|
List Info
Thread: relay_recipient_maps for postfix
|
|
| relay_recipient_maps for postfix |
|
2006-08-22 13:13:22 |
Excellent, I will give this a try, but I will run mine for a
few days just so I don't feel like I wasted my time 
Thanks!
Dan O
-----Original Message-----
From: Ryan Delany [mailto:ryan rynogear.com]
Sent: Monday, August 21, 2006 6:20 PM
To: David Sims
Cc: Dan OConnor; maia-usersrenaissoft.com
Subject: Re: [Maia-users] relay_recipient_maps for postfix
Dan,
That looked like it took some time! I have an alternate way
to accomplish
this goal by using direct lookups in the MySQL db. The
advantage of
course is that the change takes effect in real-time (Postfix
will start
accepting mail for new addresses immediately when added to
Maia instead of
having to wait an hour for the cron to run).
I will try and document all the steps, I have tested this
and it works on
my server at the moment. This of course makes the
assumption that your
Postfix has been compiled with MySQL lookup capability. See
below for
those steps.
Using MySQL for relay_recipient_maps
1. Create a file named /etc/postfix/mysql-recipients.cf (any
name will do)
2. Put the following content in the file, replacing the
appropriate pieces
with your info (hosts, user, password, dbname)
hosts = 127.0.0.1
user = USERNAME
password = PASSWORD
dbname = maia
query = select email from users where email like '%u\%d'
3. Save and close the file
4. Add the following entry in /etc/postfix/main.cf
relay_recipient_maps =
mysql:/etc/postfix/mysql-recipients.cf
5. postfix reload
6. You can test the query out using this command: (replace
userdomain.com
with a valid user)
postmap -q "userdomain.com"
mysql:/etc/postfix/mysql-recipients.cf
Building Postfix with MySQL support
This assumes you already have Postfix installed, and you
want to use
2.2.10 which was the latest build available when I
originally wrote these
steps. Replace with latest version as appropriate, and
assumes you are
running on Linux with MySQL installed in the default RPM'd
location.
1. mkdir /usr/local/src
2. cd /usr/local/src
3. wget
http://www.tigertech.net/mirrors/
postfix-release/official/postfix-2.2.10.tar.gz
4. tar zxvf postfix-2.2.10.tar.gz
5. cd postfix-2.2.10
6. make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL
-I/usr/include/mysql' 'AUXLIBS=-L/usr/lib/mysql
-lmysqlclient -lz -lm'
7. make
8. make upgrade
Of course, this begs the question.. can't I do domain
lookups directly
from MySQL as well?? Of course you can! Here are the
steps:
Using MySQL for domain lookups
1. Create a file named /etc/postfix/mysql-domains.cf (any
name will do)
2. Put the following content in the file, replacing the
appropriate pieces
with your info (hosts, user, password, dbname)
hosts = 127.0.0.1
user = USERNAME
password = PASSWORD
dbname = maia
query = select domain from maia_domains where domain like
'\%s'
3. Save and close the file
4. Add the following entry in /etc/postfix/main.cf
relay_domains = mysql:/etc/postfix/mysql-domains.cf
5. Add the following section to /etc/postfix/main.cf (or
just add the
reject_unauth_destination entry if you already have the
section, and the
spaces are VERY important after the first line, not the
number of spaces,
but the existence of at least one space at the beginning of
each line)
smtpd_recipient_restrictions
reject_unath_destination,
permit
6. Save and close the file
7. You can test the query result by using this command
(replace domain.com
with a domain that is actually in your database):
postmap -q "domain.com"
mysql:/etc/postfix/mysql-domains.cf
Now if I could only convince Robert and David to add the
ability to
specify a transport (smarthost) in the Maia GUI, you would
be able to run
a mail filtering server for an unlimited amount of domains
without ever
having to make any changes to Postfix... nudge nudge, wink
wink...
