rough), it can also make it easier for failover and faster for passing through only legitimate mail. Three of the documentation pages with either relevant information, or config directives that can help with this are: https://www.postfix.com/SMTPD_ACCESS_README.html https://www.postfix.com/VIRTUAL_README.html https://www.postfix.com/SMTPD_POLICY_README.html And if that's not enough just start reading the page with _all_ the configuration directive and figure out what you need 🙂 - -- Nikolai Lusan Email: niko...@lusan.id.au -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAmXMvx8ACgkQ4ZaDRV2V L6RgOQ//bzBsmvF8G/lxIfhUhZ/tBlWv0kHpeYnUzizj93R9P6ODfv3UjTm+gYH1 RlCe0zbeQ+rbnx7H4jTJRnp1Uy9R8zhw+RVj3zPtFEQYXAc+iN45P6GeZh6K+a6q /v3Qw5G18qHJ5fFOmo2ojMNl/s9hjecuaMUwLRrFrf93JlQkBERTctKiSWRAv5eq /WaicL/hlpk+U1cwFrWTcxoAaZ+DTBrBmBZVG5zpRY/s2vvhx+wbY7rRAViirmM2 6kqIOwEmNOuxYNd7yFMQEQS2DRNkfmX8XjrN/XW5Il+Z0aS4TyswNderc/KLR/rg Zs2RiCKot8l/9Pr1vBxPbYBGu4D074mJTOGicOodYeQC6BhA1QFbAh5TzkQxnuJ1 vqC+2lHkD4eyVogvLPfkrI6xU5Birn/Fh/G5xCER3fWq0Ae1SVksakriBCOMSw02 izrd0Ehdh5BSxjiHc2ixVR7uSOjNu6l8OgNBntw8PnXiwvcTUVOyPKelYIsGT6u0 7kOe81I+E9qm1wa8tg4HRoB7+sMLpsxqbhDNAW3x0DzsW7vbkcDtt2slxiwzDcRT CH0EGAInFZeLh2weoLalNDcpp5QCAz4GzOyxfjmtS7WMfuJghtpmBO7ar0CqvZQC nVKxIeaSWJsVxbu/AkFLZajuR1scjyBP5rmXdmWBN47YyoENJO8= =4/pO -----END PGP SIGNATURE----- _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
