On Thu, 30 Jul 2009 22:45:04 -0500, Noel Jones <njo...@megan.vbhcs.org> wrote: > Jeff Grossman wrote: >> I am currently running a Gentoo machine with >> Sendmail/MIMEDefang/Spamassassin/Clamav which acts as a front-end mail >> server to a couple of different mail servers. The main back-end mail >> server >> is an Exchange 2003 server and the other is currently a Mac OSX machine >> running Mailman. I am using a mailertable to direct the different domains >> (10 domains go to the Exchange server and 1 domain goes to the OSX >> machine). I am using MIMEDefang's md_check_against_smtp_server feature to >> verify recipients before they are accepted at the gateway. >> >> I am going to switch to a Debian machine with >> Postfix/Amavisd/Spamassassin/Clamav as my new front-end mail server to >> the >> Exchange server and the OSX machine (I am going to use the old Gentoo >> machine for mailman once I wipe it and install Debian). >> >> 1. Can I use the reject_unverified_recipient feature to get the same >> functionality as I did with MIMEDefang's md_check_against_smtp_server? > > Yes, postfix built-in verification works very similar. See: > http://www.postfix.org/ADDRESS_VERIFICATION_README.html > >
Thank you. Makes me feel better knowing that I can get the same functionality. >> have seen articles about exporting the Exchange users via LDAP and >> putting >> them in an access map file on the Postfix server, but I am not a big fan >> of >> that. I would prefer to just query the Exchange server directly for >> valid >> addresses. > > OK, your choice. > >> 2. Is it possible to only require the reject_unverified_recipient option >> on certain domains? > > Yes. Use a check_recipient_access map that returns > "reject_unverified_recipient" for the target domain. > Cool. I wasn't aware of that. I will look into that and see what I need to do. >> 3. Do I just set up each domain in a Transport Map file and tell it >> which >> server to send the mail to? > > This step is only necessary if the destination IP differs from > what postfix will find with an MX lookup of the domain. > I am going to use it just in case I screw something up with DNS in the future. Do I also need to put each domain in a relay allowed file? Or is putting them in transport maps enough to tell Postfix to accept mail for those domains? >> >> I also have some e-mail addresses on the Exchange server that I do not >> want >> the gateway to accept mail for. That should be pretty easy I can just >> put >> them in a recipient check hash file. But, nothing is ever easy, there >> are >> a few e-mail addresses that I would like to receive mail for to those >> restricted Exchange e-mail addresses. > > General per-sender, per-recipient, etc. info can be found here: > http://www.postfix.org/RESTRICTION_CLASS_README.html > Thanks again for the pointer. >> And, any mail created from that >> machine itself would need to be able to send to those restricted Exchange >> addresses. How can I do that? > > Mail locally submitted via the sendmail(1) interface does not > go through the various smtpd_*_restrictions. > > and generally the "inside" machine would be included in > mynetworks, which is normally excluded from most restrictions > by the permit_mynetworks rule. > Yeah, I think the mynetworks should be good enough. I will test it out next week after I get it all setup and see how everything works. >> >> Thank you for any help you can offer me or guidance on where I can look >> for >> answers. >> >> Jeff > > Welcome to postfix! Thank you for your help. Jeff