And not to forget David's comment.. I also use that method
of address
verification, but it has it's drawbacks. For example,
1. increased latencty while the downstream verification is
performed
2. assumption that the downstream is configured properly
(older Ensim
boxes default to accepting mail for any user even if they
don't exist
3. assumption that the next downstream server is
authoritative for that
domain (the address verification only goes one hop to check,
if there is
another MTA in the way, it won't work)
And probably others I left out... but I still use it since
my Maia box
doesn't have every user in it since most users don't know
or don't care to
use it.
Ryan
> Hi,
>
> I think you want to use the postfix
reject_unverified_recipient command.
> See http://www.postfix.org/ADDRESS_VERIFICATION_README.ht
ml.... The
> reject_unverified_recipient will probe the downstream
postoffice to see if
> the recipient is a valid one... and if not then reject
the message with a
> 450 (or 550 if you also use
unverified_recipient_reject_code = 550)...
>
> Dave
>
************************************************************
***************
> On Mon, 21 Aug 2006, Dan OConnor wrote:
>
>> Hi All,
>>
>> I setup a script to pull a list of users from the
Maia db and use it for
>> postfix for the relay_recipient_maps so it will
reject mail coming into
>> the system that is not going to a valid mailbox. I
have spent the last
>> couple weeks looking for something to do it, but
either I am oblivious
>> to the utterly obvious and did not see it listed
anywhere or I just was
>> not asking Google the right questions. I am hardly
an expert so if you
>> see anything missing or have idea give me a shout.
>>
>>
>>
>>
====================================================>
>>
>>
>> First in your main.cf file add this to the bottom.
>>
>> relay_recipient_maps =
hash:/etc/postfix/relay_recipients
>>
>>
>>
>> Also add this line, it can help to stop DOS
attacks, got it from the
>> list, I can't remember who though, but thanks!
>>
>> unverified_recipient_reject_code = 550
>>
>>
>>
>> Do not restart postfix just yet
>>
>> Go to your scripts dir in Maia and create a new
file called 'list' and
>> add this to it.
>>
>>
>>
>> email
>>
>> yourdomain.com
>>
>> .
>>
>>
>>
>> You can also add any other domains you have in maia
here.
>>
>> Next make a new file called 'exportemail'
>>
>>
>>
>> #! /bin/bash
>>
>>
#########################################################
>>
>> # ExportEmail
>>
>> # -- Created By Dan O, Aug 21st 2006 --
>>
>> # Legacyboy at gmail dot com
>>
>> # This will export a list of users from the Maia
>>
>> # MySQL DB and creat the relay_recipients file
>>
>> # for Postfix.
>>
>>
########################################################
>>
>>
>>
>>
>>
>> ##Get the list of users from MySQL
>>
>>
>>
>> echo "select email from users;" | mysql
-u user -ppassword -D maia >
>> dump
>>
>>
>>
>> ##Now remove the lines of Junk at the top
>>
>>
>>
>> IFS=$'\n'
>>
>> for NAME in $(cat list)
>>
>> do
>>
>> sed -i "\|^$NAME\$|d" dump
>>
>> done
>>
>>
>>
>> ##Add a OK to the end of each address
>>
>>
>>
>> sed 's/$/ OK/g' dump > relay_recipients
>>
>>
>>
>> ## Remove the dump file
>>
>> rm dump
>>
>>
>>
>> #Move the file to the /etc/postfix dir
>>
>> cp relay_recipients /etc/postfix/relay_recipients
>>
>> rm relay_recipients
>>
>> #Now we need to postmap the file so postfix can
read it.
>>
>> postmap /etc/postfix/relay_recipients
>>
>>
>>
>> ##-Fin-##
>>
>>
>>
>>
>>
>> Don't forget to chmod a+x the file.
>>
>> Then you can give it a run, check the final file in
/etc/postfix/ it
>> should look like this
>>
>> emaildomain.com OK
>>
>> email2domain.com OK
>>
>> email3domain.com OK
>>
>> etc...
>>
>>
>>
>> If it looks good, give postfix a kick, if it breaks
just rem out those
>> two lines we added.
