From: /dev/rob0 (no email)
Date: Thu May 19 2005 - 14:33:16 EDT
On Thursday 19 May 2005 07:27, Thomas Cataldo wrote:
> Ok, so sum up what I did after looking at the docs :
> I saw in the doc here
Right document ...
> To turn off unknown local recipient rejects by the SMTP server,
> local_recipient_maps =
... wrong problem solved.
> That is, an empty value. With this setting, the Postfix SMTP server
> will not reject mail with "User unknown in local recipient table".
> And that's what I did. This seems to do the job. Sorry for spawning
> such a big thread.
The fact that some posters misunderstood you is not your fault. But
don't allow yourself to be distracted by the fireworks: let's work on
helping you understand the right solution.
> Given what I read in the thread, I'm sure I did something really
What you did wrong is described in the BACKSCATTER_README to some
extent, although if you're now accepting all that without bouncing,
you're not as guilty as you were before. You're still wasting much
bandwidth, though, and you're harming your users' correspondents who
might make a typo in a username. They'll probably never know that their
mail wasn't delivered.
> on my setup :
> |internet| --- <postfix 1 as relay> --- <postfix2>-lmtp-<cyrus>
> I made the above change on postfix2.
As Matt suggested, what you really need is recipient validation on
postfix1. There are many ways this might be done. I believe even
verify(8) might be a way to do it, but the more standard way is for
postfix2 to generate a list of valid users, copy that to postfix1, and
there use it as relay_recipient_maps (assuming you have the postfix2
final destination domain[s] set up as relay_domains.
An example configuration similar to yours is provided in
STANDARD_CONFIGURATION_README.html#firewall , but you have to figure
out your own means of getting the relay recipient list from postfix2 to
postfix1. I suggest a cron job on each: generate the maps on postfix2
and make them available via FTP/HTTP. Then wget the map files on
postfix1, and mv them into place over the old ones. Time
synchronisation (ntpd) is strongly advised, to manage the timing of map
generation and transfers.
Once this is set up it will work smoothly without tinkering, and it
surely *is* worth the trouble to set it up.
I hope it's a little clearer now. If you're still confused post again.
I've got several servers doing exactly what I have described, so I and
others are likely to be able to help.
-- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header