Hi all,
I have a firewall running postfix (2.1.0) which relays email to an internal exchange box.
I'm trying to add the AD lookup | postmap relay_recipients feature to my postfix config to reject unknown users at postfix instead of passing the mail through to the exchange server (which then rejects and generates the bounce message). The query to the exchange box is working fine and it postmaps the relay_recipients file without a problem however postfix still doesn't reject when an unknown username is passed.
My present config includes two virtual domains (specified in virtual) and a transport map thats configured to relay all mail to the exchange server after passing through body, header, rbl and custom checks.
Any help would be greatly appreciated.
Here's my postconf output.
alias_maps = hash:/etc/aliases
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = vscan:
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
delay_warning_time = 0h
disable_dns_lookups = no
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps =
local_transport = error:local mail delivery is disabled on this machine
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 51200000
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = $mydomain,
masquerade_exceptions = root
message_size_limit = 22000000
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = heritagebathrooms.com
myhostname = mailgate.heritagebathrooms.com
mynetworks = xx.xx.xx.xx, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
relay_domains = $mydestination, heritagebathrooms.com
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtpd_banner = $myhostname No UCE - Spam is not welcome here
smtpd_client_restrictions =
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
check_helo_access hash:/etc/postfix/helo_checks,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
hash:/etc/postfix/br,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/sender_access,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_sender,
check_sender_mx_access hash:/etc/postfix/mx_access,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_mx_access hash:/etc/postfix/mx_access,
reject_rbl_client relays.ordb.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client http.dnsbl.sorbs.net,
reject_rbl_client smtp.dnsbl.sorbs.net,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client dnsbl.ahbl.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client dynablock.njabl.org,
reject_rbl_client korea.services.net,
reject_rbl_client ipwhois.rfc-ignorant.org,
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_rhsbl_sender rhsbl.sorbs.net,
check_sender_access hash:/etc/postfix/freemail_access,
check_client_access hash:/etc/postfix/clients,
permit
smtpd_restriction_classes = from_freemail_host
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions =
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
Thanks
millap
I have a firewall running postfix (2.1.0) which relays email to an internal exchange box.
I'm trying to add the AD lookup | postmap relay_recipients feature to my postfix config to reject unknown users at postfix instead of passing the mail through to the exchange server (which then rejects and generates the bounce message). The query to the exchange box is working fine and it postmaps the relay_recipients file without a problem however postfix still doesn't reject when an unknown username is passed.
My present config includes two virtual domains (specified in virtual) and a transport map thats configured to relay all mail to the exchange server after passing through body, header, rbl and custom checks.
Any help would be greatly appreciated.
Here's my postconf output.
alias_maps = hash:/etc/aliases
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = vscan:
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
delay_warning_time = 0h
disable_dns_lookups = no
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps =
local_transport = error:local mail delivery is disabled on this machine
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 51200000
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = $mydomain,
masquerade_exceptions = root
message_size_limit = 22000000
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = heritagebathrooms.com
myhostname = mailgate.heritagebathrooms.com
mynetworks = xx.xx.xx.xx, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
relay_domains = $mydestination, heritagebathrooms.com
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtpd_banner = $myhostname No UCE - Spam is not welcome here
smtpd_client_restrictions =
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
check_helo_access hash:/etc/postfix/helo_checks,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
hash:/etc/postfix/br,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/sender_access,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_sender,
check_sender_mx_access hash:/etc/postfix/mx_access,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_mx_access hash:/etc/postfix/mx_access,
reject_rbl_client relays.ordb.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client http.dnsbl.sorbs.net,
reject_rbl_client smtp.dnsbl.sorbs.net,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client dnsbl.ahbl.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client dynablock.njabl.org,
reject_rbl_client korea.services.net,
reject_rbl_client ipwhois.rfc-ignorant.org,
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_rhsbl_sender rhsbl.sorbs.net,
check_sender_access hash:/etc/postfix/freemail_access,
check_client_access hash:/etc/postfix/clients,
permit
smtpd_restriction_classes = from_freemail_host
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions =
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
Thanks
millap