>>
>>
>>
>> I have set mine up to run as a cron job every hour
to make sure the file
>> is always up to date,
>>
>> Also at this point it will only run as root. (I
know, I know, I will fix
>> it soon).
>>
>>
>>
>> Dan O'Connor CNA
>>
>> Network Support Technician
>>
>> St. Amant
>>
>> Ph: (204) 256-4301 ext. 2321
>>
>> Fax: (204) 254-3768
>>
>> Email: doconnorstamant.mb.ca
>>
>>
>>
>>
>>
>
>
>
>
> ******* INTERNET E-MAIL CONFIDENTIALITY DISCLAIMER
********
> This email and/or any documents in this transmission is
intended for the
> address(es) only and may contain legally privileged or
confidential
> information. Any unauthorized use, disclosure,
distribution, copying or
> dissemination is strictly prohibited. If you receive
this transmission in
> error, please notify the sender immediately and return
the original.
>
> St. Amant does not accept liability for any errors,
omissions, corruption
> or virus in the contents of this message or any
attachments that arise as
> a result of e-mail transmission.
>
> Ce courriel et tout document dans cette transmission
est destinÿÿ ÿÿ la
> personne ou aux personnes ÿÿ qui il est adressÿÿ. Il
peut contenir des
> informations ilÿÿgier ou confidentielles. Toute
utilisation, divulgation,
> distribution, copie, ou diffusion non autorisÿÿe est
strictement
> dÿÿfendue. Si vous n'ÿÿtes pasdestinataire de ce
message, veuillez en
> informer l'expÿÿditeur immÿÿdiatement et lui remettre
l'original.
>
> St. Amant ne prend aucune responsabilitÿÿ d'erreurs,
omissions,
> corruptions ou virus compris dans le contenu de se
message ou de n'importe
> quels attachement qui en est le rÿÿsultat d'une
transmission de courrier
> ÿÿlectronique.
>
>
>>
> _______________________________________________
> Maia-users mailing list
> Maia-usersrenaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users
>
******* INTERNET E-MAIL CONFIDENTIALITY DISCLAIMER ********
This email and/or any documents in this transmission is
intended for the address(es) only and may contain legally
privileged or confidential information. Any unauthorized
use, disclosure, distribution, copying or dissemination is
strictly prohibited. If you receive this transmission in
error, please notify the sender immediately and return the
original.
St. Amant does not accept liability for any errors,
omissions, corruption or virus in the contents of this
message or any attachments that arise as a result of e-mail
transmission.
Ce courriel et tout document dans cette transmission est
destiné à la personne ou aux personnes à qui il est
adressé. Il peut contenir des informations ilégier ou
confidentielles. Toute utilisation, divulgation,
distribution, copie, ou diffusion non autorisée est
strictement défendue. Si vous n'êtes pasdestinataire de
ce message, veuillez en informer l'expéditeur
immédiatement et lui remettre l'original.
St. Amant ne prend aucune responsabilité d'erreurs,
omissions, corruptions ou virus compris dans le contenu de
se message ou de n'importe quels attachement qui en est le
résultat d'une transmission de courrier électronique.
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| relay_recipient_maps for postfix |
|
2006-08-22 13:47:43 |
Dan,
Two things I neglected to add...
If you add the domain lookups (the last section I posted)
you need to
reload postfix between steps 6 and 7.
If you are using database lookups, you never need to restart
postfix after
adding a user/domain in Maia. The change will take place
immediately
since Postfix will do the db lookup for every message.
Good luck!
Ryan
> Excellent, I will give this a try, but I will run mine
for a few days just
> so I don't feel like I wasted my time
>
> Thanks!
