Am 15.05.2012 15:44, schrieb /dev/rob0: > On Tue, May 15, 2012 at 09:17:16AM +0200, Andreas Oster wrote: >> How can I prevent postfix from doing lookups for domains which >> are not ours ? This would reduce the amount of LDAP queries >> quite a lot. >> >> Here is my config for reference : >> >> main.cf: > > There are reasons why the list welcome message and DEBUG_README > requests "postconf -n". We'll see some of them below. > >> biff = no >> append_dot_mydomain = no > > First, everything is in alphabetic order, so we can quickly find what > we're looking for: in this case, your domain lists. > > [snip] >> mydestination = $myhostname, localhost.novanetwork.loc, localhost >> relayhost = >> relay_domains= $mydestination, hash:/etc/postfix/relay_domains > > Here are two of them, neither using LDAP. BTW you don't need to unset > relayhost, because the default is empty. And you should not have > $mydestination in relay_domains. > >> transport_maps = hash:/etc/postfix/transport_maps, >> hash:/etc/postfix/relay_domains > > Here you may have a syntax error, which "postconf -n" would show. I > guess you intended to include "hash:/etc/postfix/relay_domains" in > your transport_maps. But the email showed no leading whitespace. > > [snip] >> virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf, >> proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf > > Again, no leading whitespace indicates a possible syntax error. > > This is your culprit. You did not set/unset virtual_alias_domains, so > you're getting the default value of $virtual_alias_maps. Every > recipient domain is checked against each of your domain lists > ($mydestination, $relay_domains, $virtual_alias_domains, and > $virtual_mailbox_domains). > >> virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf >> virtual_mailbox_base = /nfs/mailstore/vmail/ >> virtual_uid_maps = static:1001 >> virtual_gid_maps = static:1001 > > These virtual(8) mailbox settings appear to be unused, as there is no > virtual_mailbox_domains definition. > > [snip] >> # Allow maximum mail size 40GB >> message_size_limit = 40480000 > > The comment is wrong. 40480000 is only 40MB. Good, because most sites > will not accept any multi-GB mail. > > [snip] >> smtpd_recipient_restrictions = >> reject_unauth_pipelining, >> permit_mynetworks, >> permit_sasl_authenticated, >> reject_invalid_hostname, >> reject_non_fqdn_sender, >> reject_non_fqdn_hostname, > > Using deprecated syntax for both *_hostname restrictions; those are > now *_helo_hostname to be explicit about what they do. > >> reject_non_fqdn_recipient, >> reject_unknown_recipient_domain, >> reject_unauth_destination, >> reject_rbl_client zombie.dnsbl.sorbs.net, >> reject_rbl_client zen.spamhaus.org, >> reject_rbl_client cbl.abuseat.org, > > Since CBL is included in Zen, you won't get much out of that CBL > lookup. > > [snip] >> proxy_read_maps = $canonical_maps $lmtp_generic_maps >> $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps >> $recipient_canonical_maps $relay_domains $relay_recipient_maps >> $relocated_maps $sender_bcc_maps $sender_canonical_maps >> $smtp_generic_maps $smtpd_sender_login_maps $transport_maps >> $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains >> $virtual_mailbox_maps > > This could also be a contributing factor. What am I to assume about > the lack of leading whitespace, when your smtpd_*_restrictions are > clearly indented? > > [snip remainder]
Hello rob0, thank you for having such a thorough look at my config. I guess I did more configuration errors than I have thought. I will try to fix those as fast as possible. Thanks Andreas
