On 9/30/2013 5:21 AM, no@s...@mgedv.net wrote: > hi, > > my postfix should be the 1st entry point for a multi-domain-environment. > i want postfix to do recipient verification in order to avoid mails being > relayed to > the internal host for users, which do not exists (actually, legal compliance > needs > to be achieved that mail is not accepted until a valid receiver mailbox > exists). > > situation: > - postfix runs on it's own server > - 4 well registered domains > x1.com > x1.net > x1.org > x2.us > - 1 external IP for all (DNS MX points there for all of them, this works): > 222.111.222.111 > - 1 internal mailsystem (ms-exchange), which is authoritative for all 4 > mail-domains. > hostname: mail.int.demo.lan > ip-address: 10.10.10.1 > - postfix is the 1st contact from outside > - manual entry in /etc/hosts that tells postfix to use the internal IP for > mail.x?.* > (eg. "10.10.10.1 mail.int.demo.lan mail.x1.com mail.x2.com mail.x3.com > mail.x2.us") > - all domains listed in "relay_domains" in main.cf > > all this stuff works perfectly for x2.us. but not for the others. for any > reason > postfix always resolves the "outside" IP for the x1.* domains, although the > entry in /etc/hosts should point it to the inside IP. > of course, the connect times out (loop-connect across the fw does not work).
/etc/hosts does not override MX records. Use transport_maps to tell postfix where to deliver mail. http://www.postfix.org/postconf.5.html#transport_maps And define external firewall IP addresses in proxy_interfaces so postfix knows which IPs should not be used for delivery. http://www.postfix.org/postconf.5.html#proxy_interfaces -- Noel Jones > > syslog entries as follows: > postfix/smtpd 2013-09-30 10:45:23 NOQUEUE: reject: RCPT from > mail.xxx.yyy[222.222.222.222]: 450 4.1.1 <u...@x1.com>: Recipient address > rejected: unverified address: Address verification in progress; > from=<u...@xxx.yyy> to=<u...@x1.com> proto=ESMTP helo=<mail.xxx.yyy> > postfix/smtp 2013-09-30 10:45:47 connect to mail.x1.com[222.111.222.111]:25: > Operation timed out > postfix/smtp 2013-09-30 10:45:47 BB2D44AF07: to=<u...@x1.com>, relay=none, > delay=30, delays=0/0.01/30/0, dsn=4.4.1, status=undeliverable (connect to > mail.x1.com[222.111.222.111]:25: Operation timed out) > > any ideas how i can tell postfix to use the internal IP for my hosted > domains? > faking DNS with an own server is not an option, btw, as other DNS records > from > these domains need to be resolved properly for web-tools and such. > > regards, > martin > >