> Dan O
>
> -----Original Message-----
> From: Ryan Delany [mailto:ryanrynogear.com]
> Sent: Monday, August 21, 2006 6:20 PM
> To: David Sims
> Cc: Dan OConnor; maia-usersrenaissoft.com
> Subject: Re: [Maia-users] relay_recipient_maps for
postfix
>
> Dan,
>
> That looked like it took some time! I have an
alternate way to accomplish
> this goal by using direct lookups in the MySQL db. The
advantage of
> course is that the change takes effect in real-time
(Postfix will start
> accepting mail for new addresses immediately when added
to Maia instead of
> having to wait an hour for the cron to run).
>
> I will try and document all the steps, I have tested
this and it works on
> my server at the moment. This of course makes the
assumption that your
> Postfix has been compiled with MySQL lookup capability.
See below for
> those steps.
>
> Using MySQL for relay_recipient_maps
>
> 1. Create a file named /etc/postfix/mysql-recipients.cf
(any name will do)
>
> 2. Put the following content in the file, replacing the
appropriate pieces
> with your info (hosts, user, password, dbname)
>
> hosts = 127.0.0.1
> user = USERNAME
> password = PASSWORD
> dbname = maia
> query = select email from users where email like
'%u\%d'
>
> 3. Save and close the file
>
> 4. Add the following entry in /etc/postfix/main.cf
>
> relay_recipient_maps =
mysql:/etc/postfix/mysql-recipients.cf
>
> 5. postfix reload
>
> 6. You can test the query out using this command:
(replace userdomain.com
> with a valid user)
>
> postmap -q "userdomain.com"
mysql:/etc/postfix/mysql-recipients.cf
>
> Building Postfix with MySQL support
>
> This assumes you already have Postfix installed, and
you want to use
> 2.2.10 which was the latest build available when I
originally wrote these
> steps. Replace with latest version as appropriate, and
assumes you are
> running on Linux with MySQL installed in the default
RPM'd location.
>
> 1. mkdir /usr/local/src
> 2. cd /usr/local/src
> 3. wget
> http://www.tigertech.net/mirrors/
postfix-release/official/postfix-2.2.10.tar.gz
> 4. tar zxvf postfix-2.2.10.tar.gz
> 5. cd postfix-2.2.10
> 6. make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL
> -I/usr/include/mysql' 'AUXLIBS=-L/usr/lib/mysql
-lmysqlclient -lz -lm'
> 7. make
> 8. make upgrade
>
> Of course, this begs the question.. can't I do domain
lookups directly
> from MySQL as well?? Of course you can! Here are the
steps:
>
> Using MySQL for domain lookups
>
> 1. Create a file named /etc/postfix/mysql-domains.cf
(any name will do)
>
> 2. Put the following content in the file, replacing the
appropriate pieces
> with your info (hosts, user, password, dbname)
>
> hosts = 127.0.0.1
> user = USERNAME
> password = PASSWORD
> dbname = maia
> query = select domain from maia_domains where domain
like '\%s'
>
> 3. Save and close the file
>
> 4. Add the following entry in /etc/postfix/main.cf
>
> relay_domains = mysql:/etc/postfix/mysql-domains.cf
>
> 5. Add the following section to /etc/postfix/main.cf
(or just add the
> reject_unauth_destination entry if you already have the
section, and the
> spaces are VERY important after the first line, not the
number of spaces,
> but the existence of at least one space at the
beginning of each line)
>
> smtpd_recipient_restrictions
> reject_unath_destination,
> permit
>
> 6. Save and close the file
>
> 7. You can test the query result by using this command
(replace domain.com
> with a domain that is actually in your database):
>
> postmap -q "domain.com"
mysql:/etc/postfix/mysql-domains.cf
>
> Now if I could only convince Robert and David to add
the ability to
> specify a transport (smarthost) in the Maia GUI, you
would be able to run
> a mail filtering server for an unlimited amount of
domains without ever
> having to make any changes to Postfix... nudge nudge,
wink wink...
