> Sure, this is an improvement over what you had, but it seems strange > to me that mynetworks would be changing frequently. Perhaps SASL AUTH > is a better solution overall?
They don't change very often. Most of the time the problem is when adding new servers to the mix and old config files are copied over. This is part of the process we are improving upon. Until now we used mysql for several configuration settings and have migrated them to hash from our database. These values are updated on a web server ever 5 minutes (if there is a change) and the postfix servers pull these values ever 5 minutes (again, only if there is a change). The IP addresses also happen to exist in the same database so adding one line to the script allows us to make sure they stay in sync. As for SASL AUTH, we do that in most cases but some of the end point admin don't seem to grasp the concept. If they provide us access to their server, we will even configure it for them, but they seem to want to run it their way. Answer to the next question... because it pays the bills.
