postfix, mailscanner, mail relay

Jacques Caruso jacques at MONACO.NET
Mon Jan 5 18:11:36 GMT 2004 

Le Lundi 29 Décembre 2003 03:05, Harondel J. Sibble a écrit :
>  In a single instance (standard) setup of postfix, setup to relay for
> the internal server would be accomplished by setting (as per Blum's
> Open Source Email Security)
>
> set postfix to no accept any messges even for localhost
> relay_domains =
>
> setup a transport table
> mydomain.net smtp:internal-mailserver.mydomain.net

I don't know about Mr. Blum's book, but from what I've seen, Postfix 
won't relay for a domain that is only in transport :

root at aldebaran:~# cat /etc/postfix/relay_domains
root at aldebaran:~# cat /etc/postfix/transport | grep -Ev '^#'
monaco.net                      smtp:sceuzi.monaco.net

>>> MAIL FROM: <>
<<< 250 Ok
>>> RCPT TO: <postmaster at monaco.net>
<<< 554 <postmaster at monaco.net>: Relay access denied

root at aldebaran:~# echo 'monaco.net' > /etc/postfix/relay_domains
root at aldebaran:~# /etc/init.d/postfix reload
Reloading Postfix configuration...done.

>>> MAIL FROM: <>
<<< 250 Ok
>>> RCPT TO: <postmaster at monaco.net>
<<< 250 Ok

(if you're wondering, yes, I've 
'relay_domains = /etc/postfix/relay_domains' in main.cf)

> Just want to make sure, in conjunction with Mailscanner, these
> modifcations should be done for the outgoing postfix instance,
> correct? ie the /etc/postfix dir ather than /etc/postfix.in

Ahem... I'm not sure I understand you. The incoming instance needs a way 
to know it should accept the mail going to the internal server, thus 
you'd definitely want this configuration to be present on the incoming 
instance. To scan the messages going to your internal server, you just 
need to list 'smtp' in $defer_transports.

BTW, on my Postfix setup, files like transport, virtual, and so on 
in /etc/postfix.in are hard links to the ones in /etc/postfix (/i.e./, 
they're the same files). It avoids having to resynchronize the 
configuration between the two instances when you modify a parameter.

Hope this helps...

Greets,
-- 
[ Jacques Caruso <jacques at monaco.net>                  Développeur PHP ]
[ Monaco Internet                           http://monaco-internet.mc/ ]
[ Tél : (+377) 93 10 00 43                        Clé PGP : 0x41F5C63D ]
[ -*-  Quand le doigt montre la lune, l'imbécile regarde le doigt  -*- ]

More information about the MailScanner mailing list