>
> And not to forget David's comment.. I also use that
method of address
> verification, but it has it's drawbacks. For example,
>
> 1. increased latencty while the downstream verification
is performed
> 2. assumption that the downstream is configured
properly (older Ensim
> boxes default to accepting mail for any user even if
they don't exist
> 3. assumption that the next downstream server is
authoritative for that
> domain (the address verification only goes one hop to
check, if there is
> another MTA in the way, it won't work)
>
> And probably others I left out... but I still use it
since my Maia box
> doesn't have every user in it since most users don't
know or don't care to
> use it.
>
>
> Ryan
>
>
>> Hi,
>>
>> I think you want to use the postfix
reject_unverified_recipient
>> command.
>> See http://www.postfix.org/ADDRESS_VERIFICATION_README.ht
ml.... The
>> reject_unverified_recipient will probe the
downstream postoffice to see
>> if
>> the recipient is a valid one... and if not then
reject the message with
>> a
>> 450 (or 550 if you also use
unverified_recipient_reject_code = 550)...
>>
>> Dave
>>
************************************************************
***************
>> On Mon, 21 Aug 2006, Dan OConnor wrote:
>>
>>> Hi All,
>>>
>>> I setup a script to pull a list of users from
the Maia db and use it
>>> for
>>> postfix for the relay_recipient_maps so it will
reject mail coming into
>>> the system that is not going to a valid
mailbox. I have spent the last
>>> couple weeks looking for something to do it,
but either I am oblivious
>>> to the utterly obvious and did not see it
listed anywhere or I just was
>>> not asking Google the right questions. I am
hardly an expert so if you
>>> see anything missing or have idea give me a
shout.
>>>
>>>
>>>
>>>
====================================================>
>>>
>>>
>>> First in your main.cf file add this to the
bottom.
>>>
>>> relay_recipient_maps =
hash:/etc/postfix/relay_recipients
>>>
>>>
>>>
>>> Also add this line, it can help to stop DOS
attacks, got it from the
>>> list, I can't remember who though, but thanks!
>>>
>>> unverified_recipient_reject_code = 550
>>>
>>>
>>>
>>> Do not restart postfix just yet
>>>
>>> Go to your scripts dir in Maia and create a new
file called 'list' and
>>> add this to it.
>>>
>>>
>>>
>>> email
>>>
>>> yourdomain.com
>>>
>>> .
>>>
>>>
>>>
>>> You can also add any other domains you have in
maia here.
>>>
>>> Next make a new file called 'exportemail'
>>>
>>>
>>>
>>> #! /bin/bash
>>>
>>>
#########################################################
>>>
>>> # ExportEmail
>>>
>>> # -- Created By Dan O, Aug 21st 2006 --
>>>
>>> # Legacyboy at gmail dot com
>>>
>>> # This will export a list of users from the
Maia
>>>
>>> # MySQL DB and creat the relay_recipients file
>>>
>>> # for Postfix.
>>>
>>>
########################################################
>>>
>>>
>>>
>>>
>>>
>>> ##Get the list of users from MySQL
>>>
>>>
>>>
>>> echo "select email from users;" |
mysql -u user -ppassword -D maia >
>>> dump
>>>
>>>
>>>
>>> ##Now remove the lines of Junk at the top
>>>
>>>
>>>
>>> IFS=$'\n'
>>>
>>> for NAME in $(cat list)
>>>
>>> do
>>>
>>> sed -i "\|^$NAME\$|d" dump
>>>
>>> done
>>>
>>>
>>>
>>> ##Add a OK to the end of each address
>>>
>>>
>>>
>>> sed 's/$/ OK/g' dump > relay_recipients
>>>
>>>
>>>
>>> ## Remove the dump file
>>>
>>> rm dump
>>>
>>>
>>>
>>> #Move the file to the /etc/postfix dir
>>>
>>> cp relay_recipients
/etc/postfix/relay_recipients
>>>
>>> rm relay_recipients
>>>
>>> #Now we need to postmap the file so postfix can
read it.
>>>
>>> postmap /etc/postfix/relay_recipients
>>>
>>>
>>>
>>> ##-Fin-##
>>>
>>>
>>>
>>>
>>>
>>> Don't forget to chmod a+x the file.
