Hi All, Customer asked us to relay their mails to a specific smtp server. Actually they provided 6 possible destination servers. When add them to sender_dependent_relayhost_maps postmap complains that there are duplicate entries: @foo.bar [mail1.whatever]:123 @foo.bar [mail2.whatever]:123 @foo.bar [mail3.whatever]:123 etc. How can I solve this? Thanks, Zsombor |
> Hi All, > > > Customer asked us to relay their mails to a specific smtp server. > > Actually they provided 6 possible destination servers. > > > When add them to sender_dependent_relayhost_maps postmap complains that there are duplicate entries: > > @foo.bar [mail1.whatever]:123 > @foo.bar [mail2.whatever]:123 > @foo.bar [mail3.whatever]:123 > etc. > > > How can I solve this? Create mail.whatever with A or CNAME records that point to each server. Then you use: @foo.bar [mail.whatever]:123 |
I can' force the customer changing their DNS. Any postfix solution? BTW it looks like postfix delivers mails to all the relay servers so the postmap warning is a bit misleading as if it won't work. But this brings up another question: if any of the relay servers can't accept mail will postfix try any other relay server in the list at the next attempt? Zsombor >> How can I solve this? > > Create mail.whatever with A or CNAME records that point to each server. > > Then you use: > > @foo.bar [mail.whatever]:123 |
I think you can install the DNS server locally (on the same machine where postfix runs) and configure postfix to use it On Wed, Oct 21, 2020 at 1:42 PM Zsombor B <[hidden email]> wrote:
|
In reply to this post by Zsombor B
Zsombor B:
> > Hi All, > > > Customer asked us to relay their mails to a specific smtp server. > > Actually they provided 6 possible destination servers. > > > When add them to sender_dependent_relayhost_maps postmap complains > that there are duplicate entries: > > @foo.bar [mail1.whatever]:123 > @foo.bar [mail2.whatever]:123 > @foo.bar [mail3.whatever]:123 There can be only one table entry with the name @foo.bar. The postmap command ignores the rest with a warning. > How can I solve this? Postfix 3.5 supports multiple relayhosts: transport_maps example: example.com relay:[mail1.example]:123, [mail2.example]:123, ... sender_dependent_relayhost_maps example: @foo.bar [mail1.example]:123, [mail2.example]:123, .. This is a fixed order (as if you had multiple records in /etc/hosts). If these folks want to receive mail in six places, why can't they set up DNS records like everyone else does? Wietse |
Hi Wietse,
> Postfix 3.5 supports multiple relayhosts: Currently we are on 3.2 > If these folks want to receive mail in six places, why can't they > set up DNS records like everyone else does? I'm already over this discussion, that's why I have asked the question. :( Big company, rigid people, dumb rules. Thanks, Zsombor Idézet (Wietse Venema <[hidden email]>): > Zsombor B: >> >> Hi All, >> >> >> Customer asked us to relay their mails to a specific smtp server. >> >> Actually they provided 6 possible destination servers. >> >> >> When add them to sender_dependent_relayhost_maps postmap complains >> that there are duplicate entries: >> >> @foo.bar [mail1.whatever]:123 >> @foo.bar [mail2.whatever]:123 >> @foo.bar [mail3.whatever]:123 > > There can be only one table entry with the name @foo.bar. The > postmap command ignores the rest with a warning. > >> How can I solve this? > > Postfix 3.5 supports multiple relayhosts: > > transport_maps example: > example.com relay:[mail1.example]:123, [mail2.example]:123, ... > > sender_dependent_relayhost_maps example: > @foo.bar [mail1.example]:123, [mail2.example]:123, .. > > This is a fixed order (as if you had multiple records in /etc/hosts). > > If these folks want to receive mail in six places, why can't they > set up DNS records like everyone else does? > > Wietse |
Zsombor B:
> Hi Wietse, > > > > Postfix 3.5 supports multiple relayhosts: > > Currently we are on 3.2 > > > If these folks want to receive mail in six places, why can't they > > set up DNS records like everyone else does? > > I'm already over this discussion, that's why I have asked the question. :( > Big company, rigid people, dumb rules. In that case, make up a fake hostname with multiple address records in /etc/hosts, and configure Postfix "smtp_host_lookup = dns, native". This asumes that you have "multi on" in /etc/host.conf on LINUX systems. Postfix will randomize the order or addresses for the "same" name (assuming the default "smtp_randomize_addresses = yes" is in effect). Wietse smtp_host_lookup (default: dns) What mechanisms the Postfix SMTP client uses to look up a host's IP address. This parameter is ignored when DNS lookups are disabled (see: disable_dns_lookups and smtp_dns_support_level). THE "DNS" MECHANISm IS ALWAYS TRIED BEFORE "NATIVE" IF BOTH ARE LISTED. Specify one of the following: dns Hosts can be found in the DNS (preferred). native Use the native naming service only (nsswitch.conf, or equivalent mechanism). dns, native Use the native service for hosts not found in the DNS. This feature is available in Postfix 2.1 and later. |
In reply to this post by ilyak
If DNSSEC isn't required for the domain(s) in question (or at least
postfix in this specific case) you might look at RPZ as a way of rewriting just a single record in the zone: https://www.dnsrpz.info/ On Wed, 21 Oct 2020, IL Ka wrote: > > I think you can install the DNS server locally (on the same machine where > postfix runs) and configure postfix to use it > > > On Wed, Oct 21, 2020 at 1:42 PM Zsombor B: > >> >> I can' force the customer changing their DNS. >> >> Any postfix solution? >> [...] |
On 10/21/20 11:16 AM, Fred Morris wrote:
> If DNSSEC isn't required for the domain(s) in question (or at least postfix in this specific case) you might look at RPZ as a way of rewriting just a single record in the zone: https://www.dnsrpz.info/ You can also use a local validating recursive resolver (such as Unbound) and inject a fake record yourself. Postfix doesn't validate DNSSEC on its own. That said, I am not sure how to get Unbound to lie about the AD bit. Demi ![]() ![]() |
On 10/21/20 11:16 AM, Fred Morris wrote:
> If DNSSEC isn't required for the domain(s) in question (or at least > postfix in this specific case) you might look at RPZ as a way of > rewriting just a single record in the zone: https://www.dnsrpz.info/ Demi M. Obenour: > You can also use a local validating recursive resolver (such as > Unbound) and inject a fake record yourself. Postfix doesn't validate > DNSSEC on its own. That said, I am not sure how to get Unbound to > lie about the AD bit. Postfix "requests" DNSSEC validation only when the TLS security level involves DANE support, so lack of DNSSEC validation for a SPECIFIC name x not necessarily a problem. However, Postfix 3.6 and later will try to determine if DNSSEC is available (by default, querying the root zone NS record) and will log a warning if the response is not DNSSEC validated. http://www.postfix.org/postconf.5.html#dnssec_probe So as long as unbound etc. are transparent for most of DNS, some selective rewriting should be OK. Wietse |
Free forum by Nabble | Edit this page |