Postfix Address Verification

--[ UxBoD ]-- uxbod at splatnix.net
Thu Jul 5 11:55:27 IST 2007 

I do the same for a client who runs Lotus Notes.  Hourly dump from LDAP of
all users email addresses and then postmap it.  We have cut down email to
the internal Notes servers from £150k per day to 5k, through a combination
of PF and MailScanner.

On Thu, 5 Jul 2007 12:51:39 +0200, "Glenn Steen" <glenn.steen at gmail.com>
wrote:
> On 05/07/07, Rob Sterenborg <R.Sterenborg at netsourcing.nl> wrote:
>> > Mail from the internet hits the "Gateway" machine with
>> > MailScanner and postfix. The clean mail is then forwarded to the
>> > "Hub" machine, running windows and Mail Enable Enterprise.
>>
>> [...]
>>
>> > So, as per documentation (on the MailScanner docs, Postfix
>> > website), I set up verification on the Gatekeeper machine, such
>> > that when a mail comes in, postfix looks in the transport map,
>>
>> I didn't see this in the doc, so I'm not sure if you did this..
>>
>> If your Postfix is a relay for your Windows mailserver, Postfix *must*
>> know which domains to relay for. Typically, you configure Postfix for
>> this using the relay_domains parameter which holds either all relay
>> domains or points to a file/db that holds the relay domains.
>> relay_domains should *only* contain relay domains, and mydestination
>> should -of course- *not* contain any relay domains.
>> See: man 5 postconf.
>>
>> > then queries the Hub machine as to whether the mailbox exists or
>> > now. Then the Gateway machine can reject the mail "at the door"
>> > (solving bandwidth, load and bounce issues).
>>
>> Personally, I think you shouldn't bother your Windows mailserver with
>> address verification.
>> I know nothing of Mail Enable Enterprise, but perhaps you can, like with
>> Exchange, export a list of all know email addresses using some script
>> (perhaps LDAP?), reformat this list into something postmap can use to
>> create the hash file or put it in a database, and configure Postfix to
>> query that list/db using relay_recipient_maps.
>>
>> That way you may not have all email addresses at any given time but if
>> generating the email address list isn't generating too much load you can
>> schedule the script to run more frequently so you won't run far behind.
>> This all depends on your needs however.
>> The positive side on this is that when you get flooded with email, at
>> least the Windows servers don't get DOS-ed with verification requests so
>> your corporate/internal email doesn't suffer from it.
>>
>>
>> Grts,
>> Rob
> 
> Thanks Rob for chipping in.... this was exactly what I was leaning
> towards, both the doubt about the relay_domains and the suggestion to
> offload the work to PF itself.
> 
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
-- 
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list