On 9/3/2011 2:52 PM, Nikolaos Milas wrote:
> On 3/9/2011 10:10 μμ, Noel Jones wrote:
> 
>> Yes, although you may want to use relay: rather than smtp: as the
>> transport name. The different name allows postfix to more
>> efficiently schedule delivery for those domains, and allows you to
>> use different relay delivery settings if needed. -- Noel Jones 
> 
> Thanks for the valuable info.
> 
> One more bit.
> 
> If we use:
> 
>    relay_recipient_maps =
> 
> (that is, empty) then *all* recipients for the hosted domains (those
> listed in relay_domains) are accepted/forwarded?

Yes.  That turns you into a backscatter source, clogging your queue
with undeliverable mail and eventually getting you blacklisted.

Not recommended.

> Is there a way we can configure the gateway server to ask the final
> delivery server (as defined in /etc/postfix/transport) whether the
> user is valid and decide to allow or reject the mail transfer? In
> this way we don't have to maintain a list of recipients.

http://www.postfix.org/ADDRESS_VERIFICATION_README.html

This requires that the next-hop server reply with a 5xx response to
nonexistent recipients.


> Alternatively, we can use ldap-based checking (because our users are
> LDAP-hosted), but what about their aliases (which are also
> LDAP-based)? On the main destination server we use:
> virtual_mailbox_maps and virtual_alias_maps with ldap-based
> definitions. Can/should we use those for relay_recipient_maps? An
> additional problem is that on the mail servers of some subdomains
> the users are not LDAP-hosted but standard local unix users. Asking
> directly the destination server for recipient validation would solve
> all these problems.
> 

You can use ldap for valid recipients.  Structure your query so that
valid aliases are also included.

For your Unix users, you can do an automated periodic dump to a hash
file and rsync it to the server.  You can use both ldap and a hash
map in relay_recipient_maps -- that's why the parameter is named
"_maps" plural.

Or just use active recipient verification.  Whichever works best for
your environment.



  -- Noel Jones

Reply via email to