>>>
>>> Then you can give it a run, check the final
file in /etc/postfix/ it
>>> should look like this
>>>
>>> emaildomain.com OK
>>>
>>> email2domain.com OK
>>>
>>> email3domain.com OK
>>>
>>> etc...
>>>
>>>
>>>
>>> If it looks good, give postfix a kick, if it
breaks just rem out those
>>> two lines we added.
>>>
>>>
>>>
>>> I have set mine up to run as a cron job every
hour to make sure the
>>> file
>>> is always up to date,
>>>
>>> Also at this point it will only run as root. (I
know, I know, I will
>>> fix
>>> it soon).
>>>
>>>
>>>
>>> Dan O'Connor CNA
>>>
>>> Network Support Technician
>>>
>>> St. Amant
>>>
>>> Ph: (204) 256-4301 ext. 2321
>>>
>>> Fax: (204) 254-3768
>>>
>>> Email: doconnorstamant.mb.ca
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>> ******* INTERNET E-MAIL CONFIDENTIALITY DISCLAIMER
********
>> This email and/or any documents in this
transmission is intended for the
>> address(es) only and may contain legally privileged
or confidential
>> information. Any unauthorized use, disclosure,
distribution, copying or
>> dissemination is strictly prohibited. If you
receive this transmission
>> in
>> error, please notify the sender immediately and
return the original.
>>
>> St. Amant does not accept liability for any errors,
omissions,
>> corruption
>> or virus in the contents of this message or any
attachments that arise
>> as
>> a result of e-mail transmission.
>>
>> Ce courriel et tout document dans cette
transmission est destinÿÿ ÿÿ la
>> personne ou aux personnes ÿÿ qui il est adressÿÿ.
Il peut contenir des
>> informations ilÿÿgier ou confidentielles. Toute
utilisation,
>> divulgation,
>> distribution, copie, ou diffusion non autorisÿÿe
est strictement
>> dÿÿfendue. Si vous n'ÿÿtes pasdestinataire de ce
message, veuillez en
>> informer l'expÿÿditeur immÿÿdiatement et lui
remettre l'original.
>>
>> St. Amant ne prend aucune responsabilitÿÿ
d'erreurs, omissions,
>> corruptions ou virus compris dans le contenu de se
message ou de
>> n'importe
>> quels attachement qui en est le rÿÿsultat d'une
transmission de courrier
>> ÿÿlectronique.
>>
>>
>>>
>> _______________________________________________
>> Maia-users mailing list
>> Maia-usersrenaissoft.com
>> http://www.renaissoft.com/mailman/listinfo/maia-users
>>
>
>
>
>
>
>
>
> ******* INTERNET E-MAIL CONFIDENTIALITY DISCLAIMER
********
> This email and/or any documents in this transmission is
intended for the
> address(es) only and may contain legally privileged or
confidential
> information. Any unauthorized use, disclosure,
distribution, copying or
> dissemination is strictly prohibited. If you receive
this transmission in
> error, please notify the sender immediately and return
the original.
>
> St. Amant does not accept liability for any errors,
omissions, corruption
> or virus in the contents of this message or any
attachments that arise as
> a result of e-mail transmission.
>
> Ce courriel et tout document dans cette transmission
est destiné à la
> personne ou aux personnes à qui il est adressé. Il
peut contenir des
> informations ilégier ou confidentielles. Toute
utilisation, divulgation,
> distribution, copie, ou diffusion non autorisée est
strictement
> défendue. Si vous n'êtes pasdestinataire de ce
message, veuillez en
> informer l'expéditeur immédiatement et lui remettre
l'original.
>
> St. Amant ne prend aucune responsabilité d'erreurs,
omissions,
> corruptions ou virus compris dans le contenu de se
message ou de n'importe
> quels attachement qui en est le résultat d'une
transmission de courrier
> électronique.
>
> _______________________________________________
> Maia-users mailing list
> Maia-usersrenaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users
>
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
[1-2]
|
|