> On Jun 21, 2019, at 3:44 PM, Cooper, Robert A <racoo...@tamu.edu> wrote:
>
> Howdy!
>
> We are setting up Postfix to be an on-premise mail lookup and forward service
> for a cloud-based mail filter service (ProofPoint). Our campus uses LDAP to
> route email from a public alias (@tamu.edu) to an internal mailbox (e.g.,
> @exchange.tamu.edu) or external destination such as yahoo or gmail.
>
> The issue we are seeing is that the lookups are working just fine, but if an
> email is sent to a bogus public alias or a valid alias without a defined
> routing address in LDAP, Postfix then attempts to pass on the @tamu.edu
> address to the next hop instead of failing the lookup and bouncing. We are
> running postfix 2.10.1 (CentOS 7) and I can't seem to find a configuration
> that will fail messages back if there is no LDAP mailRoutingAddress. Right
> now, we are getting bounces but they are being generated from the on-prem
> ProofPoint appliance and not Postfix. The on-prem appliances are going away
> (which is what prompted this change to begin with).
>
> Is there something I'm missing in configuration that would fail if LDAP does
> not return a routing address?
>
> Thanks,
> RobertC
>
>
> postconf -n
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_at_myorigin = yes
> biff = no
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
> $daemon_directory/$process_name $process_id & sleep 5
> defer_transports =
> disable_dns_lookups = no
> disable_mime_output_conversion = no
> disable_vrfy_command = yes
> html_directory = no
> inet_interfaces = all
> inet_protocols = ipv4
> lmtp_destination_concurrency_limit = 2
> lmtp_host_lookup = native
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport =
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> message_size_limit = 52428800
> mydestination = $myhostname, localhost.$mydomain
> mydomain = syse.tamu.edu
> mynetworks = /etc/postfix/mynetworks.cidr
> myorigin = $myhostname
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> queue_run_delay = 300s
> readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
> relayhost =
> sample_directory = /usr/share/doc/postfix-2.10.1/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_host_lookup = native
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
> smtpd_client_connection_count_limit = 1000
> smtpd_client_restrictions =
> smtpd_helo_required = no
> smtpd_helo_restrictions =
> smtpd_recipient_limit = 1000
> smtpd_recipient_restrictions =
> permit_mynetworks,reject_unknown_recipient_domain,reject_unverified_recipient
> smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination
> smtpd_sasl_auth_enable = no
> smtpd_use_tls = no
> strict_8bitmime = no
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = ldap:/etc/postfix/tamu.ldap
>
> postconf -M
> smtp inet n - n - - smtpd
> pickup unix n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr unix n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp -o
> smtp_fallback_relay=
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
See Mail forwarding configuration example at
http://www.postfix.org/VIRTUAL_README.html#forwarding
Your Postfix may still accept mail to any address when the client IP address
matches any network or network address listed in $mynetworks, according to:
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
