Postfix Address Verification
Glenn Steen
glenn.steen at gmail.com
Thu Jul 5 11:51:39 IST 2007
On 05/07/07, Rob Sterenborg <R.Sterenborg at netsourcing.nl> wrote:
> > Mail from the internet hits the "Gateway" machine with
> > MailScanner and postfix. The clean mail is then forwarded to the
> > "Hub" machine, running windows and Mail Enable Enterprise.
>
> [...]
>
> > So, as per documentation (on the MailScanner docs, Postfix
> > website), I set up verification on the Gatekeeper machine, such
> > that when a mail comes in, postfix looks in the transport map,
>
> I didn't see this in the doc, so I'm not sure if you did this..
>
> If your Postfix is a relay for your Windows mailserver, Postfix *must*
> know which domains to relay for. Typically, you configure Postfix for
> this using the relay_domains parameter which holds either all relay
> domains or points to a file/db that holds the relay domains.
> relay_domains should *only* contain relay domains, and mydestination
> should -of course- *not* contain any relay domains.
> See: man 5 postconf.
>
> > then queries the Hub machine as to whether the mailbox exists or
> > now. Then the Gateway machine can reject the mail "at the door"
> > (solving bandwidth, load and bounce issues).
>
> Personally, I think you shouldn't bother your Windows mailserver with
> address verification.
> I know nothing of Mail Enable Enterprise, but perhaps you can, like with
> Exchange, export a list of all know email addresses using some script
> (perhaps LDAP?), reformat this list into something postmap can use to
> create the hash file or put it in a database, and configure Postfix to
> query that list/db using relay_recipient_maps.
>
> That way you may not have all email addresses at any given time but if
> generating the email address list isn't generating too much load you can
> schedule the script to run more frequently so you won't run far behind.
> This all depends on your needs however.
> The positive side on this is that when you get flooded with email, at
> least the Windows servers don't get DOS-ed with verification requests so
> your corporate/internal email doesn't suffer from it.
>
>
> Grts,
> Rob
Thanks Rob for chipping in.... this was exactly what I was leaning
towards, both the doubt about the relay_domains and the suggestion to
offload the work to PF itself.
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list