On Thu, Feb 16, 2012 at 10:49:10AM +0100, Angel L. Mateo wrote:
> My config is:
>
> virtual_alias_maps = hash:/etc/postfix/alu-aliases,
> hash:/etc/postfix/dif-aliases,
> proxy:ldap:/etc/postfix/ldap-sysaliases.cf
>
> relay_recipient_maps = hash:/etc/postfix/relaydomains,
> hash:/etc/postfix/alu-aliases,
> hash:/etc/postfix/dif-aliases,
> proxy:ldap:/etc/postfix/ldap-vmail.cf,
> proxy:ldap:/etc/postfix/ldap-sysaliases.cf
There is no need to list virtual alias lookup tables in
relay_recipient_maps. Postfix performs that lookup automatically,
therefore, the relay_recipient_maps setting should be just:
relay_recipient_maps = hash:/etc/postfix/relaydomains,
proxy:ldap:/etc/postfix/ldap-vmail.cf
> In my tests I have found that during a smtp transaction the next
> searches are done:
If your LDAP tables contain no "bare" (just the local part) address
lookup keys, you may consider using "%u@%d" instead of "%s" in the
query definition. That could also avoid some unneeded lookups,
otherwise Postfix performs the lookups it needs to, and unless
you've failed to index your LDAP attributes appropriately, Postfix
is unlikely to be a significant burden on LDAP, nor is LDAP likely
to noticeably slow down Postfix.
> mydestination = $myhostname, localhost.\$mydomain, localhost
That "\" is unlikely to be what you want.
> mynetworks = 127.0.0.0/8, 155.54.0.0/16, 10.54.0.0/16, 10.56.0.0/16,
> 10.64.0.0/28, 172.19.0.0/16, 155.54.212.160/28
With the entire class 155.54/16 listed, no need for the final /28.
> smtpd_banner = $myhostname NO UCE ESMTP
Don't, or at least make it "$myhostname ESMTP NO UCE", that ESMTP is not
semantically valid unless it immediately follows the hostname.
> smtpd_client_restrictions =
> reject_rbl_client rbl.um.es,
> permit_sasl_authenticated,
> check_client_access hash:/etc/postfix/whitelist_um,
> reject_unknown_reverse_client_hostname,
> check_client_access cidr:/etc/postfix/client_checks.cidr,
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_end_of_data_restrictions = $(smtpdEndOfDataRestrictions)
> smtpd_helo_restrictions =
> permit_mynetworks,
> check_helo_access hash:/etc/postfix/helo_checks
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
> check_recipient_access hash:/etc/postfix/verified_recipient_checks,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> check_recipient_maps,
> permit
You don't need these last two, they are implicit.
> smtpd_sender_restrictions = reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> check_sender_access pcre:/etc/postfix/sender_checks.pcre
Otherwise nothing else to do in Postfix, make sure your LDAP tables
are properly indexed.
--
Viktor.
