Thanks Victor (& everyone else who chimed in).
I'm going to sit down with management on Monday and see if I can explain
all this to them so as to get a consensus decision on what they'd like
to do.
Cheers
Dulux-Oz
On 26/1/25 12:50, Viktor Dukhovni via Postfix-users wrote:
On Sun, Jan 26, 2
On Sun, Jan 26, 2025 at 12:11:21AM +1100, duluxoz via Postfix-users wrote:
> ... so no, there's no separate "mail-hub" / "edge-mail-gateway" set-up
> - its all the one box with the haproxy box sitting in-front.
Understood, that makes the consolidated edge/hub/submission/... server
somewhat more c
On 2025-01-25 14:46, Tomasz Pala via Postfix-users wrote:
> As the internal and external are separate accounts (if I understand
> correctly) this still seems to be the job for submission stage.
Since you care about header addresses and want to prevent users from accidental
use of them for Internet
On 2025-01-25 13:27, duluxoz via Postfix-users wrote:
> alerts/reports (to the sys-ops) and by users for internal organisation
> communication. Those users that require external email access also have
> an email account in an externally-facing domain, and usually use the
> appropriate domain when s
On 2025-01-25 10:30, Viktor Dukhovni via Postfix-users wrote:
>
> This does not do what you think it does, because the classification of
> addresses into address classes happens in the trivial-rewrite service,
> not in smtpd(8). Best to not jump-in and reply with "I would try", if
> you don't act
Well, the organisation is only small (-ish) - call it SME-sized - so
there's only a single email-stack server (postfix, dovecot, clamav,
etc), a separate webserver (hosting both internally and
externally-facing websites, including roundcube hosting all the email
domains), a haproxy "gateway/bas
So, the internal email domain is used by both servers sending in email
alerts/reports (to the sys-ops) and by users for internal organisation
communication. Those users that require external email access also have
an email account in an externally-facing domain, and usually use the
appropriate
On Sat, Jan 25, 2025 at 11:27:13PM +1100, duluxoz via Postfix-users wrote:
> So, the internal email domain is used by both servers sending in email
> alerts/reports (to the sys-ops) and by users for internal organisation
> communication. Those users that require external email access also have an
On Sat, Jan 25, 2025 at 10:06:36AM +0100, Tomasz Pala via Postfix-users wrote:
> > Emails are permitted to be sent between all three domains.
>
> I would try:
>
> master.cf:
> smtpd [...]
> -o virtual_mailbox_domains=example.com,example.org
This does not do what you think it does, because
If that doesn't work - different approach, using only restrictions, e.g.
smtpd_recipient_restrictions = permit_mynetworks [...]
reject_unauth_destination
check_recipient_access hash:/etc/$config_directory/my_domains
my_domains:
example.internal521 Unauthorized
- do no acc
On 2025-01-25 09:53, duluxoz via Postfix-users wrote:
>
> Emails are permitted to be sent between all three domains.
I would try:
master.cf:
smtpd [...]
-o virtual_mailbox_domains=example.com,example.org
main.cf:
virtual_mailbox_domains=example.com,example.org,example.internal
- this w
11 matches
Mail list logo
