On a second glance this does NOT seem to work as Postfix does not recognize the domain if the @ is prepended to the name in either/both the main.cf or the ldap_lookup.cf file.
At this point I am stumped though I suspect this is something basic that I am just missing. Can someone point me in the right direction here. -Jim On Thu, Oct 15, 2009 at 8:23 PM, Jim Rupprecht <jimruppre...@gmail.com> wrote: > Ok, same scenario new question. > > As I note below I defined several local domains as relay domains. Here > is the list: > > ku.edu > mail.ku.edu > abc.org > def.com > ghi.org > jkl.ku.edu > mno.org > pqr.ku.edu > > These systems are mail gateways. Ignoring the lengthy list of > restrictions for the moment, in order to route mail through these > system you must either: > > 1. connect from a trusted IP address; or > 2. present mail with one of the recipient addresses domains above. > > But in testing in am seeing the following... > > Out: 220 gatewaysystem.ku.edu ESMTP Postfix > In: helo trustedsystem.ku.edu > Out: 250 gatewaysystem.ku.edu > In: mail from:validu...@ku.edu > Out: 250 2.1.0 Ok > In: rcpt to:anothervalidu...@ku.edu > Out: 250 2.1.0 Ok > In: rcpt to:someu...@yahoo.com > Out: 250 2.1.0 Ok > In: rcpt to:yetanotheru...@somedepartment.ku.edu > Out: 450 4.1.1 <yetanotheru...@somedepartment.ku.edu>: Recipient > address rejected: User unknown in relay recipient table > In: rcpt to:someonee...@mail.ku.edu > Out: 250 2.1.0 Ok > In: rcpt to:postmas...@someotherdepartment.ku.edu > Out: 450 4.1.1 <postmas...@someotherdepartment.ku.edu>: Recipient > address rejected: User unknown in relay recipient table > > (I have set unknown_relay_recipient_reject_code = 450 for testing > purposes, otherwise you would see a 550 result instead of a 450 result > code.) > > It appears that postfix is interpreting ' ku.edu ' as ' *.ku.edu '. Is > it permissible to change the ku.edu entry to @ku.edu in both main.cf > and my ldap_lookup.cf files? And if so would doing this prevent > postfix from interpreting the entry as a catch-all? > > I've tested this and it *seems* to work. Just looking for someone to > confirm what I am seeing or tell me I'm a looney (or both). > > Thanks. > > -Jim > > > > > > On Wed, Oct 14, 2009 at 12:03 PM, Victor Duchovni > <victor.ducho...@morganstanley.com> wrote: >> On Wed, Oct 14, 2009 at 11:33:22AM -0500, Jim Rupprecht wrote: >> >>> /postfix/etc/main.cf >>> ... >>> relay_domains = ku.edu abc.org def.com ghi.org mail.ku.edu jkl.ku.edu >>> mno.org >>> pqr.ku.edu >>> relay_recipient_maps = proxy:ldap:/postfix/etc/ldap_lookup.cf >> >> Perfectly reasonable. >> >>> and then /postfix/etc/ldap_lookup.cf looks like this... >>> >>> result_attribute = mail >>> search_base = dc=home,dc=ku,dc=edu >>> query_filter = (proxyAddresses=smtp:%s) >> >> Looks good (if I wanted to pick on it, the best I could come up with is >> that the parentheses are optional). >> >>> and finally /postfix/etc/transport >>> >>> ku.edu smtp:(exchange server) >>> mail.ku.edu smtp:(exchange server) >>> kansan.com smtp:(exchange server) >>> kletc.org smtp:(exchange server) >>> kualumni.com smtp:(exchange server) >> >> Use smtp:[exchange.example.com], unless the latter is an MX RRset. >> >>> Thoughts on this? Anyone have a better way to do this? At some point >>> in time I will move from ldap lookups to a file >> >> Standard configuration, by the book. >> >> You don't need to stop using LDAP. LDAP is just fine. If query volume >> is high enough, you could dedicate LDAP replicas for use by Postfix, >> and not by other Windows AD consumers. >> >> -- >> Viktor. >> >> Disclaimer: off-list followups get on-list replies or get ignored. >> Please do not ignore the "Reply-To" header. >> >> To unsubscribe from the postfix-users list, visit >> http://www.postfix.org/lists.html or click the link below: >> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> >> >> If my response solves your problem, the best way to thank me is to not >> send an "it worked, thanks" follow-up. If you must respond, please put >> "It worked, thanks" in the "Subject" so I can delete these quickly. >> >
