[Postfixbuch-users] unbekannte Empfängeradressen auf SMTP-Ebene zurückweisen
Andreas Schmidt
slider at ascffm.de
Do Nov 9 14:59:45 CET 2006
Sandy Drobic schrieb:
> Bitte die Ausgabe von "postconf -n" posten, das ist sinnvoller als ein
> unzusammenhängendes Fragment der Konfiguration.
>
Stimmt, so fehlt der komplette Zusammenhang meiner Konfiguration,
also hier die Ausgabe von "postconf -n".
<--schnipp-->
alias_database = hash:/etc/aliases,hash:/etc/aliases.d/slots
alias_maps = hash:/etc/aliases,hash:/etc/aliases.d/slots,ldap:ldapaliases
body_checks = regexp:/etc/postfix/body_checks
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
local_destination_concurrency_limit = 10
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:public/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
relays.ordb.org,dul.dnsbl.sorbs.net,dialups.mail-abuse.org,blackholes.mail-abuse.org,cbl.abuseat.org,sbl.spamhaus.org,list.dsbl.org,opm
.blitzed.org
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = $mydomain
masquerade_exceptions = root
message_size_limit = 40000000
mydestination = $myhostname, localhost.$mydomain, ldap:ldapvdom
myhostname = ns1.ascffm.de
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_delimiter = +
relay_clientcerts = ldap:ldaprelcert
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtpd_client_restrictions =
permit_mynetworks,reject_unauth_pipelining,permit_sasl_authenticated,reject_maps_rbl
smtpd_helo_required = no
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_recipient_restrictions =
ldap:ldapmailenab,permit_tls_clientcerts,permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_maps_
rbl
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions =
reject_unknown_sender_domain,hash:/etc/postfix/access
smtpd_tls_CAfile = /etc/ssl/CA/usedCA.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/cert.pem
smtpd_tls_key_file = /etc/ssl/certs/skey.pem
smtpd_tls_received_header = yes
smtpd_use_tls = yes
strict_rfc821_envelopes = no
tls_daemon_random_source = dev:/dev/urandom
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport,ldap:ldaptransport
virtual_maps = ldap:ldapvuser,hash:/etc/postfix/virtual
<--schnapp-->
Hier werden ja nicht alle Einträge von der "main.cf" angezeigt,
die ldap-Konfiguration sieht bei mir so aus:
<--schnipp-->
ldapaliases_server_host= localhost
ldapaliases_server_port= 389
ldapaliases_bind= no
ldapaliases_timeout= 20
ldapaliases_search_base= dc=ascffm,dc=de
ldapaliases_query_filter=
(|(alias=%s)(&(fn=%s)(objectclass=IMAPFolderObject)))
ldapaliases_result_attribute= uid,mailDeliveryProgram,deliverToUID
ldapaliases_scope= one
ldapvuser_server_host= localhost
ldapvuser_server_port= 389
ldapvuser_bind= no
ldapvuser_timeout= 20
ldapvuser_search_base= dc=ascffm,dc=de
# alias database
ldapvuser_query_filter=
(|(&(objectclass=VirtUserObject)(vaddress=%s))(&(objectclass=dNSZone)(relativeDomainName=@)(zoneName=%s)(MTALocaldomain=%s)))
ldapvuser_result_attribute= uid,MTALocaldomain
ldapvuser_scope= sub
ldapmailenab_server_host= localhost
ldapmailenab_server_port= 389
ldapmailenab_bind= no
ldapmailenab_timeout= 20
ldapmailenab_search_base= dc=ascffm,dc=de
# virtual user database
ldapmailenab_query_filter= (reject=%s)
ldapmailenab_result_attribute= mailenabled
ldapmailenab_scope= one
ldaprelcert_server_host= localhost
ldaprelcert_server_port= 389
ldaprelcert_bind= no
ldaprelcert_timeout= 20
ldaprelcert_search_base= dc=ascffm,dc=de
# this is used to enable/disable mail reception
ldaprelcert_query_filter= (relayClientcert=%s)
ldaprelcert_result_attribute= uid
ldaprelcert_scope= one
ldaptransport_server_host= localhost
ldaptransport_server_port= 389
ldaptransport_bind= no
ldaptransport_timeout= 20
ldaptransport_search_base= ou=MailTransports,dc=ascffm,dc=de
# this is used for client certificate based relaying
ldaptransport_query_filter=
(&(objectclass=MailTransportObject)(smtpDomain=%s))
ldaptransport_result_attribute= smtpDomainTransportNexthop
ldaptransport_scope= one
ldapvdom_server_host= localhost
ldapvdom_server_port= 389
ldapvdom_bind= no
ldapvdom_timeout= 20
ldapvdom_search_base= o=DNS,dc=ascffm,dc=de
# this is used for mail transport maps
ldapvdom_query_filter=
(&(objectclass=dNSZone)(relativeDomainName=@)(zoneName=%s)(MTALocaldomain=true))
ldapvdom_result_attribute= zoneName
ldapvdom_scope= sub
<--schnapp-->
> Leider ist überhaupt nicht klar in deinem Fragment, ob das lokale oder
> Relay-User sind. Denkanstöße:
Das sind lokale User und die Mails werden dann im cyrus abgelegt.
Gruß
Andreas
Mehr Informationen über die Mailingliste Postfixbuch-users