hi-
i have a mail submission server [submission/587 only] [msa.example.com]
for our users [config below]. in that context, it's working as desired.
we also have another, separate, msa [msa.systems.example.com], which
servers and other infrastructure devices use for submitting mail. how
can i configure postfix so that all mail introduced via sendmail(1) on
msa.example.com [regardless of envelope sender/recipient, etc] is
delivered directly to msa.systems.example.com:submission, and smtp auth
is performed with the necessary credentials, while not changing any
other existing elements of mail flow [for example, mail addressed to
f...@systems.example.com, introduced via submission, should not be
delivered directly to msa.systems.example.com:submission, but rather
follow the unadulterated delivery path]?
thanks
-ben
>postconf -nf
address_verify_negative_expire_time = 30m
address_verify_negative_refresh_time = 5m
address_verify_poll_count = 20
address_verify_poll_delay = 1s
alias_database =
alias_maps =
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = lmtp-filter:[mfa.example.com]:lmtp-filter-internal
delay_warning_time = 4h
disable_vrfy_command = yes
dist_list_restrictions = check_recipient_access
pcre:${table_directory}/dist_lists.pcre
enable_long_queue_ids = yes
local_header_rewrite_clients = check_address_map
cidr:${table_directory}/local_header_rewrite_clients.cidr
local_recipient_maps =
local_transport = error:local mail delivery is disabled
masquerade_domains = ${mydomain}
message_size_limit = 20971520
mydestination =
mydomain = example.com
myhostname = msa.${mydomain}
mynetworks =
myorigin = ${mydomain}
parent_domain_matches_subdomains =
pki_directory = ${config_directory}/pki
proxy_read_maps = ${virtual_alias_maps}
proxy:ldap:${table_directory}/sender_logins.cf
proxy:ldap:${table_directory}/dist_lists.cf
smtp_address_preference = ipv4
smtp_helo_name = ${myhostname}
smtp_tls_CAfile = /etc/pki/trusted_root_authorities/ca-certificates.crt
smtp_tls_fingerprint_digest = sha1
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = ${myhostname} ESMTP mail_submission_service
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender
reject_unknown_sender_domain reject_non_fqdn_recipient
reject_unknown_recipient_domain reject_unauth_pipelining
check_recipient_access hash:${table_directory}/bogus_domains
check_recipient_access
hash:${table_directory}/recipient_verification_domains
check_recipient_access proxy:ldap:${table_directory}/dist_lists.cf
check_recipient_access
pcre:${table_directory}/filter_training_transport.pcre
check_client_access
cidr:${table_directory}/non_auth_submitters.cidr
reject_plaintext_session
reject_sender_login_mismatch permit_sasl_authenticated reject
smtpd_reinjection_banner = ${myhostname} ESMTP mail_reinjection_service
smtpd_reinjection_restrictions = check_client_access
cidr:${table_directory}/reinjection_access.cidr reject
smtpd_relay_restrictions =
smtpd_restriction_classes = smtpd_reinjection_restrictions
dist_list_restrictions
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = inet:[::1]:sasl
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:${table_directory}/sender_logins.cf
smtpd_tls_CAfile = /etc/pki/trusted_root_authorities/ca-certificates.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = ${pki_directory}/${myhostname}-cert.pem
smtpd_tls_dh1024_param_file = ${pki_directory}/dh_2048.pem
smtpd_tls_dh512_param_file = ${pki_directory}/dh_512.pem
smtpd_tls_fingerprint_digest = sha1
smtpd_tls_key_file = ${pki_directory}/${myhostname}-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
strict_rfc821_envelopes = yes
table_directory = ${config_directory}/tables
transport_maps = hash:${table_directory}/transports
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_domains =
virtual_alias_expansion_limit = 2000
virtual_alias_maps = proxy:ldap:${table_directory}/virtual_aliases.cf
>postconf -Mf
smsp inet n - - - - smtpd
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
smtp-filter unix - - - - 10 smtp
-o smtp_data_done_timeout=20m
-o smtp_send_xforward_command=yes
-o smtp_generic_maps=
-o smtp_fallback_relay=
lmtp-filter unix - - - - 10 lmtp
-o lmtp_data_done_timeout=20m
-o lmtp_send_xforward_command=yes
-o lmtp_generic_maps=
smtp-reinject-internal inet n - - - - smtpd
-o syslog_name=postfix/smtp-reinject-internal
-o smtpd_banner=$smtpd_reinjection_banner
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=smtpd_reinjection_restrictions
-o smtpd_relay_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o local_header_rewrite_clients=
