[COLUG] Postfix or LDAP question

Jeffrey Tadlock jeffrey at tadlocks.net
Thu Feb 15 09:21:55 EST 2007 

Aaron Howard wrote:
> I have set up a "Postfix + MailScanner + SpamAssassin + ClamAV" SMTP
> mail gateway for a customer of mine but have a question I hoped
> somebody might be able to help me with.
> 
> Postfix is presently set to forward all mail destined for local
> mailboxes to my customer's internal Exchange server and this works
> fine.  The only issue is I have to have user accounts on the Postfix
> box in order for it to think they're local before it will accept
> e-mail from them.  That, in and of itself, is not so bad.  I can
> easily create those user accounts on the Postfix box easily enough.

You should not need local accounts on the Postfix box to relay back to
an Exchange Server.  I use a Postfix cluster in front of my Exchange
Server and there are no local user accounts on the postfix box except
for IT admin accounts for administration of the box.

To avoid local accounts on the box look at the relay_domains and
transport_maps directives in Postfix's main.cf.  With those
appropriately configured any email destined for the domain you want to
relay back to the Exchange server will be passed back to it for that
server to deal with delivery.

Now this leads to the problem that the postfix box will be passing *any*
email for that domain back - even those that are invalid email addresses.

To avoid that look at the relay_recipient_maps directive.  This
directive allows you to have a list of names that Postfix will use to
determine if the recipient is valid.  I believe you can use ldap for
this, but I do not.  I use a hash file that contains a list of valid
email addresses on the domain the Exchange server controls.

That list can be automatically generated, there are a couple of scripts
on the Internet that allow you to do this.

I also highly recommend the following book:

The Book of Postfix by Ralf Hildebrandt and Patrick Koetter

It covers using Postfix as a mail gateway and automating the generation
of those recipient maps I mentioned from AD.

Hope this helps.

--Jeffrey

More information about the colug432 mailing list