Noel Jones wrote:
On 8/2/2011 9:31 AM, Jason Gauthier wrote:
Greetings,
Due to a new business requirement, I need to make a change with postfix that I
am not certain how to handle.
First, I use postfix as a relay only system. It does not do local delivery.
Once it does it's tasks it passes the email to a backend email system.
On the frontend, postfix handles several domains, and will bounce unknown email
by using relay_recipients:
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relay_recipients is populated from backend from legitimate email addresses.
These makes the postfix system a nice 'bouncer' for unknowns :)
Now, my requirements have changes. I have acquired a domain, we'll call it
xyz.com. I don't host it, and never have. Therefore, I do not know what
email addresses are valid. I would like to capture *any* email address sent to
xyz.com and accept it, and deliver it somehow.
I'm not sure how to accomplish this task yet, and looking for ideas. One
inchoate idea I have, is translating all the email address to 'xyz.com' to an
existing, valid, email address.
[We use the term "reject" rather than "bounce". Reject means your
server never accepts the undeliverable mail, which is good. Bounce
means you accept the mail and then return it to the (frequently
forged) sender address, which is bad. Bouncing undeliverable mail
will clog up your mail server with undeliverable messages and will
eventually get you blacklisted.]
First, to accept mail for that domain add the new domain to
relay_domains.
# main.cf
relay_domains =
... exiting domains ...
xyz.example
Since you don't have a list of valid recipients for that domain, add
a wildcard for that domain to relay_recipient_maps and use recipient
address verification.
http://www.postfix.org/postconf.5.html#relay_recipient_maps
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
# relay_recipient
... existing entries ...
@xyz.example OK
# main.cf
smtpd_recipient_restrictions =
permit_mynetworks
# permit_sasl_authenticated
reject_unauth_destination
check_recipient_access hash:/etc/postfix/verify_xyz
... other existing stuff ...
# verify_xyz
xyz.example reject_unverified_recipient
Finally, to direct the accepted mail to the proper server, use a
transport_maps entry
http://www.postfix.org/postconf.5.html#transport_maps
http://www.postfix.org/transport.5.html
# main.cf
transport_maps = hash:/etc/postfix/transport
# transport
xyz.example relay:[ip.add.re.ss]
-- Noel Jones
If I may hijack the thread... is there a way to achieve this
functionality with data stored in database (pgsql)?
I came up with following Postfix configuration:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_access hash:/etc/postfix/restrictions/recipients,
permit_mynetworks,
reject_unauth_destination,
permit
relay_domains = pgsql:/etc/postfix/pgsql/vdomains.cf
relay_recipient_maps = pgsql:/etc/postfix/pgsql/vmailbox.cf
transport_maps = pgsql:/etc/postfix/pgsql/relays.cf
vdomains.cf:
SELECT 1 FROM mailroot.domains WHERE domain='%s'
vmailbox.cf:
query = SELECT home FROM mailroot.mailboxes JOIN
mailroot.domains ON mailboxes.domains_id = domains.id
WHERE mailboxes.enabled = true AND domains.enabled = true
AND username = '%u' and domain = '%d'
relays.cf:
query = SELECT storage_path FROM mailroot.storages
WHERE id = (SELECT storage_id FROM mailroot.domains
WHERE domain = '%d' and enabled = true)
This works for domains for whose I have list of mailboxes. However I'm
unable to figure out a way to add "@testing.domain" into
relay_recipient_maps. When I add "testing.domain" into domains table,
Postfix sends only these queries:
SELECT 1 FROM mailroot.domains WHERE domain='testing.domain'
SELECT storage_path FROM mailroot.storages
WHERE id = (SELECT storage_id FROM mailroot.domains
WHERE domain = 'testing.domain' and enabled = true)
SELECT home FROM mailroot.mailboxes JOIN
mailroot.domains ON mailboxes.domains_id = domains.id
WHERE mailboxes.enabled = true AND domains.enabled = true
AND username = 'nonexistent' and domain = 'testing.domain'
and I get "Recipient address rejected: User unknown in relay recipient
table". Adding "@testing.domain" into table domains leads to "Relay
access denied"
I was expecting Postfix to send some query with "@testing.domain" (which
would hint me what should I add into DB), but no such query in
PostgreSQL log.
Any ideas?
