Noel Jones wrote:
David Denny wrote:
I am setting up an inbound postfix instance to run on a dmz host.
Its purpose is to accept mail only for specific relay_recipients and to
transport them to an internal postfix server.
OK, a standard relay_domain with valid recipients listed in
relay_recipient_maps.
I have demonstrated proof of concept with this * but there is a tweak I
cannot easily figure out from the documentation after having tried a few
obvious options and reset them. Something basic is missing from my
understanding, correcting which would be appreciated.
Firstly I need to be sure that nothing entering this server will go out
to the internet.
relayhost = [ip.of.internal.gateway]
All traffic needs to go to the internal smtp box which maildrops stuff
into local unix accounts.
There is a third box running outbound postfix which is meant to receive
outbound mail from clients and have access (in the first place) to my
ISPs smarthost.
If this seems overengineered, sorry. But I am attempting to learn the
details and having things on separate boxes helps.
** Anyway, the issue I am tussling with is that mails destined FOR
internal hosts don't resolve locally and instead escape out to my ISP's
smarthost where they are picked up with an invalid domain and bounced. I
would like to stop this behaviour.
** Actually they don't go to the smarthost. Please see later
Which fragments of my various configuration files would be useful to
help diagnose this?
I observe that mails are escaping directly from this machine and not
going to the internal maildrop server nor to the outbound smtp box. In
fact, the inbound postfix service is attempting to resolve the internal
address as an Internet domain "Diagnostic-Code: X-Postfix; Host or
domain name not found. Name service error for name=xxxxx.yyyyy
type=AAAA: Host not found".
and a transport_maps entry to help postfix find this host if it's
different from the relayhost.
# transport
xxxxx.yyyyy relay:[ip.of.internal.host]
-- Noel Jones
Thanks Noel. I added the relayhost and transport entries.
If I mail to da...@[i.p.add.ress] it reaches the internal destination.
If I mail to da...@xxxx.yyyy it goes out to the internet
So looks like a DNS issue.
I copied /etc/hosts into the chroot directory /var/spool/postfix but
that had no beneficial effect.
Stumped... will continue with google unless or until someone else gets
here first.
Cheers
DD
begin:vcard
fn:David Denny
n:Denny;David
email;internet:reply...@daviddenny.co.uk
tel;cell:+44 (0) 7834 773 673
version:2.1
end:vcard
