On Tue, May 15, 2012 at 09:17:16AM +0200, Andreas Oster wrote: > How can I prevent postfix from doing lookups for domains which > are not ours ? This would reduce the amount of LDAP queries > quite a lot. > > Here is my config for reference : > > main.cf:
There are reasons why the list welcome message and DEBUG_README requests "postconf -n". We'll see some of them below. > biff = no > append_dot_mydomain = no First, everything is in alphabetic order, so we can quickly find what we're looking for: in this case, your domain lists. [snip] > mydestination = $myhostname, localhost.novanetwork.loc, localhost > relayhost = > relay_domains= $mydestination, hash:/etc/postfix/relay_domains Here are two of them, neither using LDAP. BTW you don't need to unset relayhost, because the default is empty. And you should not have $mydestination in relay_domains. > transport_maps = hash:/etc/postfix/transport_maps, > hash:/etc/postfix/relay_domains Here you may have a syntax error, which "postconf -n" would show. I guess you intended to include "hash:/etc/postfix/relay_domains" in your transport_maps. But the email showed no leading whitespace. [snip] > virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf, > proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf Again, no leading whitespace indicates a possible syntax error. This is your culprit. You did not set/unset virtual_alias_domains, so you're getting the default value of $virtual_alias_maps. Every recipient domain is checked against each of your domain lists ($mydestination, $relay_domains, $virtual_alias_domains, and $virtual_mailbox_domains). > virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf > virtual_mailbox_base = /nfs/mailstore/vmail/ > virtual_uid_maps = static:1001 > virtual_gid_maps = static:1001 These virtual(8) mailbox settings appear to be unused, as there is no virtual_mailbox_domains definition. [snip] > # Allow maximum mail size 40GB > message_size_limit = 40480000 The comment is wrong. 40480000 is only 40MB. Good, because most sites will not accept any multi-GB mail. [snip] > smtpd_recipient_restrictions = > reject_unauth_pipelining, > permit_mynetworks, > permit_sasl_authenticated, > reject_invalid_hostname, > reject_non_fqdn_sender, > reject_non_fqdn_hostname, Using deprecated syntax for both *_hostname restrictions; those are now *_helo_hostname to be explicit about what they do. > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, > reject_unauth_destination, > reject_rbl_client zombie.dnsbl.sorbs.net, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client cbl.abuseat.org, Since CBL is included in Zen, you won't get much out of that CBL lookup. [snip] > proxy_read_maps = $canonical_maps $lmtp_generic_maps > $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps > $recipient_canonical_maps $relay_domains $relay_recipient_maps > $relocated_maps $sender_bcc_maps $sender_canonical_maps > $smtp_generic_maps $smtpd_sender_login_maps $transport_maps > $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains > $virtual_mailbox_maps This could also be a contributing factor. What am I to assume about the lack of leading whitespace, when your smtpd_*_restrictions are clearly indented? [snip remainder] -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
